Legal
Privacy Policy
Last updated: April 2026
Last updated: April 2026
The York Manor (“we”, “us”) is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (GDPR).
When you make a booking or enquiry we collect: your name, email address, telephone number, postal address, dates of stay, number of guests, room preferences, payment details (handled securely by our payment processor), any special requirements or dietary needs you share with us, and any correspondence between us.
We use your data to: process and manage your booking, communicate with you before, during and after your stay, comply with legal obligations (e.g. guest registration, taxation), improve our services and facilities, and send marketing communications where you have given consent.
Our legal bases for processing your data are: performance of a contract (your booking), legitimate interest (improving our services, fraud prevention), legal obligation (guest registration, accounting), and consent (marketing communications).
We do not sell your personal data. We share data only with: our payment processor (to take payment), our booking system provider, and government authorities where legally required.
We retain booking data for 7 years for accounting and legal compliance. Marketing consent records are kept until you withdraw consent. Enquiry data is retained for 2 years.
Under GDPR you have the right to: access, rectify, erase, restrict processing of, and port your personal data. You may also object to processing and withdraw consent at any time. To exercise any right, email bookings@yorkmanor.co.uk.
For privacy-related queries, contact our Data Protection Lead at bookings@yorkmanor.co.uk.