Introduction
This is the privacy notice of the website https://greatbernera.org, which is owned and run by the Great Bernera Community Development Trust (GBCDT).
The use of “we”, “us” and “our” in this privacy notice refers to GBCDT. The use of “you” and “your” in this privacy notice refers to individuals providing personal data to us.
We take the security of your personal data very seriously and our privacy notice has been developed in accordance with the General Data Protection Regulation. The General Data Protection Regulation has been incorporated into law in the United Kingdom by the Data Protection Act 2018. It applies to the computerised, automated and manual personal data we collect and hold about you and how we use it. In this privacy notice it is hereinafter referred to as “UK GDPR”.
Our privacy notice also includes information about the use of Cookies on our website.
This privacy notice was updated on 12 February 2026.
Contents
- UK GDPR overview
- Our website
- Third Party Sign-up Forms
- Social media
- What personal data do we collect from you?
- When do we collect personal data from you?
- How do we use your personal data?
- What are the lawful bases for processing your personal data
- Where do we store your personal data and how long for?
- Do we share your personal data?
- Are there any age restrictions to supplying your personal data to us?
- Your individual rights
- Our contact details
1. UK GDPR overview
The purpose of the UK GDPR is to protect the privacy of individuals (data subjects – you) by preventing the misuse or unauthorised use of personal information (personal data) that is held by others (data controllers – us). This is achieved by regulating the use of personal data held by data controllers and by giving rights to data subjects.
The UK GDPR sets out 7 key principles – lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; security; and accountability.
In summary, personal data should be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- The controller shall be responsible for, and be able to demonstrate compliance with the above.
You can find out more about UK GDPR from the Information Commissioner’s Office.
For the purposes of this privacy notice GBCDT is the “data controller”.
2. Our website
Our website, https://greatbernera.org, is the primary source of information about Great Bernera. WordPress is our website content management system and has been used to create, manage and update our website.
COOKIES
A cookie is a small text file that is downloaded onto your computer when you access a website. It allows the website to recognise your device and store some information about your preferences or past actions.
Our website uses two types of cookies, session and persistent. A session cookie is only used for your current session on our website whereas a persistent cookie has a longer lifespan and is not automatically deleted when you close your browser.
- DYNSRV – This cookie is added by our load balancer to track which web server to send you to. Its purpose is to improve the performance of our website. Session cookie.
- wp-settings-1 – WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and the main site interface. Persistent cookie. Duration: 1 year.
- wp-settings-time-1 – WordPress sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and the main site interface. Persistent cookie. Duration: 1 year.
- wpfuuid – WordPress functional cookie which is required to help WordPress sites work. Persistent cookie. Duration: 10 years.
- pum-53760 – Functional cookie which is required to display urgent messages to our customers in a pop-up. Persistent cookie. Duration: 1 month.
You do not have to accept cookies and you can adjust your browser’s setting to prevent it from accepting cookies. This may prevent you from taking full advantage of our website.
CONTACT US
There is a contact us form on the Community Council page of our website. You are required to provide your personal data (your name and email address) before your comment is submitted. The personal data you provide is used to generate an email to the Community Council, who will respond to you from their email address. Your personal data is not stored on our website.
LINKS TO OTHER WEBSITES
Our website pages contain links to other websites that may be of potential interest to you. When you click on one of these links your web browser will leave our website and open a new one. At this point the privacy notice and use of cookies of the other website will apply. We advise you to read and agree to these before you use the other website.
3. Third party sign-up forms
OUR NEWSLETTER (BERNERA BULLETIN)
We use MailChimp for the Bernera Bulletin. If you click on the Subscribe button on this website a new window will open and you will be taken to the MailChimp website. At this point the privacy notice and use of cookies of MailChimp will apply. We advise you to read and agree to these before you sign up.
MEMBERSHIP FORMS
There are two links to membership forms on this website—one for the Bernera Community Association (BCA) and one for the GBCDT. We use Google Forms for this purpose. If you click on the buttons to join either the BCA or GBCDT a new window will open and you will be taken to a Google Form. At the bottom of this form is a link to Google’s Privacy Policy. We advise you to read and agree to this before you complete the form.
4. Social media
Our website includes a link to the Bernera Community Association (BCA) Facebook page. Should you wish to click on the link, we advise you to read and agree to Facebook’s privacy and cookies notice before you interact with this page. We do not share information contained in any direct messages to us on the social media sites we use.
5. What personal data do we collect from you?
The information that we collect and hold about you is called “personal data”. The personal data we collect and hold about you can include your name, address, telephone number and email address. It may also include your IP address.
6. When do we collect personal data from you?
We collect your personal data when you contact us by email or telephone, when you visit our website, and when you fill in a form on our website to contact us.
7. How do we use your personal data?
Your personal data may be used in the following processes: Pre-booking contact – Contact made by you to discuss making a booking. For example, checking the hostel is suitable for your requirements or about our availability. Contact and subsequent communication (up until a booking is made) made by email or telephone. The Contact Us form on our website may also be used. Bookings – You can make a booking to stay with us using our third party online booking system. You will be asked to provide payment information to confirm your booking. If you would prefer we can create the booking for you. Post-booking contact – Contact made by you or us to discuss a booking. For example, further information required, late arrival, lost property. Contact and subsequent information communication made by email, telephone, text or through our third party online booking system. The Contact Us form on our website may also be used. Guest reviews – After you have stayed at Saddle Mountain Hostel you will be invited to leave a review on our third party online booking system. The email address you gave us at the time of booking is used to request the review. The reviews are published on our third party online booking system. Guest registration – We are required by the Immigration (Hotel Records) Order 1972 to ask you to register for your stay at the hostel. We will do this through our third party online booking system or when you arrive. Route cards – You are able to leave information about your route (e.g. mountain or cycle), return time, vehicle registration and emergency contact details. This is done in the form of a paper sheet, manually filled in. Website analysis – When you visit our website we collect standard internet log information. This helps us to know how many people visit our website and which pages are visited. Booking analysis – We use standard reports in our third party online booking system that we use to help us understand our bookings and income. For example, we are able to analyse how many people stayed at the hostel and when and what our turnover is.
8. What are the lawful bases for processing your personal data?
When we process your personal data as described above we are using the following lawful bases: Consent – The individual has given clear consent for you to process their personal data for a specific purpose. Our processes – route cards. Contract – The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. Our processes – pre-booking contact, booking, post-booking contact. Legal obligation – The processing is necessary for you to comply with the law (not including contractual obligations). Our processes – guest registration. Legitimate interests – The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. Our processes – guest reviews, booking analysis, website analysis.
9. Where do we store your personal data and how long for?
The personal data we collect from you is stored electronically or in paper format depending on the process we are using it for. We take the security of your personal data very seriously. We have put in place appropriate procedures to prevent unauthorised access and misuse of your personal data and to effectively manage the retention of your personal data. Electronic personal data is stored in the third party online business systems we use to run our business. It is subject to the security procedures and technical and physical restrictions for accessing and using personal data on their servers. No personal data is stored on the computers we use. Paper records are kept securely in our private office. We will hold your personal data only for as long as is necessary and for the purpose for which it was collected. How long we hold it for is dependent on the purpose it is being used for but is in accordance with legal obligations.
10. Do we share your personal data?
In order to make a booking to stay with us we may share personal data we collect from you with our third party online booking system and our secure payment gateway provider. Only the personal data necessary to complete the transaction will be shared. We may share depersonalised data such as booking statistics and website analysis with reputable third parties and for other lawful purposes but the information will not include any personally identifying details. Under certain circumstances there may be a legal obligation for us to share your personal data in order to protect your vital interests or those of another person. We may also disclose your personal data where it is necessary for us to exercise or defend a legal claim. Other than this we will not disclose any of your personal data to any other third party without your consent.
11. Are there any age restrictions on supplying your personal data to us?
There is a minimum age to consenting to supply your personal data to us. You must be 16 or older to provide your personal data to our website or our third party online payment system.
12. Your individual rights
The UK GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Our privacy notice informs you about the collection and use of your personal data by GBCDT. Please contact us if you wish to know what personal data we hold about you and to exercise your individual rights.
13. Our contact details
To contact us please send an email to trustbernera@hotmail.com or web@greatbernera.org