Cookies & Privacy

Your privacy is important to us. All data collected through the use of our website site is intended to be used as a means to better serve our current and future customers.

1. Core principles

  • We consider user privacy and data protection to be vitally important.
  • We adhere to the principles of “privacy-by-design”.
  • We will only collect and process data when necessary
  • We will never sell, rent or otherwise distribute or make public your personal information
  • Our website is not intended for use by children and we do not knowingly collect any data relating to children.

2. Who We are

Eastside Cottages is responsible for the data outlined in the privacy notice. As such, we are considered the “controller” of this data. Our contact details are:

Eastside Cottages, Eastside Farm, Penicuik, Midlothian, EH26 9LW.

3. Relevant Legislation

Along with Eastside Cottages’ business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are visiting this website from outside of the EU, please check your own country of residence's specific data protection and user privacy legislation before proceeding to view our website.

4. Personal Data That We Collect

Personal data is any data about an individual by which that person can be identified. In conducting business with you, it will be necessary for us to collect the following data:

  • Identity Data - including your first and last name.
  • Contact Data - including your address, email address and telephone numbers.
  • Financial Data - if you opt to pay us by debit or credit card, it may be necessary for us to collect payment details from you. This data will not be retained in any form.
  • Transaction Data - including details about payments between you and us.

5. Other Data That We May Collect

Website Analytics

Our site uses Google Analytics (GA) to collect data about user interaction. GA logs data such as rough geographical location, device, internet browser, pages visited on our website and for how long. None of this information personally identifies you to us.

GA also records your computer’s IP address. In some circumstances, if combined with other data, an IP addresses could be used to personally identify you. However, we are not able to use this data to identify you. As an additional precaution, we implement IP anonymisation through GA meaning that we are not able to access IP address data.

We also use Clicky Analytics within our website. This gathers similar, non-personally identifying data to GA.

We use Cloudflare within our website for security, performance and analytic purposes. Cloudflare and other firewall software used in the service of the website may log your IP address for security purposes. This information is not used to personally identify you.

We consider Google, Clicky and Cloudflare to be third party data processors (see section 8 below).

6. How We Collect Data

Website contact form

You may submit an enquiry via our contact form. Identity and contact data entered, along with your enquiry details and the time and date that the form is submitted will be sent to info@eastsidecottages.

To ensure contact form data is transmitted to us both reliably and securely, we use a 3rd party transactional email service: Postmark App. We consider Postmark App to be a third party data processor (see section below).

Telephone / Verbal

You may choose to make an enquiry or provide personal data by telephone or in person.


We use technologies, such as cookies, to provide social media features, and to analyse traffic to the website and to provide targeted marketing. The following 3rd party services are in use on our website. They use Cookies and other technologies to collect and provide data and services.

Further information about these cookies, and how these 3rd party data services process data for us can be found in section 6 below.

Disabling cookies via the preferences on your web browser will prevent the tracking of your visit to our website. You can also delete any cookies that are stored on your computer. Be aware however that some function within the website rely on cookies to operate correctly.

If would like to opt-out of your data being used for ad-targeting, you may find the following tool useful: To find out more about cookies in general, and how to manage and delete them, visit

If you do not wish to accept cookies from our website, please leave this site immediately and delete and block all cookies from this site. Your continued usage of this website will be taken as consent that you accept our usage of cookies.

7. How we use your data

Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of Contract. This means processing your data where it is necessary for us to fulfil a contract with you or to take steps at your request before entering into such a contract. An example of this would be in replying to to a request for accommodation availability.
  • Legitimate Interest. This means the interest of our business in conducting and managing our business to provide the best and most secure service possible. We consider and balance any potential impact on you (positive and negative) and your rights before we process your personal data for legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Comply with a legal or regulatory obligation. This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
  • Targeted marketing through social media. This means processing contact, identity and website “event” data using Facebook Pixel technology to create targeted audiences for marketing purpose.

Below is a description of the ways we plan to use your personal data, with the legal basis we rely on to do so. We may process your personal data on more than one legal basis depending on specific circumstances.

Purpose / Activity: To reply to requests for accommodation availability or information

Type of data: Identity / Contact

Lawful basis for processing including basis of legitimate interest: Performance of an existing or potential contract with you

Purpose / Activity: To manage payments / Collect & recover money owed to us

Type of data: Identity / Contact / Transaction / Financial

Lawful basis for processing including basis of legitimate interest: Performance of a contract with you / Necessary for our legitimate interests (eg. to recover debt)

Purpose / Activity: To manage our relationship with you

Type of data: Identity / Contact

Lawful basis for processing including basis of legitimate interest: Performance of Contract / Necessary to comply with a legal obligation

Purpose / Activity: Targeted marketing through social media

Type of data: Identity / Contact / Website Event

Lawful basis for processing including basis of legitimate interest: Consent has been given for the specific purpose of targeted marketing through social media.

Other Data / Website Analytics

We use the information we gather with Google Analytics, Clicky, Cloudflare and Facebook to improve our services, website and security, and to gain insight into the viability or success of advertising campaigns. For these purposes, we may examine trends, track users’ movements around the website and gather demographic information about our user base for the purpose of analytics.

8. Who we share data with

We may have to share your personal data with Professional advisers including lawyers, bankers, auditors and insurers who provide banking, legal, insurance and accounting services

HM Revenue & Customs, regulators and other based in the United Kingdom who require reporting of processing activities in certain circumstances.

We require all 3rd parties to respect the security of personal data and treat it in accordance with the law.

3rd Party Processors

We share data with several 3rd parties for the purposes of processing data (in some instances personal data) on our behalf. These 3rd parties have been carefully chosen and comply with the legislation set out in section 3. Among these 3rd party providers are social media and analytics service providers. If you do not consent to your data being shared with these data processors, please do not use our website.


We instruct Facebook to process website “event data” such as page views and duration using Facebook Pixel. We also instruct Facebook to process contact and identify data gathered using our website contact form using Facebook Pixel.

The following is excerpted from our agreement to instruct Facebook in the use of data and is provided for your information. The full version may be seen here: Facebook Terms

  1. Use of Customer Data
    1. We will use Customer Data for the following purposes depending on which Facebook Company Products you choose to use:
      1. Contact information for matching
        • You instruct us to process the Contact Information solely to match the Contact Information against Facebook's or Instagram's user IDs ("Matched User IDs"), as well as to combine those user IDs with corresponding Event Data. We will delete Contact Information following the match process.
      2. Event Data for measurement and analytics services
        • You instruct us to process Event Data (a) to prepare reports on your behalf on the impact of your advertising campaigns and other online content ("Campaign Reports") and (b) to generate analytics and insights about your customers and their use of your apps, websites, products and services ("Analytics").
        • We grant to you a non-exclusive and non-transferable licence to use the Campaign Reports and Analytics for your internal business purposes only and solely on an aggregated and anonymous basis for measurement purposes. You will not disclose the Campaign Reports or Analytics, or any portion thereof, to any third party, unless otherwise agreed to in writing by us. We will not disclose the Campaign Reports or Analytics, or any portion thereof, to any third party without your permission, unless (i) they have been combined with Campaigns Reports and Analytics from numerous other third parties and (ii) your identifying information is removed from the combined Campaign Reports and Analytics.
      3. Event Data to create targetable audiences
        • We may process the Event Data to create audiences (including website Custom Audiences, mobile app Custom Audiences and Offline Custom Audiences) that are grouped together by common Event Data, which you may use to target ad campaigns. In our sole discretion, we may also allow you to share these audiences with other advertisers.
      4. Event Data to deliver commercial and transactional messages
        • We may use the Matched User IDs and associated Event Data to help you to reach people with transactional and other commercial messages on Messenger and other Facebook Company Products.
      5. Event Data to personalise features and content and to improve and secure the Facebook products
        • We use Event Data to personalise the features and content (including ads and recommendations) that we show people on and off our Facebook Company Products. In connection with ad targeting and delivery optimisation, we will: (i) use your Event Data for delivery optimisation only after aggregating such Event Data with other data collected from other advertisers or otherwise collected on Facebook Products; and (ii) not allow other advertisers or third parties to target advertising solely on the basis of your Event Data.
        • We may also use Event Data to promote safety and security on and off the Facebook Company Products, for research and development purposes and to maintain the integrity of and to improve the Facebook Company Products.

9. Data storage

Website & Email

No personal data is stored or displayed by this website.

Data provided to us for the purposes making an enquiry, either via email or website contact form, are stored as emails within a secure IMAP email account provided by a GDPR compliant third party. Emails are then securely synced to our internal computer systems. This data is password protected and TLS encryption is used in its transfer.

Physical Data Storage

If paper copies of personal data or communications containing personal data are made, they will be kept in secure filing systems.

3rd Party Processor Data Storage

Where data is stored by 3rd party data processors, it is done so on our understanding that storage is secure and compliant with all relevant legislation. This is an important consideration for us when selecting 3rd Party data processor partners.

10. Data Security

We use appropriate security measures to prevent personal data from being lost, used or accessed in an unauthorised way.

We limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Data Retention

We only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the nature, and sensitivity of the data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we gathered the personal data and any applicable legal requirements.

12. Your legal rights

Unless subject to an exemption under the data protection laws, you have rights with respect to your personal data. You may find out more about these rights and how to exercise them here:

If you do wish to exercise any of your legal rights, please contact us.

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. Changes to our Privacy Policy

This privacy policy may change in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for changes.

Beautiful Stays Host Unusual Sawdays Cool Cottages Hidden Scotland