Privacy Policy for The Combe (www.thecombe.co.uk)
Last updated: 20 August 2025
Welcome to The Combe. We respect your privacy and are committed to protecting your personal data when you visit our website. This Policy explains how we collect, use, store, share, and protect your information in accordance with UK GDPR, PECR, and relevant guidelines.
Contact form submissions: name, email address, and phone number.
Optional: analytics & cookies (see Section 4).
Contact inquiries: to respond to your messages — legal basis: performance of a contract or legitimate interest.
Email newsletters: to send you updates, if you subscribe — legal basis: your explicit consent. You may withdraw this at any time.
We use CookieAdmin, a cookie management tool installed via Softaculous, to manage user consent for cookies in compliance with PECR and UK GDPR. The cookie banner appears on your first visit and allows you to accept or customise your preferences.
Strictly necessary cookies – Required for the operation of our website (e.g., contact forms, session management). These do not require prior consent but are disclosed.
Non-essential cookies – These include analytics, performance, and tracking cookies. These are disabled by default and only activated with your explicit consent.
A banner appears on first visit with the following or similar message:
“We use strictly necessary cookies to enable the core functionality of this site. We’d also like to use optional cookies to improve your experience. [Accept All] [Manage Preferences] [Reject Non-Essential Cookies]”
You can update your preferences at any time via the CookieAdmin settings panel available at the bottom of each page.
Your cookie choices may be stored locally to remember your preferences for future visits. Consent logs are also recorded for compliance purposes.
We share your data with:
Mailchimp: for managing newsletter subscriptions.
Zapier: for automation tasks (e.g., integrating form submissions).
Krystal Hosting (UK): for hosting services.
We maintain Data Processing Agreements (DPAs) with each of these providers. Under UK GDPR, processors must:
Act only on our written instructions.
Maintain appropriate technical and organisational security measures.
Notify us promptly of any data breach.
Not transfer your data outside the UK/EEA without appropriate safeguards.
Contact form submissions: Retained while needed, typically up to 6 years for tax/legal purposes — though we aim to delete or anonymise sooner when appropriate.
Newsletter subscribers: Retained until consent is withdrawn.
Cookie preference data: Retained as needed to remember your choices and manage consent records.
We and our processors implement robust technical and organisational measures, including access controls, encryption, monitoring, and breach response protocols, aligned with UK GDPR requirements.
You have the following rights under UK GDPR:
Access, correct, or request deletion of your data.
Object to or restrict processing.
Withdraw consent at any time (e.g., unsubscribe from newsletters).
Request transfer of your data (“data portability”).
Lodge a complaint with the ICO if unsatisfied with our processing.
To exercise your rights, please contact us at:
📧 Email: info@thecombe.co.uk
We strive to respond within one month, as required by law.
We may update this Policy, especially if we add new cookies, change processors, or alter data flows. The “Last updated” date at the top will reflect any such changes.