Privacy Policy
Last updated: 6 January 2026
1. Introduction
VIP Windsor Castle Tour (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit vipwindsorcastletour.com, make an enquiry, or book a tour with us.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who We Are
Business name: VIP Windsor Castle Tour
Website: https://vipwindsorcastletour.com
Email: office@vipwindsorcastletour.com
Location: United Kingdom
We are the data controller responsible for your personal data.
3. What Personal Data We Collect
a) Information you provide directly
When you contact us or book a tour, we may collect:
-
Full name
-
Email address
-
Telephone number
-
Billing details
-
Tour date, number of guests, and special requirements
-
Any message or enquiry you send to us
b) Payment information
Payments are processed securely via Square.
We do not store or have access to your full card details.
c) Technical and usage data
When you use our website, we may collect:
-
IP address
-
Browser type and version
-
Device type
-
Pages visited and time spent on pages
This data is collected via cookies and analytics tools.
4. How We Use Your Personal Data
We use your personal data to:
-
Respond to enquiries
-
Process and manage tour bookings
-
Take and manage payments
-
Communicate important information about your tour
-
Improve our website and services
-
Meet legal, tax, and accounting obligations
5. Lawful Basis for Processing
We process your data under the following lawful bases:
-
Contract – to provide the tour services you book
-
Legitimate interests – to respond to enquiries and improve our services
-
Legal obligation – for financial and tax record-keeping
-
Consent – for cookies and analytics where required
6. Payments
All payments are processed through Square, a secure third-party payment provider.
Square processes payment information in accordance with its own privacy policy and security standards. We only receive confirmation of payment and relevant booking details.
7. Cookies and Analytics
We use cookies to improve your experience and understand how visitors use our website.
Google Analytics
We are in the process of setting up Google Analytics, which helps us analyse:
-
How visitors find our site
-
Which pages are visited
-
How long visitors stay on the site
Google Analytics uses cookies and may process anonymised IP addresses. This information is used solely to improve website performance and user experience.
You can control or disable cookies via your browser settings.
8. How We Store and Protect Your Data
We take appropriate security measures to protect your personal data, including:
-
Secure website hosting
-
Encrypted payment processing
-
Password-protected systems
-
Limited access to personal information
We only retain personal data for as long as necessary to fulfil the purpose it was collected for, including legal and accounting requirements.
9. Sharing Your Data
We do not sell your personal data.
We may share limited information with:
-
Payment processors (Square)
-
Professional advisers (e.g. accountant)
-
Legal or regulatory authorities if required by law
All third parties are required to protect your data.
10. Your Data Protection Rights
Under UK GDPR, you have the right to:
-
Access your personal data
-
Request correction of inaccurate data
-
Request deletion of your data
-
Object to processing
-
Request data portability
-
Withdraw consent where applicable
To exercise any of these rights, please contact us at:
Email: mailtooffice@vipwindsorcastletour.com
11. Complaints
If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
We would appreciate the chance to resolve your concerns first.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.
Next sensible steps (recommended)
If you want to be fully buttoned-up and conversion-safe:
-
✅ Add a Cookie Consent banner (especially once Google Analytics is live)
-
📄 Create a short Cookie Policy (I can write this in 5 minutes)
-
🔍 Make sure your contact forms mention “By submitting this form…”
-
🧾 Add links in your footer: Privacy Policy | Cookies
If you’d like, I can:
-
Write the Cookie Policy to match this exactly
-
Recommend a simple WordPress cookie banner plugin
-
Check Square + Analytics wording for compliance without overkill
Just say the word.
Who we are
Our website address is: http://vipwindsorcastletour.com.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Cookies
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.