This site uses cookies.

This site uses cookies for marketing, personalisation, and analysis purposes. You can opt out of this at any time or view our full privacy policy for more information.


We take your privacy seriously, and we take reasonable measures to look after your personal information. This privacy policy explains what personal data we collect when we interact with you, how we use it, who we share it with and how we store it. In short, it explains what we do to keep your personal data safe. This privacy policy applies to anyone who visits our website, who books with us or makes an enquiry with us.

We comply with the General Data Protection Regulations 2018. We will not sell or disclose any personal information to third parties (unless required or allowed to do so by law).

who are we?

The terms “we”, “us”, “our” and “Hillhouse Farm Escapes” means JM & JE Sutherland trading as Hillhouse Farm Escapes, including our partners, employees and contractors. Our address is Hillhouse Farm, Lauder, TD2 6RD. 

The Data Controller is JM & JE Sutherland T/A Hillhouse Farm Escapes, at the address above.

We are required to have a designated Data Controller Representative. This is Jo Sutherland, and she can be contacted by email on or by post at the address above.

what personal data do we collect?

We may collect, process, store and transfer the following information about guests:

We may collect, process, store and transfer the following information about visitors to our website:

how do we collect it?

We collect data in five different ways:

  1. Personal data and information is given to us by our guests through the website (e.g. when booking, enquiring or using our contact forms), by telephone/email/letter/in person, through social media including messaging apps and through feedback and review channels (direct, Google/Facebook etc).
  2. We also have website analytics tracking in place which means that we collect data on visitors to our website. This is aggregated data, and we cannot identify individual directly from it. We use Google Analytics to show us trends in visitor traffic on our website including browser type/version, time zone setting, location, and device used to access our website.
  3. Our website also uses cookies. You can change your browser settings (where possible) to block cookies, but otherwise our systems will issue cookies whenever you visit our website. The information collected is anonymous and we cannot identify you personally from it.
  4. Our payment provider, Holiday Rent Payment, collects payment information on our behalf. This includes credit/debit card details. We may add other payment providers over time including PayPal.
  5. Information you provide to third party sites where we advertise our properties. These include, but are not limited to, CoolStays, HostUnusual, Crabtree & Crabtree, Airbnb, Best Scottish Cottages, Love Glamping.

does anyone else collect personal data?

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

why do we need your personal data?

The main reason we need your personal data, is in order to fulfil our contact with you – e.g. if you have made a booking with us. We will generally need your data so that we can:

who do we share your data with?

Your identity and contact details will be made available us, our employees and contractors. This may, occasionally, include members of our housekeeping team.

Some personal information may need to be passed to third parties where you have requested additional services, for example catering companies requiring dietary information.

Data is shared with our booking software provider, Supercontrol, MailChimp who provide the platform for our mailing lists and Holiday Rent Payment who process debit/credit card payments.

In rare circumstances, we may need to provide information to relevant authorities if required to do so by law.

will we contact you for marketing purposes?

When booking with us, you will have the opportunity for your details to be added to our database to keep you updated on news and information that we think may be of interest to you. We will only send such updates occasionally. You can unsubscribe from these updates at any time. 

We usually send a feedback email after your booking.  Any feedback you provide in a feedback form, via public review sites (e.g. Facebook or Google) or via our social media platforms may be used by us in our marketing efforts. This may take the form of a review or testimonial.  We will refer to you only by your first name, unless agreed directly with you.

is my personal info stored securely?

We comply with GDPR legislation to ensure that your personal data is carefully and securely stored. This helps to minimise the risk of accidental or unlawful destruction, loss, change, or damage.  

Our website is secured by “https” technology. This is particularly important on the transactional areas of our website to ensure your personal data is not misappropriated.

Our booking system, SuperControl, is PCI compliant and protected by Secured Socket Layer encryption.

Payments are taken by our third party payments processor, Holiday Rent Payment. Card payments which you submit are handled securely by our payments processor.

Our general emails are handled by Google Workspace which has an excellent record of protecting users’ data from internal and external threats. The data is https encrypted within Google and also as it moves over the internet.

In some instances, we (or the third parties that we share your personal information with) may transfer your personal information outside the European Economic Area (“EEA”). We will take all reasonable steps to ensure that your personal information is treated securely and in accordance with applicable law and this privacy notice.

how long will you keep my personal info?

We will keep your personal data only for as long as is reasonably necessary for the purposes outlined in this privacy policy, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is the longer. After this point, we will securely destroy your personal data in accordance with applicable laws and regulations. We may anonymise your personal data so that it can no longer be associated with you i.e. so it is no longer personal data.

your rights

Your personal data is owned by you. As such, you have rights in numerous respects. This includes rights to:

In all cases, if you would like to make a change, please write to the Data Controller Representative at Hillhouse Farm Escapes.