Privacy Policy

We care about your privacy. This page explains what we collect, why we collect it, and the choices you have when you visit Heritageonthehill.

What we collect

We only collect what we need to run the site, respond to you, and improve what we do.

  1. Information you provide directly
  • Contact details (e.g., name, email) when you email us or fill in a form.
  • Content you send (e.g., questions, feedback, story submissions).
  • If we offer newsletters or subscriptions, your email and preferences (only with your consent).
  1. Information collected automatically
  • Technical data such as IP address, device and browser type, pages viewed, referring/exit pages, timestamps, and general location (city/region).
  • Basic server logs to keep the site secure and reliable.
  1. Cookies and similar technologies
  • We use essential cookies to make the site work.
  • We may use optional cookies (e.g., for performance/analytics) with your consent. You can manage these in your browser settings and, where implemented, via our cookie banner.

How we use your information

  • To reply to your messages and manage your requests.
  • To operate, secure, and maintain the website (including troubleshooting and preventing abuse).
  • To understand site performance and improve content (using aggregated and anonymised insights where possible).
  • To send updates you’ve asked for (and only until you opt out).
  • To comply with legal obligations.

Legal bases (UK GDPR)

We rely on:

  • Consent (e.g., optional analytics, newsletters).
  • Legitimate interests (e.g., site security, essential analytics, improving content), balanced against your rights.
  • Contract (if we agree to provide a service you requested).
  • Legal obligation (where the law requires us to keep or share certain information).

Sharing your information

We don’t sell your personal information. We may share data with:

  • Service providers that help us run the site (for example, hosting, email, or analytics). They can only use your data to provide their service to us and must protect it.
  • Authorities or third parties when required by law or to protect our rights and users.
  • Successors in the event of a reorganisation or transfer of our site (your rights will be respected in any such change).

International transfers

Some service providers may process data outside the UK/EEA. When that happens, we use recognised safeguards such as adequacy decisions, the UK International Data Transfer Agreement (IDTA), or Standard Contractual Clauses, and we assess risks where appropriate.

How long we keep data

We keep personal data only as long as needed for the purposes above, then delete or anonymise it. Typical retention periods:

  • Contact enquiries: up to 24 months after our last interaction.
  • Newsletter data: until you unsubscribe (plus a short period to process your request).
  • Server logs and security records: typically up to 12 months, unless needed longer for investigation.
    Legal, accounting, or compliance obligations may require longer retention in some cases.

Your choices and rights

Depending on where you live (including the UK/EEA), you can:

  • Access your personal data and get a copy.
  • Ask us to correct or delete it.
  • Restrict or object to certain processing, including processing based on legitimate interests.
  • Withdraw consent at any time (this won’t affect past processing).
  • Request data portability (where applicable).

Cookies

  • Essential cookies: needed for core site functions.
  • Analytics/performance cookies (if used): help us understand what’s working and what to improve.
    Control: You can refuse or delete cookies via your browser settings. If we use optional cookies, we’ll ask for consent via a banner or settings tool where available. Some features may not work without cookies.

Security

We use reasonable technical and organisational measures to protect your information (for example, HTTPS in transit, access controls, and least‑privilege practices). No website can guarantee 100% security, but we work to prevent unauthorised access, misuse, or loss.

Children

Our content is for a general audience. We don’t knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

Third‑party links and embedded content

We may link to other websites or embed content (e.g., maps, videos). Those services have their own privacy practices. Please review their policies before using them.

Changes to this policy

We may update this policy from time to time. We’ll change the “Last updated” date when we do. Continuing to use the site after changes means you accept the updated policy.

Contact us

If anything here feels unclear, drop us a line—we’re happy to help.