• New regulations regarding data held by all organisations came into force on May 28th, 2018.
  • The GDPR placed greater emphasis on the documentation that data controllers must keep demonstrating their accountability
  • The sort of data which is used in Virley House Tourer Park includes:
  • Names, addresses and email addresses, telephone numbers and car registration details held for anyone on the site.
  • Booking details, email addresses, telephone numbers and registration numbers for casual visitors.
  • All records refer to both digital and paper records.
  • Virley House Country Park is expected to have and has anti-virus software to prevent hacking as a minimum. Current protection is through AVAST security.


  1. Virley House Country Park registered with Information Commissioner’s Office (ICO) on 28th April 2018
  2. An audit of data held has taken place revealing that the data held on visitors to the site was provided by visitors and is checked in February annually by individual visitors to be correct including:

Name, address, telephone numbers, email addresses and car registration numbers.

This information is not shared beyond Owners. Information is held digitally and hard copy; protected by anti-virus software.

The lawful basis by which this data is required is the ‘Licensing Arrangements for Caravan Sites’ 1960


  1. Internal policies have been reviewed and the Owners informed that policy is to protect the confidentiality and integrity of personal data held.

Individuals are aware of their right to complain to the ICO if they think there is a problem with the way their data is handled.

No third-party contracts that may lead to data sharing with others have been identified.

  1. Data Protection Officer (DPO) named as Margaret Reeve, partner of Virley House Country Park. In the absence of Margaret Reeve, the named officer is Gemma Reeve who took part in GDPR training in April 2018 and is fully aware of responsibilities of DPO


  1. Privacy notice included in ‘Useful Information’ for visitors and included in new contracts for 2018/19. Application forms for new pitches include this detail, too

Data to be stored for 2 years.

Contact details to be given in the case of medical emergency only to family members


  1. In the case of breaches of data, the DPO will notify the Data Protection Regulator (DPR) of breaches without “undue delay” and where feasible, within 72 hours.


Reviewed by M Reeve    March 2023

Next review:                      March 2024