Privacy Policy

Who we are

Our website address is:

The Garden Flat Dunbar aka @templelands is operated as holiday accommodation by Ruth Alder and Philip Immirzi. Our address is 2 Templelands, 29 High Street, Dunbar East Lothian, EH42 1EN. Our business telephone number is +44 (0)7789641757. – the website – is hosted by Projects Point : who process data on our behalf.

Projects Point is wholly owned and operated by Get the Point Ltd, which is registered with the UK’s data protection body: ICO. Philip Immirzi is also a Director of Get the Point Ltd, so there is a good degree of agreement on the overall principle of privacy and the policy reflects just that.

What personal data we collect and why we collect it


We don’t use the comments facility on our website currently, but may do in the future.


We only host our own media and images, never that of our guests or website visitors, though we cannot control media, content or comments that others may post on other platforms, which may contain their personally identifiable information.

Social media

We publish very occasionally and quirky local images on Instagram and Twitter, furthermore we host some images with Google Photos and even less with Flickr. We do not use these platforms to advertise, keep in touch or make new or refresh friends, so don’t be offended if we ignore or block you – these companies do share your information with their advertisers, so don’t be surprised if they find out where you live and more.

If you contacted Philip or Ruth by telephone, you may well have been added to our Whatsapp, if you have an account, unbeknowst to you. If you would like to be deleted from Whatsapp, you can delete our phone number and your contact should disappear. If you would like your phone number removed from either of our phones, please contact us.

We do not use facebook for business.

Advertising & Newsletters

We currently advertise through Homeaway, now VRBO, Airbnb and Tripadvisor. These platforms are global and operate complex partnerships and affiliate relationships with third parties. All these companies will collect personally identifiable data, some of which is shared with us, this may include a profile picture, name and home location, a telephone number. It will also include all our conversations carried out through the platform, which we will have a copy of, which includes enquiries, even though you may have received an automatic reply, if the property was not available. We will be able to see reviews you have left and reviews that others have left about you. We are only responsible for the content that we create on these platforms, which we happy to correct if it contains errors or omissions. If you are concerned about the personal information these platforms may hold about you do contact them directly. We have been holiday letting for around 10 years, so each of the platforms will hold information on hundreds of engagements, which although archived may well get used to profile you. Once you have booked, we will normally continue any conversation by email, which is what we recommend you do – otherwise the conversation is effectively not private.

We don’t operate a newsletter, as no body reads any more.

Contact and booking forms

We use a contact form and a booking form. The form data will be stored transiently on website, until such time as we delete the information. We store information about general enquiries and bookings for up to 5 years before reviewing and deleting, mainly for repeat booking purposes. We also keep a comprehensive record of communications and bookings in our email database (a consumer gmail account) for the requisite 5 full tax years (i.e. roughly 6 years).

Contact and booking forms are filtered for spam detection purposes.

The forms contain personally identifiable information such as an email address, name and surname, phone number and address, as well the contents of the request form along with the IP address, though for many users this will be generic.

We all also keep a record of the email communications between the website and our email account, for security purposes.


Cookies are used for our analytics tools and you can request to follow us on instagram but we’re not that active and mistrust facecrook’s business model – you have been warned. Cookies are mainly used for logged in session management and management account holders. No personally identifiable information is collected.

Embedded content from other websites

If we include embedded content (e.g. videos, images, articles, etc.) from other websites, note that it is as if you were visiting the website hosting the content.

These websites may well collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are still logged in to that website. We try to avoid using social media tracking tools that follow you around the internet to serve you with better quality adverts.


Who we share your data with

We use Google Analytics and to gather statistics, which are depersonalised / anonymised.

Only the website administrator can see that information.

How long we retain your data

Projects Point has set the retention policy for analytics to 38 months, see above for retention of contact and booking forms.

What rights you have over your data

If you had an account on this site, or left comments, you coulalways d request to receive an exported file of the personal data we hold about you, indeed all or any data you have provided to us. You can also request that we erase any personal data we hold about you, provided we are not contractually obliged to hold it for tax purposes.

We are obliged to keep for some data for administrative (e.g. bookings), legal / tax, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service, Akismet, which is operated by the good folks at (An Automattic Co.)

Your contact information

Contact [email protected]

Additional information

How we protect your data & Information management

Like many small businesses, we use secure gmail for email communications, which is linked to our network of computers and to phone apps (see also what we have said about Whatsapp). We use 2-factor authentication to login to business accounts.

We use a variety of cloud based storage solutions, including dropbox, Google Drive and Bt Cloud and take the utmost care to protect these devices from misuse or abuse, to always share business documents between such devices responsibly and discriminately and understand the consequences of sharing carelessly.

We do not use facebook or twitter to login to any other accounts, but our instagram automatically posts to, but as we have indicated we do not share any customer information via these platforms.

Projects Point runs our websites and encourages  website owners to use unique passwords, and encourage them to employ 2 factor authentication with associated services e.g., google etc.

Our websites are secured by SSL security certificates issued by LetsEncrypt.

Our servers are run on a cloud platform in the United Kingdom, by a very professional and dedicated tech company called Bytemark with data centres in Manchester and York.

The operating system processes keep an eye on most things, including connections and will blacklist suspicious traffic.

We monitor system performance (such as memory usage, incoming and outgoing connections and CPU, which can alert us within minutes of abnormalities. We avail ourselves of the free services of Pingdom and TrueSight.

We use a number of tools to keep our sites protected from hackers, that automatically throttle or ban bad IP addresses, bots testing our security and fraudulent attempts to login.

We also restrict outgoing connections to trusted sites, using a firewall, which can be helpful in the event of one our sites being compromised.

We keep all our plugins up to date, and at intervals run software audits to identify known problems.

We employ trusted software that is actively developed and supported in the Open Source community.

We operate a triple backup regime, whereby a snapshot of the server is taken daily. This retained for 4 days. We also take daily and weekly snapshots of the files and databases, with data retained over a period 10 weeks. Finally we run an incremental backup daily, which is auto pruned over a period of around 3-4 months.

What data breach procedures we have in place

We assess the risk of the incident, as soon as it comes to our attention, and put in place a plan to first protect user data, which in extremis may mean suspending the public facing website.

Having established the risk (likelihood of harm X magnitude of impact), we will endeavour to fix the immediate problem, via an update, patch, removal of offending code, suspending the compromised function all the while assessing the impact on user’s personal data.

If a personal data breach should occur, we would first discuss plans before informing customers of the breach. We might need to share salient details of the breach with the software community, but not the personal data itself.

We would assess the need to share details of the breach with the relevant authorities.

What third parties we receive data from

See Analytics section above.

What automated decision making and/or profiling we do with user data

Decisions about bookings are done by real people. 🙂

We use a variety of spam protection tools, which will automatically place certain types of messages in the junk folder. We wish these worked better, as we occasionally miss an important communication and get more spam than we can digest.

Industry regulatory disclosure requirements

We are not in a regulated industry, yet, but we are were a Registered Landlord in Scotland for 13 years, even though we did not let for any other purposes than short holidays. East Lothian council corrected their mistake and we are no longer registered.

We comply fully with UK Tax regulations and make a declaration of income and expenditure as required annually. Our lovely hosts: have an ICO registration through the operating company Get the Point Ltd. We rely heavily on them to keep everything straight.

Amended on Monday 28th July 2021