You are here: Burnside Park|Privacy


Privacy Statement of Burnside Park

1. Introduction

Thank you for visiting our website and for your interest in the Burnside Park Resort. We take the protection of your personal data seriously and act in accordance with the applicable legal provisions on data privacy and data security.

Under the European General Data Protection Regulation (GDPR), personal data refers to any information relating to an identified or identifiable natural person. Personal data refers to information assigned to you personally (hereinafter the “data subject”) and may convey something about you.

The Burnside Park Resort is operated by Hapimag Resorts & Residences (UK) Ltd., a subsidiary of Hapimag AG, Switzerland (hereinafter "Hapimag").

2. Legal basis for processing

The legal basis for processing personal data is deemed to be the Data Protection Act 2018 and Article 6 (1) GDPR, specifically

3. Collection and processing of personal data

We use the data you have given without your explicit consent solely for the necessary performance and processing of the services offered and on the basis of legitimate interests. On completion of the services, your data are excluded from further use and are deleted after the storage time limits have expired under tax and commercial law, provided you have not expressly given your consent for your data to be used further or there is no other legal justification.

The user is made clearly aware of the scope of any consent to be given upon registration for the respective service and that consent is recorded. The content of the consent given will be kept available for the user within the service. If you do not give your consent, we trust you will understand that you may not be able to take part in the respective service.

If you record personal data of other persons in connection with the use of our services, it is your
responsibility to ensure that these persons are aware of this process and have accepted how
Hapimag uses their information.

3.1 Visiting our website

You may visit the Burnside Park website without disclosing your identity. However, our web servers automatically save technical information of the device used for the visit, including the IP address, type of web browser, operating system, domain name of your internet service provider, date and duration of your visit to our internet pages and the website you came from to visit us. This information is evaluated anonymously for statistical purposes only.

These data are processed for the purpose of making navigation of the website easier (connection set-up), system security, technical administration of the network infrastructure as well as for optimising the internet offering, and as such on the basis of our legitimate interests under Article 6 (1) f GDPR and to protect users and prevent unauthorised use. We do not pass on these data to third parties or make any other kind of evaluation. We do not create a personal user profile.

3.2 Registration of a user account and use of your personal member area

A user account (login) is required for personalised services in the access-protected BPOC member area. To set up such an account, we need the following personal data from you: cottage number and week number or floating time reference, last name, first name and email address. The e-mail address is collected so that you can use the owners forum. These data are used solely for the administration/processing of your Burnside Park membership and for notifying you about new features and offers (newsletter).

The use of the member account is voluntary. We save the data submitted and use them to process transactions. We use the data you have given without your explicit consent solely for the necessary performance and processing of the services offered, i.e. for the purposes of performing our contractual obligations and services under Article 6 (1) b GDPR.

3.3 Contact by non-members through our website (contact form)

If there are any queries about Burnside Park or for a booking enquiry for a special offer, we need the following personal data as a one-off to get in touch with you: name, full postal address, telephone number and e-mail address. These data are not passed on to third parties or used for marketing purposes. For such enquiries, the personal data are processed for handling and administration under Article 6 (1) b GDPR.

The type of data we collect when the contact form is used can be seen on the contact form or it depends on your e-mail message. These data are saved and used solely for responding to your enquiry, for contacting you and for related technical administration work. After your enquiry has been processed, your data are deleted, provided you request this and there are no statutory storage obligations to prevent deletion.

3.4 Registration for our newsletter

Personal data are processed when you register for our newsletter. The data you give for this (e.g. name and e-mail address) are used by us for our own marketing purposes and for other electronic notifications with marketing information on our products, offers, actions and our company for our newsletter after you have expressly given us your consent to do so.

You can unsubscribe from the newsletter at any time using a link in the newsletter e-mail or by sending us a corresponding message telling us that you are withdrawing your consent. By unsubscribing, your e-mail address will be automatically deleted from our newsletter distribution list.

For newsletter distribution, we sometimes use features of Mailchimp’s online marketing platform, which is operated by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States (“Mailchimp”). For further information about the collection, processing and use of data by Mailchimp, please refer to the Mailchimp data protection guidelines at

4. Compliance with legal provisions or public interest (Article 6 (1) c, e GDPR)

Like everyone involved in the economic process, we are also subject to a wide range of legal obligations. The primary ones are statutory requirements (e.g. commercial and tax law), but sometimes provisions of supervisory and other authorities too. The fulfilment of control and reporting requirements under tax law as well as the archiving of data for the purposes of data protection and data security plus audits by tax and other authorities are actions deemed to be for the purposes of processing. Personal data may also have to be disclosed under judicial and official measures for the purposes of collecting evidence, law enforcement or implementing claims under civil law.

5. Use of cookies (cookie policy)

Cookies are used on various pages of our website. A cookie is a small text file that is transferred to your computer’s hard drive by a website. Under normal circumstances, cookies cannot transfer either viruses or malicious software onto your computer. We use cookies when you surf our web pages, make bookings, request or personalise information, or register for specific services. If you accept the cookies on our website, this does not give us access to your personal information, but we can use the cookies to identify your computer.

Hapimag uses browser cookies (hereinafter “cookie”) to make this website and other internet sites and applications operated by Hapimag (hereinafter “website”) easier to use and to obtain information that will indicate how to improve the information and services that can be accessed via the website. In this cookie policy, we will inform you about how cookies are used on the website.

When it comes to cookies, a distinction is generally made between “session cookies” and “persistent cookies”. Session cookies do not remain on your computer once you leave a website or close your browser. Using the information collected, we can analyse usage patterns and structures for our website. This allows us to optimise our website by improving the content or personalisation features and making it easier to use. Persistent cookies are cookies that remain on your computer. They are used to simplify shopping, personalisation and registration services. For example, they enable text that has been input once to be saved in form fields on the website so that you don’t have to enter this text again on your next visit to the website or when you switch between the website’s individual functions. They also mean you don’t have to input the password required to access your personal Hapimag user account more than once. Persistent cookies can be manually removed at any time.

We use four kinds of cookies on our website: “Strictly necessary cookies”, which are strictly necessary for the running of the website. “Functional cookies”, which are used to remember user preferences so that the website can be customised to them. “Performance cookies”, which collect and analyse anonymised data on statistics in order to improve our offering and our website for you. “Targeting or advertising cookies”, which create anonymised user profiles in order to display personalised content to you that is tailored to your respective interests.

We use cookies that are necessary for the purposes of a legitimate interest (Article 6 (1) f GDPR) to ensure full functionality of our website and enable user-friendly services. Cookies that are not necessary are only set if we have obtained your consent in this respect (Article 6 (1) a GDPR). You can give your consent using the cookie banner, which must be actively clicked on. You can also modify your settings again at any time or stop cookies from generally being able to access your computer by modifying your browser settings accordingly.

6. Web analysis services – data privacy at Google Analytics, Google Ads, Conversion Tracking and Google Remarketing

These are services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google uses cookies saved on your computer to analyse website usage. The cookies required for this purpose are only set with your consent, obtained via the cookie banner on our website. The legal basis for this is set out in Article 6 (1) a GDPR. The information generated by the cookie (including your IP address) is transferred to a Google server in the USA where it is stored. Google then abbreviates the IP address to the last three characters, which means the IP address can no longer be clearly assigned.

Google uses this collected information to evaluate your website activity, to compile reports on website activities for the website operators and to supply us with further services related to website usage and internet usage. If necessary, Google will also transmit this information to third parties if this is legally required or if third parties are processing these data on behalf of Google.

Third-party providers, including Google, display advertisements on websites on the internet. Third parties, including Google, use stored cookies in order to display advertisements based on a user’s previous visits to our website.

You can opt out of the use of cookies by Google by accessing the page for Opt out of Google Advertising. Alternatively, users may opt out of the use of cookies by third parties by accessing the Opt out page of the Network Advertising Initiative. You can also prevent the data related to your website activity (including your IP address) and data generated by the cookie from being recorded by Google and these data from being processed by Google. To do so, download and install the browser plug-in available at the following link:

However, we would like to point out that if you do so, you may not be able to use all functions of this website in full. By using this website, you agree to Google processing the data it has collected about you in the manner described above and for the aforementioned purpose. Consent for data collection and storage may be withdrawn at any time with effect for the future. You can find further information in Google’s terms and conditions here:

7. Online marketing networks

7.1 Use of Google Maps

This website uses Google Maps to display maps and generate route maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to Google, one of its representatives or third-party providers recording, processing and using automatically collected data or data you have given. For more information, please go to Terms of use of Google Maps and the opt-out procedure at: .

7.2 Use of Facebook Ads

We use communication tools of the social network Facebook, particularly the Custom Audiences and Website Custom Audiences product operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, with its parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). The cookies required for this purpose are only set with your consent, obtained via the cookie banner on our website. The legal basis for this is set out in Article 6 (1) a GDPR. In doing so, an irreversible and non-personal hash total is generated from your usage data that can be transmitted to Facebook for analysis and marketing purposes. The Facebook cookie is used for the Website Custom Audiences product. Please read Facebook’s data privacy guidelines for further information on the purpose and scope of data collection and further processing and use of data by Facebook as well as your privacy setting options, which can be found at If you would like to reject Facebook Website Custom Audiences, you can do so at tab=ads.

7.3 Use of SiteMinder channel manager

For bookings and queries via external booking platforms, our website uses techniques of the channel manager of SiteMinder Distribution Limited, Waterfront, Hammersmith Embankment, Manbre Road, London W6 9RH, United Kingdom (“SiteMinder”).

Your data are neither sold, leased or made available in any other way to third parties.  Please visit the website of SiteMinder Distribution Limited at for more information on the terms of use and information on data protection.

8. Third-party services – information on the use of Facebook, Twitter, YouTube and TripAdvisor

On the basis of our legitimate interests under Article 6 (1) f GDPR, we use the plug-ins listed below to analyse and optimise our offers.

Our website uses social plug-ins (“plug-ins”) of the social networks Facebook, Google+, the microblogging service Twitter as well as the services YouTube and TripAdvisor. These services are offered by the companies Facebook Inc., Google Inc., Twitter Inc., YouTube and TripAdvisor LLC (“providers”).

Facebook is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, with its parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).
Website:, privacy policy:, possibility of appeal:

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can find an overview of Twitter buttons and what they look like here:

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”). Website:, privacy policy:, possibility of appeal: Opt-Out-Plugin, Advertisement settings

TripAdvisor is operated by TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA (“TripAdvisor”). You can find further information on TripAdvisor here:

If you access one of our website pages containing a plug-in of this type, your browser establishes a direct connection to the servers of Facebook, Twitter, YouTube or TripAdvisor. The content of the plug-in is transferred from the respective provider directly to your browser, which incorporates it in the website. By incorporating the plug-in, the providers are notified that your browser has visited the corresponding page of our website, even if you do not have a profile or you are not even logged in. This information (including your IP address) is transmitted directly to the USA to a server of the respective provider and stored there.

If you are logged in to one of the services, the providers can directly assign your visit to our website to your profile on Facebook, Twitter, YouTube or TripAdvisor. If you interact with the plug-ins, for example if you press the “Like” or “Twitter” buttons, the corresponding information is also transferred directly to the server of one of the providers where it is stored there. The information is also published and shown to your contacts on the social networks on Facebook, Twitter, YouTube or TripAdvisor. Please consult the data privacy statements of those providers for the purpose and scope of data collection and for the further processing and use of data by the providers as well as your rights and privacy setting options:

Privacy statement of Facebook:
Privacy statement of Twitter:
Privacy statement of YouTube:
Privacy statement of TripAdvisor:

If you do not want Facebook, Twitter, YouTube or TripAdvisor to assign the data collected through our website to your profile in the respective service, you must log out of the relevant service before visiting our website. You can also fully prevent the loading of plug-ins with add-ons for your browser, e.g. with the script blocker “NoScript” (

9. Usage and disclosure of collected data to third parties

We use the personal data you have made available solely on an internal basis for the advised and agreed purposes:

As such, data may be forwarded to the following recipients:

If you use our services, we only collect the personal data we need to provide the requested services. Any additional data collection is made on a voluntary basis and solely to safeguard our own legitimate business interests.

We only process and use your data with your express consent, or if there is legal justification, for the purposes of advice, marketing and market research. You may withdraw your declaration of consent at any time. Your data are neither sold, leased nor made available in any other way to third parties. Any processors specifically remain reserved. The transmission of personal data to government institutions and authorities is carried out solely within the framework of compulsory national legal provisions.

10. Guaranteeing security in data processing

Hapimag uses dedicated technical and organisational measures in accordance with relevant legal provisions to protect your data, which we manage against unlawful or unintended manipulation, loss, destruction or access by unauthorised persons. Our security measures are being constantly improved in line with technological developments to guarantee the protection aims of confidentiality, integrity and availability of your data.

11. Time limits for deleting data

Your personal data are only saved for as long as the purpose for which they were collected and processed has been fulfilled. Statutory storage obligations and time limits remain reserved. After these time limits expire, personal data are routinely deleted and, if they are in paper form, destroyed according to data protection requirements and in observance of specific precautions.

12. Data transmission to other countries

Data may only be transmitted to other countries as part of contract fulfilment, necessary communication as well as due to other exceptions expressly provided for in the relevant data protection laws.

Currently there is an exchange of guest master data between resorts in Great Britain and the Hapimag headquarters in Steinhausen (Switzerland).

The exchange of data between the European Union and Switzerland is carried out in compliance with similarly high-level data protection laws in a data-compliant framework. The exchange of data within the European Union is carried out solely on the basis of the corresponding data protection guidelines of the European Union and/or applicable data protection laws of participating EU Member States. No data are transmitted to other countries, particularly those where data protection is deemed to be low, and there are currently no plans to do so.

13. Rights of data subjects

Under GDPR, the data subject has the following rights over how his or her personal data are handled:

There is also a right to lodge a complaint with a responsible data protection supervisory authority (Article 77 GDPR).

You may withdraw your consent for us to process your personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the effective date of the GDPR, i.e. before 25 May 2018. Please note that withdrawal is only effective for the future. Processing carried out prior to the withdrawal is not affected by this.

14. Right to object under Article 21 GDPR

14.1 Specific right to object

You have the right to enter an objection (for reasons based on your particular situation) at any time against the processing of personal data concerning you that is carried out on the basis of Article 6 (1) e GDPR (data processing in the public interest) and Article 6 (1) f GDPR (data processing on the basis of the balance of interests).
If you enter an objection, we will no longer process your personal data, unless we can prove compelling legitimate reasons to do so that override your interests, rights and freedoms or the processing is used for asserting, exercising or protecting legal claims.

14.2 Right to object to processing of data for the purposes of direct marketing

In specific cases, we process your personal data to carry out direct marketing. You have the right at any time to object to the processing of data related to you for the purposes of such marketing.

15. Changes to this privacy statement

We reserve the right to periodically amend or update this privacy statement. Users are asked to regularly inform themselves about the content of the privacy statement.

16. Controller and contact for data protection

Controller and owner of the data collection:
Hapimag Resorts & Residences (UK) Limited
Burnside Park, The Lodge
Kendal Road
Bowness-on-Windermere, Cumbria
LA23 3EW
United Kingdom

If you have any questions or queries, you may contact our Data Protection Coordinator as follows:
Tel: +44 (0) 15394 46624

Logo_Hapimagworld heritageOne_Step_Aheadvisit-england


This website uses cookies to make your experience better and would like your permission to use them: