Privacy Policy

Last updated: 15 January 2026

 

Who are we?

We recognise that it is important for you to understand how we use your personal information. Please take time to read through this Privacy Policy and our Cookies Policy, to ensure you are aware of how Forest Holidays obtains and uses your information and how we keep it safe.

We are Forest Holidays Limited, we are registered in England, with company number: 8159308 and our company address is One City Place, Chester, Cheshire, CH1 3BQ.

We are part of a wider Group of companies called Forge Holiday Group which includes Forge Holiday Group Ltd, Sykes Cottages Ltd and Bachcare and we share some services such as Technology, Product, Information Security, Legal, People & Culture, Finance and Marketing. We have Group information sharing agreements in place to govern this information sharing agreement.

Our contact details

If you have any questions about this privacy notice or with to contact us with any data protection queries or concerns, please contact us at [email protected]

Personal information that we collect from you 

We collect personal data when you:

  • Book a holiday with us.
  • Visit one of our Locations.
  • Book an activity at one of our Locations.
  • Visit our website or use our app.
  • Contact us by phone, email, live chat, social media, or other channels.
  • Enter competitions or respond to surveys. 

 We may collect: 

  • Your name, address, email, phone number, title, and country of residence, car registration and accessibility requirements you may have.
  • For some onsite activity bookings additional information like your weight or any accessibility requirements.
  • Details of other people in your travel party. If you’re the lead booker, please make sure they know you’ve shared their information with us and that it’s covered by this privacy notice.
  • Images captured by CCTV at our locations.
  • Social media identifiers if you interact with us online.
  • Information from public sources to help verify your identity.
  • Technical data like your IP address, browser type, device info, and location settings.
  • Marketing preferences, cookie consents, and how you use our website or app. 

If you book through a third-party site (like Booking.com), we receive your data from them. What we get depends on their privacy policy.

If you provide information about children, you’re responsible for getting the right consent from them or their parent/guardian.

Special category data  

While providing our services, we may occasionally collect special category data, particularly information about your health. This may include: 

  • Details about accessibility requirements for accommodation.
  • Health-related reasons for cancelling a booking.
  • Accessibility Information relevant to participation in on Location activities.
  • Food allergy or dietary information provided to our Retreats or when booking in cabin food delivery.

We will only collect and use this information: 

  • With your explicit consent, or
  • Where there is a lawful basis, such as protecting your vital interests, complying with public health obligations, or fulfilling our duty of care.

How do we use your personal information & legal basis  

Managing Your Booking

We use your data to:

  • Process and manage your holiday booking.
  • Support your stay, including check-in, check-out, and any changes to your reservation. 

Legal basis: Contract  

Ensure Secure and Fraud-Free Access

We use your data to:

  • We collect your car’s registration number to enable automated entry to the Location and help maintain Location security and you and your party’s security.
  • In some parks, you may be asked to present photo identification upon arrival. This is solely to verify that the booking details match the individual checking in, helping us prevent fraudulent bookings. We do not retain a copy of your ID.

Legal basis: legitimate interests to ensure secure access to our parks and prevent fraudulent bookings.

CCTV Monitoring

We use CCTV at our Forest locations to:

  • Help ensure the safety and security of guests, staff, and property.
  • Prevent and detect crime and anti-social behaviour. 

Legal basis:  Legitimate interests – in maintaining a safe environment and protecting our guests, colleagues, and assets. 

On-Site Activities & In-Cabin Services

We use your data to: 

  • Manage bookings for on-site activities, services and experiences.
  • Provide in-cabin entertainment and services.
  • Process purchases made at our Retreats or on location. 

Legal basis: Contract or legitimate interest in enhancing your guest experience. 

Customer Portal & Mobile App Access

We use your data to:

  • Create and manage your customer account.
  • Give you access to your bookings, feedback, and personalised offers via our website and app.
  • If you are the lead booker, allow you to share booking details with other guests in your party through our app.
  • If you are a guest who has been given access by the lead booker, enable you to view booking information and available on-site services.

Manage permissions and maintain secure access for everyone linked to the booking.

Legal basis: Contract or legitimate Interest in improving guest experience  

Customer Service and Complaints

We use your data to:

  • Respond to enquiries and complaints.
  • Verify facts using call recordings or chat transcripts.

Legal basis: Contract or legitimate interest in providing a high-quality, responsive service. 

Payments and Financial Management

We use your data to:

  • Manage payments, fees, and refunds.
  • Recover debts, which may involve third-party agencies. 

Legal basis: Contract 

Marketing and Promotions

We use your data to:

  • Send you marketing communications about future bookings, offers, and related products (like insurance).
  • Personalise advertising and promotional content.
  • Run competitions and loyalty schemes.

Legal basis:

  • Consent – for email, SMS, and calls.
  • Legitimate interests – for postal marketing and business-to-business promotions.

You can withdraw your consent or object to marketing at any time via unsubscribe links, your customer portal, or by completing our online form.

Membership Programme

We use your personal data to:

  • Manage your Membership Programme account.
  • Track and manage your bookings and discounts.

Legal basis: Contract

Business Acquisitions

If you were a customer of a business we’ve acquired, we may continue to process your data in line with that business’s privacy policy.

Legal basis: Legitimate interest in ensuring continuity of services and honouring existing customer relationships following a business acquisition.

Legal & Regulatory Compliance and Business Operations

We may process your data to:

  • Comply with UK legal and audit obligations.
  • Carry out audits, staff training, and internal reporting.
  • Prepare financial accounts and aggregated data for public disclosure.
  • Cooperate with regulators and public authorities (e.g. ICO, HMRC, CMA, police, local councils). 

Legal basis: Legal obligation

Security and Business Operations

We use your data to:

  • Maintain cybersecurity and protect our systems.

Legal basis: Legitimate interests in ensuring system security and integrity.

Data Analytics & Behaviour Analysis, Website & App Usage

We use data analytics to help us understand how customers interact with our services, improve our offerings, and make informed business decisions.

This includes:

  • Analysing how people use our website and app.
  • Using cookies and tracking technologies (with consent).
  • Aggregating booking and customer service data to identify trends.
  • Using our data warehouse to combine and analyse data from multiple sources (e.g. bookings, feedback, marketing responses, customer service interactions) to:
    • Improve customer experience
    • Forecast demand and plan resources
    • Personalise offers and communications
    • Monitor business performance and support strategic decisions

Legal basis: Legitimate interest in improving services and protecting systems or Consent where required for non-essential cookies.

User Experience and Market Research

We may invite you to take part in research or surveys to improve our services. We’ll provide more details at the time.

Legal basis: Legitimate interests in understanding customer needs and improving services.

Your rights

Right to access – You can ask to see the personal data we hold about you.

Right to rectification – You can ask us to correct inaccurate or incomplete personal data. 

Right to erasure – You can ask us to delete your personal data when it’s no longer needed or if you withdraw your consent.

Right to restrict processing – You can ask us to limit how we use your data in certain circumstances.

Right to data portability – You can ask to receive your data in a format you can use elsewhere or have it sent to another organisation.

Right to object – You can object to how we use your data, especially for marketing or profiling.

Right to withdraw consent – Where we rely on your consent, you can withdraw it at any time. 

You also have the right to complain to us if you’re unhappy with how we’ve handled your personal data. We’ll do our best to resolve your concerns quickly and fairly.

Exercising your rights

You can ask our customer services teams on the phone to exercise your rights, or email [email protected]

Please note that not all rights apply in every situation. Whether a right applies may depend on the lawful basis we’re using to process your data. For example, some rights may not apply where processing is based on a legal obligation or where data is needed to fulfil a contract.

Making a complaint

You always have the right to complain to the regulator and for customers in the UK this would be the Information Commissioner’s Office whose details can be found at www.ico.org.uk or if you are in the EU you can complain to the Irish Data Protection Commission whose details can be found at www.dataprotection.ie

Both organisations will expect you to have complained to us first and to have given us an opportunity to respond and will generally refer you back to us if you have not. We would also really appreciate the opportunity to try and resolve your complaint first because we would prefer to resolve matters amicably where we can.

How long we retain your personal information

 We keep most customer data for six years after the end of the financial year in which your last booking took place. This is to meet our legal, accounting, and insurance obligations, and to help us respond to any queries or complaints.

CCTV footage is generally retained for 28 days unless required for investigation or legal purposes.

In some cases, we may keep data for longer if required by law or if there is an ongoing dispute or debt.

Who we share your data with

Other Group companies - Other companies in the Forge Holiday Group may receive your personal data either when necessary for the provision of shared services.

IT service providers - Our technology is often hosted in the cloud, and we use several service providers our cloud hosting, CRM, and security software providers to support our websites and other technology stacks.

Professional advisors - We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information. The services they provide may be based outside the EEA.

Public authorities - This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.

Payment services providers - We use specialist companies to process payment card details.

Marketing partners - We use many service providers to assist in our marketing efforts.

Insurance providers and compliance partners - Where necessary for the purposes of your or our insurance needs we will disclose your details to insurers, brokers and partners and may need to disclose it to our compliance partner or any organisation (such as the FOS or the FCA) that you may later complain to. 

Third party booking platforms - These include but are not limited to Booking.com and similar companies. They may pass the information on to other advertising partners.

Purchasers or potential purchasers of our business - Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change of ownership happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

The Forestry Commission – Our Locations are all situated within Forestry Commission Forests, and your car registration may be shared with them where necessary to ensure access to the location. 

Activity Providers - If you book an on -location activity trough us and that activity is run by an external provider your activity booking information will be shared with the activity provider. A fill list of the external activity providers is available on request.

Cookies

For more information on our use of cookies, please see our Cookies Policy.

Transfers of your personal information to third countries.

One of the companies in our Group, Bachcare is based in New Zealand and so where Bachcare provide shared services on behalf of the Group, this may involve the transfer of data to New Zealand.

We use some trusted service providers located outside the UK or EEA.

For example:

  • Egypt – where we work with software development partners.
  • United States – where we use a range of technology and infrastructure providers.

Whenever we transfer your personal data internationally, we make sure it is protected in line with UK GDPR requirements. Depending on the country and provider, we use one or more of the following safeguards:

  • Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA) or Binding Corporate Rules (BCRs) PLUS Transfer Impact Assessments (TIAs) – to assess and manage any risks.
  • EU–US and UK–US Data Privacy Frameworks – for US-based partners who are certified under these schemes. 

We only transfer personal data where necessary for our services, and we ensure appropriate technical, contractual and legal safeguards are in place to protect your rights. 

If you want to know more about specific safeguards for your data in relation to international transfers, please contact our Data Protection Officer: [email protected]

Complaints

 You always have the right to complain to the regulator and for customers in the UK this would be the Information Commissioner’s Office whose details can be found at www.ico.org.uk.

The ICO will expect you to have complained to us first and to have given us an opportunity to respond and will generally refer you back to us if you have not. We would also really appreciate the opportunity to try and resolve your complaint first because we would prefer to resolve matters amicably where we can.

Contact us

If you have any questions, please feel free to contact us by email [email protected] Alternatively, you may call our team on 03330 110 495, Monday to Friday: 8:30am to 5.30pm.