Privacy Policy

Last Updated: Dec 13, 2025

1. Introduction

This Privacy Policy explains how Stonehenge Tours (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you visit our website at https://stonehengetours.org (the “Website”).

We are committed to protecting your privacy and ensuring transparency about how we handle your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data Controller and Contact Information

Data Controller:
Stonehenge Tours
Website: https://stonehengetours.org

Contact for Privacy Concerns:
Email: [email protected]

For any questions about this Privacy Policy or how we handle your personal data, please contact us at the email address above.

3. What Personal Data We Collect

We collect minimal personal information necessary to provide our services:

3.1 Contact Form Information

When you submit our contact form, we collect:

• Name
• Email address
• Phone number (if provided)
• Message content
• Any other information you choose to provide

3.2 Blog Comments (When Enabled)

If you leave a comment on our blog posts, we collect:

• Name and email address (as shown in the comment form)
• Comment content
• IP address and browser user agent string (for spam detection)
• An anonymized hash of your email address may be provided to the Gravatar service to display your profile picture (Gravatar Privacy Policy)

3.3 Automatically Collected Information

When you visit our Website, we automatically collect:

• Technical Data: IP address, browser type and version, operating system, device information
• Usage Data: Pages visited, time spent on pages, navigation paths, referring website
• Cookie Data: Information collected through cookies and similar technologies (see Section 5)

We do not collect payment information directly as we do not process transactions through the Website.

4. Legal Basis for Processing Your Data

We process your personal data based on the following legal grounds:

• Legitimate Interests: To respond to your inquiries, improve our Website, prevent spam and fraud, and maintain Website security
• Consent: For non-essential cookies, analytics tracking, and where we’ve specifically requested your permission
• Legal Obligations: To comply with applicable laws and regulations when required

5. Cookies and Tracking Technologies

5.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Website. We use cookies to enhance your browsing experience and understand how visitors use our Website.

5.2 Types of Cookies We Use

Essential Cookies: Required for the Website to function properly, including:

• Security cookies to prevent spam and fraudulent activity
• Session cookies for comment functionality

Analytics Cookies: Help us understand how visitors use our Website:

• Google Analytics: Tracks visitor behavior, page views, and usage patterns with IP anonymization enabled (Google Analytics Privacy Policy)

Functional Cookies: Remember your preferences:

• Comment form information (if you opt in to save your details)
• Language and display preferences

5.3 Cookie Consent and Management

When you first visit our Website, you will see a cookie banner requesting your consent for non-essential cookies. You can:

• Accept all cookies
• Reject non-essential cookies (only essential cookies will be used)
• Customize your preferences

Managing Your Cookie Preferences:

You can change your cookie settings at any time by:

1. Browser Settings: Configure your browser to block or delete cookies
   • Chrome: Settings > Privacy and Security > Cookies
   • Firefox: Settings > Privacy & Security > Cookies
   • Safari: Preferences > Privacy > Cookies
   • Edge: Settings > Cookies and site permissions
2. Opt-Out of Google Analytics: Install the Google Analytics Opt-out Browser Add-on
3. Cookie Preference Center: [Link to your cookie settings page, if you implement one]

Important: If you disable essential cookies, some features of our Website may not function properly.

6. How We Use Your Personal Data

We use your personal information for the following purposes:

• Respond to Inquiries: To answer questions submitted through our contact form
• Website Improvement: To analyze how visitors use our Website and improve user experience
• Spam Prevention: To protect against spam comments and fraudulent activity
• Security: To maintain Website security and prevent abuse
• Legal Compliance: To comply with legal obligations when required

We do not use your data for marketing purposes unless you specifically request to receive updates from us.

7. How We Share Your Data

We may share your personal data with the following third parties:

7.1 Service Providers

• Google Analytics: For Website usage analysis (Google Privacy Policy)
• Web Hosting Provider: To store data and maintain Website infrastructure
• Gravatar/Automattic: For displaying profile pictures in comments (Gravatar Privacy Policy)
• Spam Detection Services: Automated services that check comments for spam

7.2 Legal Requirements

We may disclose your information if required by law, court order, or legal process, or to protect our rights, safety, or property.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom and European Economic Area (EEA), particularly the United States, where our analytics and hosting service providers are located.

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Privacy Shield Framework or equivalent protections where applicable
• Encryption and security measures to protect data in transit and at rest

These safeguards ensure your data receives an equivalent level of protection as required by UK and EU law.

9. How Long We Retain Your Data

We retain your personal data only as long as necessary:

• Contact Form Submissions: Retained for up to 2 years or until resolved, then deleted
• Blog Comments: Retained indefinitely to maintain conversation continuity (can be deleted upon request)
• Comment Metadata: Retained indefinitely for spam prevention (can be deleted upon request)
• Analytics Data: Google Analytics retains data for 26 months by default
• Server Logs: Typically retained for 3-6 months for security purposes
• Cookies: Retention periods vary (see cookie details below):
  • Session cookies: Deleted when you close your browser
  • Analytics cookies: Up to 2 years
  • Functional cookies: Up to 1 year

After the retention period expires, we securely delete or anonymize your personal data.

10. Your Data Protection Rights

Under GDPR and UK data protection law, you have the following rights:

10.1 Right of Access

You can request a copy of the personal data we hold about you.

10.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. If you have a user account, you can also edit your information directly.

10.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data. This includes:

• Requesting removal of your comments and associated data
• Deletion of contact form submissions
• Removal from any lists or databases we maintain

This does not include data we are obliged to keep for legal, administrative, or security purposes.

10.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

10.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format (such as CSV or JSON) to transfer to another service.

10.6 Right to Object

You can object to:

• Processing based on legitimate interests
• Use of your data for analytics purposes
• Processing for research or statistical purposes

10.7 Right to Withdraw Consent

Where we process your data based on your consent (such as for analytics cookies), you can withdraw that consent at any time by:

• Changing your cookie preferences
• Contacting us directly

Withdrawing consent does not affect the lawfulness of processing before withdrawal.

10.8 Right to Lodge a Complaint

If you believe we have not handled your data properly, you have the right to lodge a complaint with a supervisory authority:

UK: Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113
Email: [email protected]

EU: Your local Data Protection Authority (find yours at https://edpb.europa.eu/about-edpb/board/members_en)

10.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:
Email: [email protected]

Please include:

• Your name and the email address you used on our Website
• A clear description of your request
• Any relevant details to help us locate your information

We will respond to your request within one month. For complex requests, we may extend this by up to two additional months and will notify you of any delay.

11. Opt-Out Options

11.1 Analytics Tracking

You can opt out of Google Analytics tracking by:

• Installing the Google Analytics Opt-out Browser Add-on
• Rejecting analytics cookies through our cookie banner
• Blocking cookies in your browser settings

11.2 Cookies

You can manage or disable cookies at any time through:

• Our cookie consent banner (when you first visit the site)
• Your browser settings (see Section 5.3)
• Third-party opt-out tools

11.3 Comments

To stop your data from being collected through comments:

• Simply don’t leave comments on our blog posts
• Contact us to request removal of previous comments

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS Encryption: All data transmitted between your browser and our Website is encrypted
• Secure Hosting: Data stored on secure, professionally managed servers
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Updates: Website software and security patches kept up to date
• Spam Filters: Automated systems to prevent malicious submissions

However, no method of transmission over the internet is 100% secure. While we take reasonable precautions to protect your data, we cannot guarantee absolute security.

13. Children’s Privacy

Our Website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it promptly.

14. Third-Party Links and Embedded Content

Our Website may contain:

• Links to third-party websites
• Embedded content (e.g., YouTube videos, Google Maps, social media posts)

These third parties may collect data about you and use cookies according to their own privacy policies. When you interact with embedded content, it’s as if you’ve visited that third-party website directly.

We are not responsible for the privacy practices of third-party websites. We recommend reviewing their privacy policies before providing any information.

Key Third-Party Services We Use:

• Google Analytics: Privacy Policy
• Gravatar/Automattic: Privacy Policy

15. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. The only automated processing we use is:

• Spam detection for comments (to protect against abuse)
• Basic analytics aggregation (to understand Website usage trends)

These do not involve decisions that legally or significantly affect you.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Website functionality. When we make changes, we will:

• Update the “Last Updated” date at the top of this policy
• For significant changes, display a prominent notice on our Website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Website after changes have been posted constitutes your acceptance of the updated policy.

17. Your Consent

By using our Website, you consent to this Privacy Policy and our collection and use of information as described herein.

If you do not agree with this policy, please do not use our Website or submit any personal information to us.

18. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Stonehenge Tours
Website: https://stonehengetours.org
Email: [email protected]

We aim to respond to all inquiries within 5 business days.