Skip to main content

Privacy Policy

Katie Robins, the website and your Privacy

This privacy policy sets out the terms of how Katie Robins (“the Company, my, me, I“) will use any personal information or data that you (“you”, “yours”) give to me or I collect from you. Personal information means any information about you from which you could be identified such as your name, address, telephone number or e-mail address. Whenever you provide me with personal information I will use it as per these terms.

Who am I?

This website is run by Katie Robins, owner of Tomhara, whose offices are located at: 39 Ennerdale Road, Kew, Richmond, Surrey, TW9 3PE, United Kingdom.

You may contact me via email at or call on 07770 847368.

How do I collect information

As you use the website you will come across certain activities and services for which I request personal information. These activities and services are outlined and explained below. I will not use your personal information for any purpose other than as stated in this Privacy Policy document:

  • Bookings
    To book a self catering holiday, I collect the following personal information: your name, address, e-mail address, contact telephone number and guest information.
  • Administrative Matters
    If you have booked a self catering holiday direct with me, or with an authorised holiday booking agent, I will use your personal information to process and fulfil your booking request. I will also use this information if there is a problem of some kind. I will send you an e-mail notifying you what is happening and asking what you would like me to do about it.
  • Enquiries and correspondence
    I collect your personal information when you give it to me, for example when you give it to me by submitting an enquiry by telephone, e-mail or through my online contact form [click here].

I also collect your personal information when you give it to me, for example when you enquiry by telephone, e-mail or through my online contact form [click here].

How do I use your personal information?

The legal basis on which I rely to use your information are:

  • to allow me to perform my contracted obligations to you: When you book a holiday from me, a contract between you and me will have been entered into. In order for me to fulfil my obligations under such a contract, I will need to collect and process your personal information, including payment information. To process any booking(s) you have purchased from me via telephone, or via one of my authorised agents, and to contact you about them;
  • to allow me to exercise my legitimate interests as a data controller: I rely on my legitimate interests as a data controller to process the personal information that you provide to me via forms, telephone enquiries, or through any contest or promotional feature that I may run, and to process personal information that I collect from you. It is in my legitimate interests as a business to process the above information an effective and secure manner in order to provide the best service, administer my website and process your booking;
  • to look at and respond to any messages, complaints or other queries you might send me; and
  • to notify you about any changes to website, services or products;
  • to provide you with certain marketing information related to Tomhara and the locality where you have provided your explicit consent for us to do so.

User’s aged 16 and under

If you are aged 16 or under please get your parent/guardian’s permission before you provide any personal information to the’s website. I do not permit or encourage users who are 16 or under to provide me with personal information without the appropriate consent.


In order to provide you with best experience the website uses “cookies”. Cookies are small text files placed on your computer to collect standard anonymous Internet log and visitor behaviour information which allows me to analyse how visitors are using my websites and help me improve the visitor experience.

You can change the settings on your browser to not accept cookies, however some features of our website may not work or may not be accessible to you if do.

For more information on how I use cookies read our cookie policy.

For more general information about cookies, please visit:

Disclosure of personal information and your rights

I will only disclose your personal information to:

  • my business partners, suppliers and sub-contractors i.e. my cleaners and gardeners so that they are aware when the house is inhabited, for the performance of any contract I enter into with them or you. Any information I hold about you will be treated in strictest confidence and held securely on my server, or our agents’ servers, in compliance with the Data Protection Act 1998. I will not divulge any of your details to any third-party without your permission, except when it is necessary for me to fulfil a booking or satisfy a request made by you;
  • our third-party service providers in order to identify or resolve technical problems arising from the use of the website or to assist with the payment process; and any regulators, law enforcement or fraud prevention agencies, as well as my legal advisers, courts and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity, enforcing my rights or other regulatory or legal matters.

The data that I collect from you via the website may be stored on a secure server located within the European Economic Area (EEA). It may also be processed by staff operating within the EEA who work for me or for my website host. Such staff maybe engaged in, among other things, maintaining our website, the fulfilment of your booking and the provision of any support services. By submitting your personal data, you agree to this transfer, storing or processing to enable us to fulfill your booking. I will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us via telephone, and documented on paper, or through our authorised agents is stored on either secure servers or placed within locked storage located at my office. Personal data transmitted to my website is securely encrypted using SSL.

Unfortunately, the transmission of information via the internet is never completely secure. Although I will do my best to protect your personal data, I cannot guarantee the security of your data transmitted to my site; any transmission is at your own risk. Once I have received your information, I will use strict procedures and security features to try to prevent unauthorised access.

Links to other websites

My website contains links to other sites that are not under my control, even though they may use my name or logo on their website, through an agreement with me. Such other websites do not necessarily follow my privacy policies, and may place their own cookies on your computer.

This practice is standard on the Internet. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that I do not accept any responsibility or liability for these policies.

I make no undertaking or warranty about how or where your data may be stored by third parties with whom you may choose to engage via my website, and to whom you may supply personal data, or request that I supply personal data.

Storage and retention

Where I collect and store personal data it will be held on servers located within the European Economic Area (EEA). I do not transfer your personal data outside of the EEA.

I will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, I will delete it.

All data is held in line with the best security practices. Servers are in a secure data centre with appropriate physical security measures including access control, fire management and power backup. Data communications lines are diversely routed through different transit (bandwidth) providers. All unused services and accounts are disabled, account lockout policies are tight, strong passwords are used on all accounts. All servers are promptly patched with the latest security updates. All digital servers use up-to-date antivirus software which is updated multiple times each day.

The retention period may vary depending on the purposes for which the information was collected. Where a specific legal or regulatory requirement applies to your information I will retain it for the period of time specified in such legal or regulatory requirement.

In the absence of a specific legal or regulatory requirement I will retain your information for six years following the event to which it relates (e.g. the specific sale, the specific competition, etc). I may be required to extend the retention period if the information is required due a complaint or because it is required for litigation. Please also note that I am sometimes legally obliged to retain the information, for example, for tax and accounting purposes.

Your rights regarding your personal information

You have certain rights in relation to your personal information that is processed by me. I set out an overview of these rights below. These rights are not absolute and apply subject to certain conditions, as set out in applicable data protection laws. Your rights may include:

  • the right to access personal data held by me about you;
  • the right to require me to rectify any inaccurate personal data held by me about you;
  • in certain circumstances, the right to require you to erase personal data held by me about you;
  • in certain circumstances, the right to restrict my processing of personal data held by me about you;
  • in certain circumstances, a right to receive personal data which you have provided to me in a structured, commonly used and machine readable format. You may also have the right to require me to transfer this personal data to another organisation, at your request;
  • the right to object to my processing of personal data held by me about you (including for the purposes of sending marketing materials to you); and
  • the right to withdraw your consent, where I am relying on it to use your personal data (for example, to provide you with marketing information about my services and products).
    You can exercise these rights by e-mailing me at

Contacting the Information Commissioner’s Office (ICO)

Should you wish to make a complaint, you may also contact the Information Commissioner’s Office here.

Changes to this privacy policy

I may from time to time make changes to this privacy policy, for example if there is a change of law or if I am providing new services or products. These changes will take effect from the date the updated privacy policy is posted onto the website. I recommend that you check this policy from time to time to see if it has changed. If you continue to use my services or products after our privacy policy changes you will be bound by those changes.

This policy was last updated on 25th May, 2018.