Privacy Notice

Glen Tanar Estate ("us", "we", or "our") operates (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.

Here at Glen Tanar, we are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains:

  • The information we collect
  • How we will use it
  • Where we collect it from
  • How long we store it
  • Our legal basis for processing your personal data
  • Our digital services
  • Your rights and how you can see, update or delete your personal data
  • Securing your data
  • International transfers of your information
  • Recruitment procedure


Glen Tanar Estates is the controller and responsible for your personal data. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:

Glen Tanar Estate



AB34 5EU

Tel: 013398 86451



Glen Tanar is a traditional 25,000 acre estate steeped in heritage and family owned since 1905. Set in Royal Deeside and within the Cairngorms National Park we work very closely with the Forestry Commission Scotland and Scottish Natural Heritage.

We are fully inclusive and open all year round to all. Visitors to the estate can stalk deer, fish salmon on the River Dee, cycle, hill walk, take a Land Rover safari, fish for trout on our Loch and take photographs of the stunning wildlife. Our Victorian Ballroom hosts weddings, events and corporate functions all year round.

We have eight luxury self-catering holiday cottages around the Estate. They can be booked for short or long breaks and many of our self-catering clients return year on year to Glen Tanar.


Personal information is any information that can be used to identify you. It does not include data where the identity has been removed (anonymous data). For example, it can include:

  • Identity data - such as your first name, maiden name, last name, username or similar identifier, title, date of birth and gender
  • Contact data - includes address, email address and telephone numbers
  • Financial data - includes bank account and payment card details
  • Transaction Data - includes details about payments to and from you and other details of products and services you have purchased from us
  • Enquiry Data - includes data you provided us with when you contact us for customer service assistance (by any means of communication including written communications, via our website, telephone, email, social media channels or when you visit us at an event, such as a trade show, exhibition or participate in one of our surveys or competitions. We may record all customer service communications and keep information about the particular communication, including your name, the product(s) you bought, the reason why you contacted us, and the advice we gave you, so we can track the resolution of any customer service issues and for customer service training purposes
  • Marketing and Communications Data - includes your preferences in receiving marketing from us and our third parties and your communication preferences
  • Firearms Data – includes identity data, information on firearms that will be used during activity on the estate and contact data as required by law


We use different methods to collect data from and about you including:

  • Direct interactions
  • You may give us your Identity Data, Contact Data and Financial Data by filling in forms or by corresponding with us by post, phone, email, web or otherwise. This includes personal data you provide when you:
    • Enquire about or book our products or services
    • Contact us by phone or email
    • Submit website contact forms
    • Request marketing to be sent to you
    • Enter a competition, promotion or complete a survey
    • Speak with us at an event, tradeshow or networking event
    • Interact with Glen Tanar through social media channels
    • Give us some feedback


  • Provide you with the services, products or information you asked for
  • Where we need to perform the contract we are about to enter into or have entered into with you
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • Where we need to comply with a legal or regulatory obligation
  • Send you information about Glen Tanar products and services we believe is most relevant to you
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Understand how we can improve our services or information


We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.


We will only collect and use your personal data if at least one of the following conditions applies:

Example: To provide the products and services you request

We need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.

It is necessary for a contract with you or to take steps at your request prior to entering into a contract;

Example: Sharing personal data with regulatory authorities

Applications for a visitors’ firearm or shotgun permit is made by Glen Tanar (as Sponsor) to the Chief Officer of police for the area.

It is necessary for us to comply with a legal obligation;

Example: eNewsletter and other marketing activities

You give us permission to process your personal data when you register to receive marketing material

We have your consent;

Example: In an emergency

Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.

It is in the public interest or we have official authority.

Example: Security operations

We may use personal data to respond to and to manage accidents or other similar incidents, including medical and insurance purposes.

It is in our or a third party’s legitimate interests and these are not overridden by your interests or rights.

Example: To personalise your experience

We may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.

Special Category

Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent, or it is necessary to protect the vital interests of you or another individual.

Visitor Firearms Permits

Our non-UK resident stalking guests are required by law to have a Visitors Firearms Permit when they bring their firearms into the country. As Sponsor, Glen Tanar completes the application form on behalf of the visitor(s). On completion, a hard copy of the form is sent to Police Scotland along with copy of the applicants’ European Firearm Pass (EFP). When Police Scotland are satisfied with the application(s), a Visitors Firearms Permit is issued and returned to Glen Tanar and subsequently the applicant. No copy of the EFP remains with Police Scotland. Police Scotland retain the application form for up to 2 years before securely deleting. Glen Tanar does not retain any copies of the EFP. A copy of the application form is retained for up to 3 years before securely deleting.

All Glen Tanar staff who manage the visitor firearm permit process are fully trained on data handling practices and additional security measures are in place.

For further information please see:



The Glen Tanar website is built in the Craft CMS framework. Hosting, maintenance and general security is provided by Hamptons Associates Ltd [check details]. The third-part booking integration including security is provided by Super Control UK. For further information please read Super Control UK’s Privacy Policy.


Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.


Our website contains social media features such as Facebook, Twitter, Google+ and Pinterest that have their own privacy notices. Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.


From time to time we may send you relevant offers and news about our products and services in a number of ways, including by email. When you book or register with us we will ask if you would like to receive marketing communications. You can change your marketing preferences online, over the phone, using the ‘unsubscribe’ link in our marketing emails.

  • For B2B contacts, our lawful basis is legitimate interest as it’s necessary to inform business customers and contacts about our products/services to grow their business offering and ours and community/regional information including health & safety issues. Your information will be securely destroyed 5 years after your last interaction with Glen Tanar Estates
  • When you book or register with Glen Tanar, we will ask if you would like to sign up to our eNewsletter. Our lawful basis is consent. You can change your marketing preferences at any time - online, over the phone, using the ‘unsubscribe’ link in our marketing emails, or by writing to us (e.g. email) at any time. Your information will be securely destroyed 1 month after consent is withdrawn.

Glen Tanar uses third party eNewsletter software, Mailchimp to manage subscriptions and as a delivery mechanism. Their privacy policy is monitored by TRUSTe and have certified their compliance with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks. For further information, please view Mailchimp’s Privacy Policy.


Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information, we hold about you.

Individuals can find out if we hold any personal information by making a 'right of access' request. More information can be found at

If we do hold information about you, we will:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell how long we keep in for and the lawful basis for doing so;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information in an a commonly used electronic format, unless the individual requests otherwise.

Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where the request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.


While we cannot guarantee that unauthorised access will never occur, we can assure you that we take great care in maintaining the security of your personal data to prevent unauthorised access to it, through the use of appropriate technology and internal procedures.

The security of your Personal Information is important to us and while we cannot guarantee that unauthorised access will never occur, we can assure you that we take great care in maintaining the security of your personal data. To prevent unauthorised access to personal data, we use appropriate technology and internal procedures such as:

  • Using Secure Sockets Layer (SSL)
  • Data minimisation
  • Putting in place physical, electronic, and procedural safeguards in line with industry standards


In certain circumstances your personal data may be transferred to countries outside the European Economic Area (EEA).

Some of our external third parties are based outside the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us using the details set out under Controller section of this Notice, if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.


Glen Tanar is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information, please contact us at

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process. The information you provide will be held securely by us whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. Our legal basis for processing this information is legitimate interest.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than 6 months following the conclusion of the recruitment process. We will then destroy this data confidentially for any unsuccessful candidates.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect the progression of your application to the next stage if you don’t.


Our hiring managers shortlist applications for interview. If you are shortlisted for interview you will be required to bring photographic identification usually a passport to confirm your rights to work in the United Kingdom. The information will be retained on file for 6 months following the conclusion of the recruitment process. We will then destroy this data confidentially for any unsuccessful candidates.

Conditional offer

If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • We will contact your referees, using the details you provide in your application, directly to obtain references

If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments
  • Emergency contact details – so we know who to contact in case you have an emergency at work
  • Information to comply with HMRC requirements

How long is the information retained for?

If you are successful, the information you provide during the application process and employment will be retained by us as part of your employee file for the duration of your employment. The legal basis for this is contractual. The retention period following termination of contract is plus 6 years. This is based on the 6-year time limit within which legal proceedings must be commenced as laid down under the Limitation Act 1980. The lawful basis for this legal obligation.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the recruitment process.

Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the recruitment process.


We keep our Privacy Notice under regular review and we will place any updates on this web page. This Privacy Notice was updated on the 10th of January 2019.