Cookie Policy
Hatfield House | Cookie Notice
Last updated: March 2026
About this notice
This cookie notice explains what cookies are and how we use them on our website.
It sets out what types of cookies we use, the purposes for which they are used, and how you can control their use.
Who we are
The data controller responsible in accordance with the purposes of the UK General Data Protection Regulation (UK GDPR) and other data protection regulations is:
Gascoyne Estates Limited
Hatfield Park Estate Office
Hatfield Park
Hatfield
Hertfordshire
AL9 5NF
United Kingdom
Website: https://hatfield-house.co.uk
ICO registration number: Z9750760
This website is operated by Hatfield Park Partnership.
Data Protection Officer
The contact details for our Data Protection Officer are as follows:
By post:
DataCo International UK Limited
Suite 1, 7th Floor
50 Broadway
London
United Kingdom
SW1H 0BL
By email:
privacy@dataguard.co.uk
By phone:
+44 203 514 6557
What are cookies
Cookies are small text files that are stored on your device (such as a computer, smartphone or tablet) when you visit a website.
Cookies enable a website to recognise your device and store certain information about your preferences or past actions.
They are widely used in order to make websites work more efficiently and provide information to website owners about how visitors interact with the website.
What types of cookies are there
First-party cookies
First party cookies hosted on the website you are visiting. They are only set or retrieved by the website while you are visiting it, so they cannot normally be used to track activity or pass data from one site to another. However, the owner of that website can still collect data through their cookies and use that to change how the website appears to the user, or the information it displays.
Third-party cookies
Third party cookies are where the host domain or address is not the same as the website you are visiting. They are usually placed in a website via scripts or tags added into the web page. Sometimes these scripts will also bring additional functionality to the site, such as enabling content to be shared via social networks.
Online advertising is the most common use of third-party cookies. By adding their tags to a page, which may or may not display adverts, advertisers can track a user (or their device) across many of the websites they visit.
We might share your data collected via cookies with these third-party cookie providers. Where we do this, we have data processing agreements in place with all third-party providers to ensure that your personal data is handled securely and in accordance with data protection regulations. Your data might be transferred from the UK to the United States of America (US). Where your data is transferred outside of the UK, we make sure that your data is given the same level of protection. This may be achieved in one of the following ways:
- Adequacy decision: where the destination country has been recognised by the UK Government as providing an adequate level of protection for personal data, or where the data is transferred under the UK-US Data Bridge (a legal framework that allows UK organizations to transfer personal data to US companies that have self-certified under the EU-US Data Privacy Framework);
- Appropriate safeguards: where we use mechanisms such as the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the European Commission’s Standard Contractual Clauses (SCCs), to ensure your data is protected.
Session cookies
Session cookies are temporary cookies that remain on your device until you close your browser.
Persistent cookies
Persistent cookies remain on your device for a set period of time or until they are deleted.
How cookies are categorised
Cookies used on our website fall into the following categories:
Strictly Necessary Cookies
These cookies are set to provide the service, application or resource requested. Without these cookies, your request cannot be properly delivered. They are usually set to manage actions made by you, such as requesting website visual elements, pages resources or due user login/logoff. We can also use these cookies to set up essential functionalities to guarantee the security and efficiency of the service requested, like authentication and load balancer request. Consent is not needed to use this category of cookies.
Performance Cookies
These cookies are set to provide quantitative measures of website visitors. Information collected with these cookies is used in operations to measure website or software KPIs, such as performance. With the usage of these cookies, we can count visits and traffic sources to improve the performance of our site and application. If you do not allow these cookies, we will not know when you have visited our site. These cookies can only be used with your consent.
Functional Cookies
These cookies are set by us or by third party service providers we use to implement additional functionalities or to enhance features and website performance, however they are not directly related with the service you requested. Services and functionalities implemented by these cookies support features like automatic filled text box, live web chat platform, non-necessary forms, and optional security parameters like a single sign-on (SSO). These cookies can only be used with your consent.
Targeting/Analytical Cookies
These cookies are set by our advertising partners to provide behavioural advertising and re-marketing analytical data. They collect any type of browsing information necessary to create profiles and to understand user habits to develop an individual and specific advertising routine. The profile created regarding your browsing interest and behaviour is used to customise the ads you see when you access other websites. These cookies can only be used with your consent.
What cookies do we use
Strictly Necessary Cookies
| Cookie provider | Cookies | Purpose | How long we keep your data | Personal data collected |
|---|---|---|---|---|
| Cloudflare | __cf_bm | Distinguishes between humans and bots to support Cloudflare Bot Management. | 1 hour | Encrypted bot-calculation data (derived from the processing of IP address and device/browser characteristics) and a session identifier used for anomaly detection to identify and mitigate automated traffic. |
| Website – WordPress / Web App | XSRF-TOKEN | Security cookie used to prevent Cross-Site Request Forgery (CSRF) attacks. | Session | Session ID |
| CookieYes | cookieyes-consent | Remembers the user’s consent preferences for cookie categories. | 1 year | Unique pseudonymous consent ID, granular consent preferences (per category), timestamp of the consent action, and the user’s anonymized IP address utilised for the legally required ‘Proof of Consent’ log. |
| Google reCAPTCHA | rc::a | Used to distinguish between humans and bots to protect forms against spam. | 6 months | Hardware/Software patterns, IP address, browser type, user interaction data |
| Google reCAPTCHA | rc::c | Used to distinguish between humans and bots to protect forms against spam. | Session | Hardware/Software patterns, IP address, browser type, user interaction data |
| Stripe | m | Fraud prevention cookie that identifies the device used for secure payment processing. | 1 year 1 month | IP address, device information, transaction-related data |
Performance Cookies
| Cookie provider | Cookies | Purpose | How long we keep your data | Personal data collected |
|---|---|---|---|---|
| Google Analytics 4 | _ga | Calculates visitor and session data by assigning a unique randomly generated ID. | 1 year 1 month | Client ID (Pseudonymous) – Online identifiers (including cookie IDs and IP address), device/browser characteristics (e.g., model, OS, browser version), and website activity data (including pages visited, session duration, and referral URLs). |
| Google Analytics 4 | _ga_YM43EHKP6K | Maintains and persists the user’s session state and tracks individual page interactions. | 1 year 1 month | Client ID and Session ID – Online identifiers (including cookie IDs and IP address), device/browser characteristics (e.g., model, OS, browser version), and website activity data (including pages visited, session duration, and referral URLs). |
| Google Analytics | _gid | Stores a unique ID to group and track user behavior for 24-hour reporting. | 1 day | Client ID (Pseudonymous) – Online identifiers (including cookie IDs and IP address), device/browser characteristics (e.g., model, OS, browser version), and website activity data (including pages visited, session duration, and referral URLs). |
| uid | Assigns a unique identifier to track user behavior across various website segments. | 24 months | Unique User ID | |
| TruConversion | ti_ukp | Visitor session hash that collects data on visits and time spent to optimize website content. | 5 minutes | Online identifiers (session-specific hash), IP address, and behavioral interaction data (eg, mouse movements, clicks, and scrolls) processed for website optimisation and heatmapping. |
Functional Cookies
| Cookie provider | Cookies | Purpose | How long we keep your data | Personal data collected |
|---|---|---|---|---|
| Event Temple | _eventtemple_session | Maintains the user’s active session for the integrated Event Temple booking widget. | 1 month | Session ID and user preferences |
Targeting Cookies
| Cookie provider | Cookies | Purpose | How long we keep your data | Personal data collected |
|---|---|---|---|---|
| doubleclick.net | test_cookie | Used to check if the user’s browser supports cookies to ensure correct ad delivery. | 15 minutes | Online identifiers (IP address) and browser/device metadata processed during the initial handshake to verify cookie support. |
| Meta (Facebook) | _fbp | Delivers advertisement products such as real-time bidding from third-party advertisers. | 3 months | Online identifiers (including Facebook ID, browser ID, and IP address), browser/device metadata, and website interaction events (e.g., page views, button clicks, or form submissions) used for ad attribution and conversion tracking. |
| Google Ads | _gcl_gs | Stores and tracks conversions specifically from Google Search ad clicks. | 3 months | Ad click identifiers (GCLID/WBID), timestamp of the click, IP address, and the specific page URLs where conversion actions occur. |
| Google Ads | GCL_AW_P | Tracks cross-site conversions for Google Ads via Google Tag Manager. | 3 months | GCLID (Click ID) |
| Google Ads | _gcl_aw | Stores and tracks conversions from Google Ads clicks using a unique Google Click Identifier (GCLID). | 3 months | Ad click identifiers (GCLID/WBID), timestamp of the click, IP address, and the specific page URLs where conversion actions occur. |
| Google Tag Manager | _gcl_au | Used by Google AdSense for experimenting with advertisement efficiency across websites. | 3 months | Ad click identifiers (GCLID/WBID), timestamp of the click, IP address, and the specific page URLs where conversion actions occur. |
How can I manage my cookie settings?
Except for any strictly necessary cookies, you can opt-out of any cookies you already provided consent for by opening the cookie settings in the cookie banner.
Alternatively, you can manage your cookie settings at the browser level, by opening the browser settings menu and choosing which cookies to allow.
Is there automated decision making occurring?
No processing activities include making automated decisions about you that might significantly affect you or lead to any legal effect. Automated decisions mean decisions based on solely automated processing without human intervention.
Is the provision of personal data a requirement?
The placement of cookies on your device and the provision of personal data through them are not statutory or contractual requirements. This means that you are not legally obligated to allow cookies to be placed on your device, nor are you required to provide personal data collected through them.
The consequences of cookies not being placed on your device depend on the type of cookies:
| Category of cookies | Consequences |
|---|---|
| Strictly necessary cookies | Malfunctioning website features, security vulnerabilities, network problems, and accessibility issues, as well as payment functions not working properly. |
| Performance cookies | Limited understanding of how users interact with the website, which may result in a slower pace of website improvement, unresolved usability issues, and a less optimized or user-friendly browsing experience. |
| Functional cookies | Loss of enhanced user experience, such as remembering login details, preferred language, region settings, or form inputs; users may need to manually reconfigure settings or re-enter information on each visit. |
| Targeting cookies | Less relevant or generic advertisements may be displayed; users may see the same ads repeatedly or ads unrelated to their interests. Additionally, we may have reduced ability to measure the effectiveness of marketing campaigns or reach intended audiences efficiently. |
Data Transfers outside the UK
Where we transfer your personal data outside the UK to third-party cookie providers, we will ensure that it continues to receive a level of protection consistent with UK data protection law. This may be achieved in one of the following ways:
- Adequacy decision: where the destination country has been recognised by the UK Government as providing an adequate level of protection for personal data;
- Appropriate safeguards: where we use mechanisms such as the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the European Commission’s Standard Contractual Clauses (SCCs), to ensure your data is protected.
You have the right to obtain a copy of the safeguards we use for transfers outside the UK. Please contact us (see the “Who we are” section above for contact details) if you wish to receive further information.
Your rights
Under data protection legislation, in certain circumstances you have the following rights over the processing of your personal data as described in this notice:
- the right to be informed about how your data is used
- the right of access to your personal data
- the right to rectification of inaccurate data
- the right to request deletion of your data
- the right to object to the processing of your personal data
- the right to data portability
In most cases, we must respond to a request to exercise these rights within one month. If you would like to submit a request, please contact us (see the ‘Who we are’ section above for contact details).
Complaints
If you are unhappy with any aspect of how your personal data is being processed, please contact us first.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: +44 303 123 1113
https://ico.org.uk/global/contact-us/
apps-fileview.texmex_20260311.11_p1
HH-cookie-policy-March-27th.html
Displaying HH-cookie-policy-March-27th.html.