Privacy is a very important issue for everyone and is a subject we consider to be a priority.

We take the issue of data protection very seriously, including compliance with the UK General Data Protection Regulation, the Data Protection Act 2018, the Data (Use and Access) Act 2025 and the Privacy and Electronic Communications Regulations 2003 and all other relevant data protection legislation in force and as amended or replaced from time to time.  

This Privacy Notice outlines how we process your personal data, if you are:

• a member of the public making an enquiry, attending a community open day or event, purchasing a fishing permit or providing information for the registration of a fishing permit
• a business, group, charity or organisation making an enquiry
• a partner, supplier or contractor when we begin our business relationship with you

During the course of our activities, we will process personal data (which may be held electronically or otherwise) about you, and you can be confident it’s safe and secure with us, and understand how we use it to give you a better experience as a member of, or visitor to, our club.

We have tried to keep this privacy notice as easy to read as possible, but if you have any questions, you can contact us using the details in the queries section at the bottom of this notice.

Our companies comprise the following entities:

• Taymouth Holdings Ltd (Information Commission (IC) Registration No: ZB508365)
• River Tay Developments Ltd (IC registration Number: ZB508356)
• The River Tay Castle LLP (IC Registration Number: ZB508359)
• Taymouth Club Ltd (IC Registration Number: ZB508346) – the Data Controller of personal data of Club Members, their guests, and visitors to the premises.
• Discovery Taymouth Manco Limited (IC Registration Number: ZB834207) – the data controller for the personal data of our employees and contractors

Our parent company is Discovery Land Company, based in the United States of America, with its headquarters at:

257 N. Cannon Dr
Beverly Hills
CA 90210

We have a separate Privacy Notice for our employees and contractors.

Collectively, we are Taymouth Castle Club (referred to in this notice as “we” or “us”).  Our registered office in the UK is:

C/O Alter Domus (UK) Limited
10th Floor
30 St Mary Axe
London
United Kingdom
EC3A 8BF

We obtain information about you in the following ways:

Information you give us directly

• when you make a booking with us, when you make an enquiry via phone or via our website form, or otherwise provide us with your personal details;
• during visits to our premises
• when you use our website through the use of Cookies on our website
• when you enter information on our website
• when you provide payment information
• from feedback forms
• during local meeting attendance
• when you make any complaints
• when you have been involved in any accidents or incidents at our premises

If you apply for a job with us, we collect information about you from your job application.  If you are successful in joining our team, we will also collect information from you in relation to your employment.

Information we received regarding you indirectly

• Your information may be shared with us by third parties, which might include subcontractors acting on our behalf who provide us with technical, payment or other services and our business partners.
• we may collect your image and audio from our CCTV cameras, which are located on our premises. 
• when you visit our website, we ask for your consent to use Cookies on your device to run the website that you can customise.

The data we hold and process for you will depend on our relationship with you, the enquiries you have made with us, the bookings you have requested from us or the fishing permits you have purchased from us. When you register for any of our services, request information, online or by telephone or, in a limited way, browse our websites, we will collect and store your information as required. This may include:

• Your personal details, including your name, date of birth, email address (personal or business), current postal address and phone number
• Where applicable and with explicit consent, special requests such as, but not limited to, dietary and disability requirements
• Payment details
• Details of any future booking(s) you may have made with us
• Details of the services that you may have taken part in or used when you visited us
• Audio recordings of your voice when you make a telephone call to us and when we call you
• Company name and nature of your business, where applicable
• Organisation, group or charity name and nature of your purposeInformation about your organisation, charity, group or project as applicable
• Details for invoicing and paying you for the purposes of arranging donations or support
• Information about your browsing behaviour on our websites and mobile apps
• Information about your enquiry or request
• Information on how you access our digital services, including IP address, browser and operating system
• Information on your browsing preferences in relation to our website is collected through the use of cookies.
• Images and video recordings that you have sent to us

When you contact us or we contact you or you take part in competitions, surveys or questionnaires about our services, we collect:

• The personal data you provide when you connect with us, through email, post, phone or social media, such as your name, username and contact details.
• Confirmation that you have opened or interacted with emails and other digital communications we send to you.
• Your feedback and contributions to customer surveys and questionnaires.

Other sources of personal data we use

• Specialist companies that supply information, and trusted partners
• We use CCTV images collected in or around our premises, including where publicly accessible footpaths cross our property.

Personal data you provide about other individuals

• Personal data about other individuals, such as those people on your booking, including group bookings.
• By providing other people’s personal data, you must be sure that they agree to this, and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data is used by us.
• Should the other person not agree with you having access to their data, they will have to contact us directly to manage their part of any group booking.

To provide the products, information and services you request 

• We need to process your personal data so that we can provide you with information or services that you have requested from us, so as to provide you with an appropriate response or the products you want, and to manage your booking.  If you do not provide us with your personal data, this is likely to affect our ability to provide these services to you.
• To keep your information up to date we will use a third-party to check your data, for instance, in the event of a person being deceased, or if you have moved postal address.

To manage and improve our products, services and day-to-day operations 

• We use personal data to manage and improve our products, websites, mobile apps, operations and other services. 
• We use personal data to respond to and to manage security operations, accidents or other similar incidents, including for medical and insurance purposes.  
• We use CCTV images to help maintain the health and safety of anyone working in or visiting our premises, and for the prevention, detection and prosecution of criminal offences. We may rely on the images to establish, exercise or defend our legal rights. 
• We use recordings of telephone conversations with you for staff training purposes and to improve our service and to manage and respond to any complaints.

To make contact and interact with you 

• In the event you contact us, for example by email, post, telephone or via social media, we use personal data to provide clarification or assistance to you. 
• We process your personal data so that we can manage any bookings that you make, for example, to provide you with community open day information and tickets.
• From time to time, we invite you to take part in surveys, questionnaires and other market research activities carried out by us or by other organisations on our behalf and we will process your personal data in order to improve the service we provide to you. 

International data transfers

• We will only carry out international data transfers of your personal data to a country outside of the UK where the recipient is compliant with UK data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
• by way of a data transfer agreement, incorporating the international data transfer agreements/addenda (as appropriate), current standard contractual clauses adopted by the European Commission for the transfer of personal data
• Such other international transfer safeguard mechanism as detailed within the UK General Data Protection Regulation
• Where a derogation applies, such as where the transfer is necessary for the performance of a contract between us

We may also undertake a transfer to any of our employees, officers, contractors, insurers, professional advisors (including legal advisers and our Data Protection Officer), agents, suppliers or subcontractors, selected third parties, government agencies and regulators and healthcare providers for the purposes set out in this notice, or for purposes approved by you, including the following:

• where it is necessary for the conclusion or performance of a contract between us and a third party, and the transfer is in your interests for the purposes of that contract
• between our subsidiary companies, for the performance of our contract with you
• with carefully selected suppliers that we work with who carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services.
• On occasion, to establish, exercise or defend our legal rights, this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.
• In the event that we enter into negotiations to sell or transfer any of our businesses or any of our rights or obligations under any agreement we have with you, we will share your personal data with that organisation as necessary. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us.
• If required by law, we will disclose your information to statutory bodies such as auditors or solicitors

We use third parties to facilitate payment from you to us. These are Cognito Forms and Stripe. This will involve us sharing your personal information with these third parties to enable us to enter into a contract with you for the provision of the fishing permit. They will process your personal information in accordance with their own privacy policies. To find out more about how they use your personal information, we encourage you to review their privacy policy on https://www.cognitoforms.com/legal/privacy

When we share personal data with other reputable service providers, it is conducted under contractual agreements where we require them to keep it safe, in accordance with the law, and we do not allow them to use your personal data for their own purposes, including marketing.

We only share the minimum personal data that enables our suppliers and partners to provide their services to you and us. 

Where you have entered into a contract with us, failure to provide personal data may mean that we are unable to properly implement the contract and that you are unable to exercise certain contractual rights.

We will only collect and use your personal data if at least one of the following conditions applies:

• We have your consent, e.g. you have opted in to marketing when purchasing our services, which you can withdraw at any
• It is necessary for a contract with you or to take steps at your request prior to entering into a contract, e.g. to complete a purchase
• It is necessary for us to comply with a legal obligation
• It is necessary to protect the vital interests of you or another individual, e.g. the exchange of personal data with medical staff in an emergency situation
• It is in the public interest, or we have official authority, e.g. to respond to and manage security operations
• Where we have a legitimate interest, including
  • better understanding your interests, so that we can predict which other products and services might be of most interest to you and for staff training and complaint management purposes.  This ensures we can tailor our communications to be more relevant for you. This would include direct marketing offers, digital feedback (for instance, Reevoo, Trustpilot, Feefo), surveys, telephone call recordings, and marketing profiling.
  • Protecting our staff and customers, and assisting with the prevention and detection of crime through the use of CCTV recordings
  • Enhancing, modifying, personalising or otherwise improving our services/communications for the benefit of our customers, including the use of telephone recordings
  • Sending you a survey 

• Where there is a recognised legitimate interest, as defined under the Data (Use and Access) Act 2025 and by the relevant Secretary of State

Where we need to process special categories of personal data, for example, health data for medical reasons, we will only do so if this complies with data protection law. This will include, but is not limited to.:

• We have your explicit consent
• It is necessary to protect the vital interests of you or another individual, and you are physically or legally incapable of giving consent
• It is necessary to establish, exercise or defend legal claims
• It is necessary for reasons of substantial public interest

We take our responsibility to protect and manage your personal data very seriously, and we use appropriate technical tools to manage and secure your personal data. All data is held in accordance with Taymouth’s data protection policies and procedures.

• Technical measures
  • We take appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access when it is being transmitted, stored or otherwise processed.  
  • Use of cookies – Cookies are small text files that are stored on your computer or mobile device. They can’t harm your computer and don’t store personally identifiable information such as credit card details, but help us to provide features and functionality on our websites and mobile apps that we use to improve your customer experience. Please see our cookie notice for further information.
  • Use of Analytics – When you visit our website, we use a third-party service, Google Analytics, to collect information and details of user browsing patterns and habits. We do this to monitor visits to various areas of our website. We also use this software to assign a unique Google Analytics ID to each user to provide a more personalised experience on our website. This software enables us to link your IP address to your browsing on our website and to tailor your browsing experience. Please see Google’s privacy policy for further information on Google Analytics.
  • Links from our website to other organisations, and social media – Our websites or mobile apps contain links to websites operated by other organisations. They will have their own privacy notices, so please make sure you read their privacy notice carefully before providing any personal data, as we do not accept any responsibility or liability for websites of other organisations. Our websites or mobile apps contain social media features such as TripAdvisor, Facebook and Twitter that have their own privacy notices. Please make sure you read their privacy notices carefully before providing any personal data, as we do not accept any responsibility or liability for these features.  

We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law, as recorded in our Data Retention schedule. After this period, we will securely erase personal data or take appropriate measures to anonymise it.  

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users who register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information

Your personal data will only be stored within the United Kingdom, except where international transfers are authorised by law.

Under UK data protection law, you have certain rights over the personal information that we hold about you.

Right of access

You have a right to request access to the personal data that we hold about you and to request a copy of it, and we will provide you with this unless legal exceptions apply.  If you want to access your information, please send a description of the information you would like to see to the contact details above. We may ask for proof of your identity before proceeding with your request.

Right to have your inaccurate personal information corrected

You have the right to have inaccurate or incomplete information we hold about you corrected.

Right to restrict use

You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we’re not lawfully allowed to use it.

Right of erasure

You may ask us to delete some or all of your personal information, and in certain cases, and subject to certain exceptions, we will do so as far as we are required to.

Right for your personal information to be portable

If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, for example, via you completing a form on our website, you may ask us to provide it to you or to another service provider in a machine-readable format.

Right to object

You have the right to object to processing where we are using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.

If you want to exercise any of the above rights, please contact our Data Protection Lead at the details above.  We may be required to ask for further information and/or evidence of identity.  We will endeavour to respond fully to all requests within one month of receipt of your request; however, if we are unable to do so, we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances.  For more details, we recommend you consult the guidance published by the UK’s Information Commission.

If you would like to make a request, please email or write to: The Data Protection Officer

By Email: Info@rgdp.co.uk

By Post:           
Taymouth Castle Kenmore
Perthshire Scotland
United Kingdom
PH15 2EZ

If you are not satisfied with our handling of your request or have any other data protection related issue, in the first instance, you have the right to contact us with your complaint so that we can investigate, any complaints should be marked ‘GDPR Complaint’ and should be sent to our Data Protection Officer who is provided by RGDP LLP and can be contacted either via

Email: info@rgdp.co.uk

Or

Telephone:  0131 222 3239

We aim to resolve all concerns and complaints, but if you still remain unsatisfied after your complaint has been processed by us, you also have the right to complain to the Information Commission in relation to our use of your information.  The Information Commission’s contact details are noted below:

Telephone: 0303 123 1113 

Online: Make a complaint | ICO

This notice replaces all previous versions. We may update the notice at any time, so please check it regularly for any changes. If the changes are significant, we will provide a prominent notice, including, if we believe it is appropriate, email notification of privacy notice changes. 

Updated: October 2025

---