fruit tree at louma farm

Privacy & Cookies Policy


We are Grape Vibes Ltd, a company incorporated in England and Wales and whose registered address is Bath House, 16 Bath Row, Stamford, England, PE9 2QU (referred to herein as Louma Farm and Retreat, “we”, “us” or “our”, as the context requires).

This Privacy Policy (together with our terms and any other documents referred to on them) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It applies to our guests, customers, and other individuals whose data we may process.

For the purposes of GDPR and UK GDPR, we are the controller of our guests’ and prospect guest’s CRM data to the extent it pertains to natural persons.

We may change this Privacy Policy from time to time so please, check our website from time to time for any updates. If we make material changes in the way we use your personal data, we may notify you by posting a notice on our website or sending you an email at the email address provided at the time of registration.

The Basis for the Processing of Your Data

Louma Farm and Retreat processes your data for the performance of the contract that you have entered into for the provision of our  services, and/or in order to take steps at your request to enter into the contract with us.

Some data is processed based on Louma Farm and Retreat’s legitimate interest, notably our website visitors’ data, such as website data for cybersecurity and/or error-tracking purposes.

Your consent will be required in case we process or share some of your data with third parties for a purpose different from those comprised in this Privacy Policy and that is not indispensable for the provision of our services.

We may ask for your consent in other cases where we process your data. Such consent can be revoked at any time by contacting us at

Data We Collect about You

We may collect and process your personal data to operate our website and to provide the services you have requested.  We may collect, use, store and transfer different kinds of personal data about you, which may include but are not limited to:

Information you provide to us

  • Personal contact details: including name, email address, residential/postal address, phone number and country of residence.
  • Family/Other contact details: including name, email address, residential/ postal address, phone number and country of residence.
  • Financial data: including bank account, payment card and billing address.
  • Transaction data: including details about payments from you and other details of services you have required from us.
  • Interaction and correspondence: including the information you send us via email, survey, social media, customer service communications or other methods.
  • Preferences and other data: age, dietary, accessibility, personal preferences and medical conditions.
  • Professional Data in case of corporate booking: company working for and address, designation, colleagues.

Sources we collect your data from

  • Directly from you: when you voluntarily provide this information to us (for example, when you contact us, interact with us on social media, visit us, or book to stay with us directly).
  • Directly from the person who made the booking: if another person has made a booking on your behalf to stay with us, attend an event or otherwise visit us and has provided us with information about you in order to make the booking.
  • From other publicly available sources: from time to time, we access and store information which is available from public sources including some personal data (for example, we may have access to information on your social media profile when you interact with us on any social media platform we use).
  • From third party service providers or partners: we engage with third parties that provide services to us for specific functions and in certain instances, they will share personal data you provide to them with us.

Information we collect automatically

We may automatically collect the following information when you visit our website: your computer’s IP address, browser type and version, source of traffic and/or previous webpage before visiting our website, the pages visited and actions taken within our website, the time spent within our website, access times and dates, page response times, errors and other statistics and technology on the devices you use to access our websites, your location as part of website analytics.


This policy sets out how we collect and use personal data through cookies or other similar technologies.

Type of cookies this website uses and purposes

Cookies are small text files that are placed on your computer by websites that you visit. We use necessary cookies to make our site work and we also set optional cookies to help us improve it and give you the best experience possible.

The exact names of cookies we use on our website may change over time, however, the descriptions below set out the types of cookies that operate on our website. You can obtain an up-to-date list of the cookies we use by contacting us at

  • Strictly necessary cookies: These are cookies that are required for the operation of our website, to provide services explicitly requested by you or to comply with any other legislation that applies to us, such as the security requirements of the GDPR or the UK GDPR. They include, for example, cookies that help ensure that the content of a page loads quickly and effectively.
  • Analytical cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. We use them to collect information about how visitors access our services, such as the number of users on our website, how long they stay on the site for, and what parts of the site they visit. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily.
  • Advertising cookies: These record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed to you more relevant to your interests and to understand that content’s effectiveness.
  • Functionality cookies: These are used to recognise you when you return to our websites, which enables us to personalise our content for you and remember your preferences, for example, to load the chatbot.

Lawful basis for processing

When you use our website for the first time, you are given the opportunity to accept or decline not strictly necessary cookies.  By using the tick boxes on the cookie banner, you are consenting to or declining our use of cookies by category, as set out in this policy. You can also change your cookie consents at any time by accessing the cookie banner or by emailing us at


Our use of cookies is proportionate in relation to our intended outcome and limited to what is necessary to achieve our purpose.

  • Session cookies: These cookies allow us to recognise and link the actions of a user during a browsing session. They are temporary and expire at the end of a browser session, normally when you exit the browser.
  • Persistent cookies: This category encompasses all cookies that are stored on a user’s device in-between sessions. All persistent cookies have an expiration date written into their code, but their duration can vary for each category or specific cookie. The persistent cookies we use normally expire after six months. If you require more information regarding the duration of a particular cookie, used by us please contact us at

How to manage your cookie preferences 

You can set up your preferences the first time you visit our website and at any time through our cookie banner or by contacting us at

You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited. Browsers also allow you to control access to cookies. You can find below the links providing information about how you can do this for the major browsers:

To find information relating to other browsers, visit the browser developer’s website.

To find out more about cookies, including how to see what cookies have been set, visit or


You may receive marketing communications from us via email, WhatsApp, text or telephone if you have requested information from us or requested our services if, in each case, you have not opted out of receiving that marketing.

Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes.

We do not sell, rent, lease or provide in any other way our customer lists to third parties.

You may always object / opt-out by following the link in our email message or by sending us an email to

Disclosure of your Information

We do not rent or sell your personal information to anyone without your explicit consent, but, subject to the need to perform the contract with you based on the contract you enter with us and our legitimate interests, we may share your personal information in the ways described below:

  • Other companies within the group for administrative and organisational purposes.
  • Our third-party service providers who perform functions on our behalf in connection with the operation of our business such as IT service providers, including cloud storage, analytics and communications providers, and system administrators or third parties who host and manage data.
  • Analytics, CRM and other software that assist us in the communication with you and the improvement and optimisation of our website.
  • Any other third parties for the purpose of enabling the services you book to be carried out, as our payment provider Stripe. Please note that Stripe is a controller of your personal data and their own Privacy Policy will apply when you make a payment.
  • Third parties if we are required to do so by law, or if we believe that such action is necessary to: (a) fulfil a government or regulatory authority request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our websites or customers.
  • Other reasons: We may also share your personal information with a purchaser or potential purchaser of our business.
  • Any other third parties with your express consent.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Data Transfers 

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and the UK, where the laws on processing personal data may be less stringent than in your country. It may also be processed by staff operating outside the EEA and the UK who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, by ensuring at least one of the following safeguards is implemented:

  • Transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK;
  • Entering into specific contractual terms which have been approved by the European Commission or the UK and which give personal data the same protection as within the EEA and the UK;
  • Where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Data Privacy Framework, which requires them to provide similar protection to personal data shared between Europe or the UK and the US.

For further information on the safeguards used, please contact us at

Data Retention 

We retain personal information for as long as we require for the purposes for which it is processed or as is otherwise required by applicable law. Our retention periods will vary depending on the type of data involved, but, generally, we will refer to these criteria in order to determine retention period:

  • Whether we have a legal or contractual need to retain the data.
  • Whether the data is necessary to provide our services.

When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods.

Your Rights

Under the GDPR and UK GDPR, you are entitled to certain rights in relation to our handling of your personal data, as described below.

  • Request access to your personal data that we hold about you (commonly known as a “data subject access request” or DSAR). This enables you to receive a copy of the personal data we hold about you or are otherwise processing;
  • The right to obtain without undue delay the rectification of inaccurate personal data concerning you, including the right to have incomplete personal data completed e.g. by means of providing a supplementary statement. This enables you to have any incomplete or inaccurate data we hold about you corrected. We will need to verify the accuracy of the new data you provide to us;
  • Restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data where the data is wrongfully processed but should not be erased for a reason listed in Article 18 (1) (UK) GDPR;
  • Right to erasure (‘right to be forgotten’). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it, except for information where a contract or legitimate interest continues to exist (e.g. to pursue claims);
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third-party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
  • You may exercise your right of data portability in a common, machine readable form by obtaining your data by sending us an email request.

Where another mechanism is not provided, you can exercise the rights at any time by contacting us at

Contact and Complaints

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to

You can contact our Data Protection Officer by using the contact details below:

Aphaia Ltd
The Brew
Eagle House
163 City Rd
London EC1V 1NR

Contact email:

Contact telephone: (+44) (0)20 3917 4158

You may always launch a complaint regarding our processing of your data by contacting the UK Information Commissioner’s Office with

Stay with us

Sign in

Don’t have an account?
Create one

Create your

Your personal data will be processed in line with Louma’s Privacy and Cookie Policy

Welcome to Louma

Thank you for registering an account with us. Please check your emails and follow the confirmation link to continue to your account.

Reset Password

Please enter the email address that is associated with your account. You will then receive an email to reset your password details.

Join the Louma Family