Consumer and website privacy policy

Our trading brands are Best Escapes, Best of Suffolk, Carbis Bay Holidays, Coast & Country Cottages, Coast & Country Holidays, Cornish Cottage Holidays, Dream Cottages, Helpful Holidays, Hogans Irish Cottages, John Bray Cornish Holidays, Lake District Lodge Holidays, Lakelovers, Lyme Bay Holidays, Manor Cottages, Menai Holidays, Northumbria Coast & Country Cottages, Sykes Holiday Cottages, UK Lodge Breaks and Yorkshire Coastal Cottages.

Sykes Cottages Ltd, a company registered in England, with company number: 4469189 of 1 City Place, Chester, Cheshire, CH1 3BQ, (referred to as “Sykes”, “Sykes Cottages”, "we", "us" or "our" in this privacy notice) is the primary data controller in relation to your personal data. This means that we are responsible for your personal data.

We are part of a wider Group of companies including Forge Holiday Group Ltd, UKCaravans4hire.com Limited and Forest Holidays Limited and we sometimes use joint technology services to make data more secure, to make our technology better and quicker or to give you a better service. It doesn’t make a difference to the purposes we use your information for and our Group follow this privacy policy when looking after your data. Where we use these services we are joint data controllers with these companies and we have a binding agreement in place to operate to high standards of data protection.

Our Data Protection Officer is a staff member of Forge and its subsidiary companies and can be contacted using the details provided above.

When you book a holiday through us you have a contract with us for booking services and a contract with the property owner in relation to the property rental. Our property owners are separate data controllers and we will share your details with them to facilitate this contract.

We collect your personal details including your name, address, email addresses, telephone numbers, title and country of residence. If you enter a competition or interact with us on social media we may collect your social media identifiers. We sometimes check this data using publicly accessible sources used to verify identity.

If you are part of a group of travellers we may collect personal details of members of your party. It is your responsibility as the lead booker to inform them of this privacy policy and that you have provided their data.

We have to collect some of this data from you to create and maintain an account for you on our systems. We manage our interactions with you using an account system and we will tell you when information is required for us to provide our services rather than voluntary.

We collect financial data including transactions we have made with you but we do not generally collect or retain payment card details as this processing is outsourced but we may (if you consent) retain an authorisation to charge a payment method.

We record and transcribe some calls to or from our call centre. This will include the number dialled or called from as well as the recording/transcript itself. We use these recordings and transcripts for training purposes, fact verification and to meet regulatory obligations in relation to selling insurance. In a similar way we may retain transcripts of live chats, text messages and other social media direct messaging that we send to you or you send to us.

If you have booked with us through another website such as Airbnb or booking.com then we will receive data from them rather than collecting it from you directly. The data we receive depends on the relevant website and their own privacy policy.

We also collect data from you about other people who are in your travelling party. You are responsible for telling them you have given us their data our use of which is governed by this privacy policy. Where you provide us with information about children you are responsible for gaining the relevant consent from them or their parents/guardians.

We collect data for marketing and website management purposes including details of how you have used our website, your responses to surveys and feedback requests, your marketing preferences and your cookie consents.

We collect technical data including internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. Some of this data is used for website management and marketing purposes.

When things go wrong and we have to collect debts from you or take other legal action we may get information about other creditors you have and payments you make to them. We will receive this from IVA, bankruptcy or financial advisors as well as your legal representatives.

We may collect data from Cardlytics UK Limited where you see a cashback offer for us in your own banking portal, make a booking with us and then receive cashback on the payment that you make to us. Some of this data may be used by us to match transactions with us and bookings that you make with us.

We may rarely receive data from you about your health or about criminal convictions. You may also give us details of your relations such as spouses. We will only ever take this information from you with your consent or if there is an exemption in law such as the protection of public health in a pandemic.

We use your personal data to fulfil our contract with you as a booking agent and to assist with fulfilling the contract between you and the property owner. We do this because it is necessary for the performance of the contract to which both you and the owner are a party for the rental agreement as well as the contract between you and us as the booking agent you have made your booking through.

We may use your personal data to sell you insurance from our insurance partner where you want this to happen. We do this because it is necessary as a step for you to form a contract with the insurance partner in the future.

We may provide you with access to a customer portal on our website and you can also access your data through our app. This uses your personal data to provide you with information about your bookings and the feedback you have given and to provide you with on site offers that are personalised to you. We do this either because it is necessary for the performance of our contract with you or because it is in our legitimate interests of providing an excellent service to give you information you want in a way that enables us to be a successful business.

We will also communicate with you by any means (including email) about changes to our terms and conditions, your contract with us or with the property owner or changes to our privacy or other policies that may affect you. This is on the basis of compliance with a legal obligation or because it is necessary to perform the contracts with you.

Marketing and sales materials

We will use your personal data to personalise our advertising and marketing in relation to future bookings or related products including insurance. We do this on the basis of your consent for text, email and telephone calls if you are registered on the TPS. You can withdraw this consent at any time through unsubscribe links, during a telephone conversation, by changing your preferences in your customer portal or by emailing dpo@sykescottages.co.uk For some postal communications and telephone calls where you are not registered with the TPS we rely on our legitimate interests as a growing business.

You may also be eligible to enter competitions or to take part in loyalty schemes. We will process your personal data to check your eligibility and to provide these services on the basis of it being in our legitimate interests as a company seeking to increase repeat custom through providing a service that customers want to use.

Marketing and sales materials for customers of businesses that we acquire

We rely on our legitimate interests as the acquirer of the business to process your personal data in line with the privacy policy of the company you have a contract with.

We are subject to legal obligations under the laws of the UK, Ireland, the EU and other countries. We may need to process your personal data to comply with these legal obligations from specific reporting that may be required from time to time to more general obligations in law. This may involve co-operating with public sector organisations such as government agencies, local government and regulators. This may include the Competition and Markets Authority, the UK Information Commissioner’s Office, HMRC and other tax authorities, the Irish Data Protection Commission, the Police or local councils.

We will process your personal data to manage payments, collections, fees and charges and debt recovery. This may involve third parties particularly where debt recovery is involved. We do this because it is necessary for the performance of our contract with you.

We may process your personal data for security purposes (including cyber security) and to generally administer our business including for group reorganisations, system maintenance and reporting, preparation of our accounts, the generation of aggregated information for public disclosure, training our staff, auditing of our accounts and processes, verification of compliance with laws and regulations and other internal administration. We do all of this on the basis of our legitimate interests as a business that wishes to grow and develop and also on the basis of legal obligations to which we are subject.

As a company using technology we have a strong legitimate interest in understanding consumer behaviour and we use various technologies to do so. This will not generally involve use of directly identifiable information such as your name or email address but may include use of IP addresses or cookie information (where you have not declined the use of cookies). We do this because it is in our legitimate interests both to improve the user experience but also to maintain the security of our systems.

Where you make a complaint or have a query, or where an owner raises issues with your behaviour during a rental period we will need to process your personal data to mediate between you and them. We do this because it is necessary to fulfil our booking conditions which are part of the contracts between us and you and you and the owner. Where you make queries we will also need to process your personal data to answer. We may use our call recordings for fact verification in customer service queries.

We may use your personal data to select people for user experience or market research related to our services, websites or customer services. We will generally provide you with further information about use of your data relating to the particular study we are carrying out at the time. We will not use your information for direct marketing purposes when we perform research. We do this on the basis of our legitimate interests in having robust information about our performance and future trends in the market.

Your Name, Contact Telephone Number, Postcode and Email Address will be shared with property owners on the basis that it is necessary to fulfil your contract with them. Your name and telephone number may be shared with trusted service providers, such as housekeepers or maintenance personnel, solely for the purpose of contacting you in the event of a delay or urgent issue at the property that requires your attention. This ensures we can keep you informed and provide timely assistance during your stay.

Other companies in the Group may receive your personal data either when necessary. Some of these companies may not be based in the EEA.

Our technology is often hosted in the cloud and we use a number of service providers such as Amazon, Microsoft and Salesforce to support our websites and other technology stacks. Generally speaking these companies will be data processors acting entirely on our instructions. Some of these companies will not be in the EEA.

We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information. The services they provide may be based outside the EEA.

This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.

We use specialist companies to process payment card details. Currently these include

• PayPal UK Ltd. Whittaker House, Whittaker Avenue, Richmond-Upon-Thames, Surrey, United Kingdom, TW9 1EH

• Sage Pay Europe Limited, North Park, Newcastle upon Tyne, NE13 9AA

• Syntec Ltd, 18 The Avenue, London W13 8PH

• Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We use many service providers to assist in our marketing efforts or to leave reviews. These include

• Emailcenter UK Limited, West Tithe, Pury Hill Business Park, Alderton Road, Towcester, Northamptonshire, NN12 7LS,

• Ant Marketing Limited, Antenna House, St Mary's Gate, Sheffield, S2 4QA,

• TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA,

• Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K.

• Voucher Express: Voucher Express, PO Box 93, Ripon, North Yorkshire, HG4 1WE

• Pure Print for DM - Pureprint Group

• Crowson House, Bolton Close, Bellbrook Park, Uckfield, East Sussex, TN22 1PH

• Salesforce UK, Heron Tower, 110 Bishopsgate, London EC2N 4AY

• Document Despatch Ltd, The Courtyard, 19-23 Homesteads Road, Basingstoke, RG22 5LQ

• The Organic Agency, Winslade House, Organic, Winslade Park Ave, Clyst St Mary, Exeter EX5 1FY

• Smash Marketing - Sapphire House, Roundtree Way, Norwich NR7 8SQ

• The Orange Cow Limited, The Old Bakery, High Street, Pitton, Wiltshire, SP5 1DQ

• Visit The Cotswolds, NHM Accounts Ltd, Redditch, England, B980DH.

• WOLFENDEN AGENCY LIMITED, Half Acre, Sheriff Lane, Eldwick, West Yorkshire, BD16 3ER

• Citypress Union, 2-10 Albert Square, Manchester M2 6LW

• Cardlytics UK Limited, 10 York Road, London, SE1 7ND.

Where necessary for the purposes of your or our insurance needs we will disclose your details to insurers, brokers and partners and may need to disclose it to our compliance partner or any organisation (such as the FOS or the FCA) that you may later complain to. These partners are:

• Advisory Insurance Brokers Limited (t/a Towergate Travel), 2 Minster Court, Mincing Lane, London, EC3R 7PD

• Campbell Irvine Limited, 52 Earls Court Road, London, W8 6EJ

• ITC Compliance Ltd, Monarch Court, The Brooms, Emersons Green, Bristol, BS16 7FH

• Pikl Insurance Services Ltd, Second Floor, The Atrium, Suite B St Georges St, Norwich NR3 1AB

These include but are not limited to AirBnB, Vrbo, Booking.com, TripAdvisor, Expedia and similar companies. They may pass the information on to other advertising partners.

Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change of ownership happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

If you want to know more about specific safeguards for your data in relation to international transfers please email dpo@sykescottages.co.uk

You have the right to ask us for a copy of the data we hold about you or any part of that data along with some further information about how we process it and keep it safe. We are allowed to ask you for more information about your identity and to ask you to narrow down your request to help us find your data. This right always applies but there are exemptions that mean you may not always receive all of the information we process and if you are a corporate owner (a company owns your property) the corporate owner cannot make an Access request. You cannot make an access request for someone else’s data without their written authorisation.

This is not a simple right and does not always apply. We have to erase your data if it is no longer needed for the purposes we collected it for or if you withdraw your consent where the processing is based on consent.

For people who have booked a rental through us we will not erase your data at all while the contract is still valid or if money is owed by us or by you. We will also not erase all of your data for six years because of the rules around corporate financial records. We will also not delete your data if there is an ongoing complaint, if there has been a complaint in the last year, or if we reasonably believe there may be legal action taken in relation to the contract by us, you or a third party.

We will not generally erase your data if you have booked a rental through us in the last 12 months.

We will erase your data if we have processed it unlawfully, if you have successfully objected to the processing of your data or if we have a legal obligation to do so.

If your main concern is about marketing communications you may want to tell us to stop sending you marketing communications instead and where this seems to be the reason for an erasure request we will always cease marketing while we discuss this with you.

You always have the right to require us to make sure that the data we hold about you is accurate. Please let us know if it is not and we will fix it. Where we disagree that it is wrong we will tell you why and give you the opportunity to provide evidence that we have made a mistake.

Where you have objected to our data processing and we are still in discussions or there is a dispute over the accuracy of the data or we have agreed our processing is unlawful but you wish to preserve evidence or you require the data for a legal claim you can ask us to restrict processing such that we can only continue to store it.

Where our basis for processing your data is for the performance of a contract or based on your consent you can ask us to provide your data in a machine readable format for transmission to another data controller.

Where our basis for processing your data is based on legitimate interests you can object at any time and the Data Protection Officer will consider whether the company has an overriding legitimate interest that would mean we would continue to process your data or whether we should stop. You should note that legal claims would generally be regarded as an overriding interest.

This is an absolute right and you can exercise it at any time by getting in touch with us.

If we have made a decision purely by automated means, generally meaning a computer made the decision, you can ask us to have that decision reviewed by a human. We will tell you when a decision has been made by purely automated means.

Where our processing is based on your consent then that consent can be withdrawn at any time. We will tell you when our processing is based on your consent.

Our trading brands are Best Escapes, Best of Suffolk, Carbis Bay Holidays, Coast & Country Cottages, Coast & Country Holidays, Cornish Cottage Holidays, Dream Cottages, Helpful Holidays, Hogans Irish Cottages, John Bray Cornish Holidays, Lake District Lodge Holidays, Lakelovers, Lyme Bay Holidays, Manor Cottages, Menai Holidays, Northumbria Coast & Country Cottages, Sykes Holiday Cottages, UK Lodge Breaks and Yorkshire Coastal Cottages.

Sykes Cottages Ltd, a company registered in England, with company number: 4469189 of 1 City Place, Chester, Cheshire, CH1 3BQ, (referred to as “Sykes”, “Sykes Cottages”, "we", "us" or "our" in this privacy notice) is the primary data controller in relation to your personal data. This means that we are responsible for your personal data.

We are part of a wider Group of companies including Forge Holiday Group Ltd, UKCaravans4hire.com Limited and Forest Holidays Limited and we sometimes use joint technology services to make data more secure, to make our technology better and quicker or to give you a better service. It doesn’t make a difference to the purposes we use your information for and our Group follow this privacy policy when looking after your data. Where we use these services we are joint data controllers with these companies and we have a binding agreement in place to operate to high standards of data protection.

Our Data Protection Officer is a staff member of Forge and its subsidiary companies and can be contacted using the details provided above.

We collect your personal details including your name, address, email addresses, telephone numbers, title and country of residence. Depending on your taxation or residency status we may also be required to collect your date of birth, your NI number or taxpayer identification number as well as any VAT numbers you may have and your country of residence and/or tax domicile. We also collect details about your property which will include the address and photographs and may include prospective, current and past properties you have let through us or may let through us. We sometimes collect or check this data using publicly accessible sources such as Companies House or the Land Registry. Any registration or licence numbers you have enabling you to let out a property may also be collected and displayed to the public. We will also sometimes need to collect copies of documentation such as passports or driving licences to verify your identity.

We make financial projections about the likely value of bookings for both you and for us in relation to your property. These are based on information we collect from you. We may make decision about what price we charge for our services or which service levels you are entitled to on an automated or manual basis depending on these projections.

We have to collect some of this data from you to create and maintain an account for you on our systems. We manage our interactions with you using an account system and we will tell you when information is required for us to provide our services rather than being a voluntary supply of data by you.

We create models and projections about your likely future behaviours by combining the data we have collected with aggregated data sets.

We collect financial data including transactions we have made with you, details of your tax status and your bank account details. We do not generally collect or retain payment card details as this processing is outsourced but we may (if you consent) retain an authorisation to charge a payment method.

We record and transcribe some calls to or from our call centre. This will include the number dialled or called from as well as the recording/transcript itself. We use these recordings and transcripts for training purposes, fact verification and to meet regulatory obligations in relation to selling insurance. In a similar way we may retain transcripts of live chats, text messages and other social media direct messaging that we send to you or you send to us.

We also collect data from you about other people such as those who manage your property. You are responsible for telling them you have given us their data our use of which is governed by this privacy policy.

We collect data for marketing and website management purposes including details of how you have used our website, your responses to surveys and feedback requests, your marketing preferences and your cookie consents.

We collect technical data including internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. Some of this data is used for website management and marketing purposes.

When things go wrong and we have to collect debts from you or take other legal action we may get information about other creditors you have and payments you make to them. We will receive this from IVA, bankruptcy or financial advisors as well as your legal representatives.

We also receive your information from third party lead generators, these include:

• Ant Marketing Ltd, Glenigan Limited, Company number 8249446 (England & Wales) Registered address: 80 Holdenhurst Road, Bournemouth, BH8 8AQ.

We may share your data with, and collect data from, Nibble Technology Limited where you interact with the 'Virtual Assistant' on our website. We and Nibble use this data to communicate with you in an efficient way and the data we collect from Nibble will depend on what you say when you interact with the Virtual Assistant.

We may rarely receive data from you about your health or about criminal convictions. You may also give us details of your relations such as spouses. We will only ever take this information from you with your consent.

We use your personal data to fulfil our contract with you as agent for letting your property out to holidaymakers. We do this because it is necessary for the performance of the contract to which both you and the holidaymaker are a party for the rental agreement as well as the contract between you and us as your agent.

We may use your personal data to introduce you to our insurance partner where you want this to happen. We do this because it is necessary as a step for you to form a contract with the insurance partner in the future.

We may provide you with access to an owner portal on our website and an owner app. These use your personal data to provide you with information about bookings, feedback, the performance of your properties and to provide you with general information. We do this either because it is necessary for the performance of our contract with you or because it is in our legitimate interests of providing a comprehensive owner service to give you information you want in a way that enables us to be a successful business.

We will also communicate with you by any means (including email) about changes to our terms and conditions, your contract with us or changes to our privacy or other policies that may affect you. This is on the basis of compliance with a legal obligation or because it is necessary to perform our contract with you.

Marketing and sales materials for prospective new owners

We will use your personal data to personalise our advertising and marketing in relation to you potentially letting your property through us. Where we send you marketing through texts, emails or by phoning you if you are registered on the TPS we do this on the basis of your consent. You can withdraw this consent at any time through unsubscribe links, during a telephone conversation or by emailing dpo@sykescottages.co.uk We may send you marketing through the post on the basis of our legitimate interest in growing our property offer and this will usually be the case when we call you (if not registered on the TPS) or where we have obtained your information from a publicly available source such as the Land Registry.

Once you book a visit to your property we are taking steps to offer you a contract and our lawful basis for communicating after this time is that it is necessary to form the contract.

Marketing and sales materials for existing owners

We will use your personal data to personalise our advertising and marketing in relation to retaining you as an owner and providing you with new services or options. We do this on the basis of your consent for text, email (including social media direct messaging such as WhatsApp) and telephone calls if you are registered on the TPS. You can withdraw this consent at any time through unsubscribe links, during a telephone conversation or by emailing dpo@sykescottages.co.uk For some postal communications and telephone calls where you are not registered with the TPS we rely on our legitimate interests as a growing business.

We aim to give you maximum control over your preferences and have enabled you to choose to receive:

• No marketing;
• Informational marketing relating to the performance of the holiday let sector and of Sykes, proposed legislation and regulations, free gifts and general updates that do not suggest any financial commitment by you;
• Commercial marketing where we will tell you about special offers, commercial options for your property such as new pricing opportunities or information about partnerships we have formed with other companies to enable you to take advantage of discounts.

You can change your preferences by communication channel and the above categories at any time in your owner portal.

You may also be eligible to enter competitions, to take part in loyalty schemes or you may be a key account for us. We will process your personal data to check your eligibility and to provide these services on the basis of it being in our legitimate interests as a company seeking to grow its available property stock.

Marketing and sales materials for owners in businesses that we acquire

We rely on our legitimate interests as the acquirer of the business to process your personal data in line with the privacy policy of the company you have a contract with.

We are subject to legal obligations under the laws of the UK, Ireland, the EU and other countries. We may need to process your personal data to comply with these legal obligations from specific reporting that may be required from time to time to more general obligations in law. This may involve co-operating with public sector organisations such as government agencies, local government and regulators. This may include the Competition and Markets Authority, the UK Information Commissioner’s Office, HMRC and other tax authorities, the Irish Data Protection Commission, the Police or local councils.

We will process your personal data to manage payments, collections, fees and charges and debt recovery. This may involve third parties particularly where debt recovery is involved. We do this because it is necessary for the performance of our contract with you.

We may process your personal data for security purposes (including cyber security) and to generally administer our business including for group reorganisations, system maintenance and reporting, preparation of our accounts, the generation of aggregated information for public disclosure, training our staff, auditing of our accounts and processes, verification of compliance with laws and regulations and other internal administration. We do all of this on the basis of our legitimate interests as a business that wishes to grow and develop and also on the basis of legal obligations to which we are subject.

As a company using technology we have a strong legitimate interest to understand consumer behaviour and we use various technologies to do so. This will not generally involve use of directly identifiable information such as your name or email address but may include use of IP addresses or cookie information (where you have not declined the use of cookies). We do this because it is in our legitimate interests both to improve the user experience but also to maintain the security of our systems.

Part of the Sykes service is the use of partner websites (for example Airbnb and booking.com) to advertise your property. Where any of the information relating to your property is your personal data this will involve them using this data on our behalf. This is necessary for us to perform our contract with you.

Where you make a complaint or have a query, or where a holidaymaker raises issues with one of your properties we will need to process your personal data to mediate between you and them. We do this because it is necessary to fulfil our booking conditions which are part of the contracts between us and you and you and the holidaymakers. Where you make queries we will also need to process your personal data to answer. We may use our call recordings for fact verification in customer service queries.

Where we provide managed services (cleaning, maintenance etc) to your property we will need to use your personal data to manage the contract with the managed services providers that we employ to fulfil our contract with you.

We may use your personal data to select people for user experience or market research related to our services, websites or customer services. We will generally provide you with further information about use of your data relating to the particular study we are carrying out at the time. We will not use your information for direct marketing purposes when we perform research. We do this on the basis of our legitimate interests in having robust information about our performance and future trends in the market.

Your Name, Contact Telephone Number, Postcode and Email Address will be shared with holidaymakers on the basis that it is necessary to fulfil your contract with them. If a holidaymaker requests your contact details as you are a data controller for their data we have to provide it as a legal obligation.

Other companies in the Group may receive your personal data either when necessary. Some of these companies may not be based in the EEA.

Our technology is often hosted in the cloud and we use a number of service providers such as Amazon, Microsoft and Salesforce to support our websites and other technology stacks. Generally speaking these companies will be data processors acting entirely on our instructions. Some of these companies will not be in the EEA.

We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information. The services they provide may be based outside the EEA.

This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.

We use specialist companies to process payment card details. Currently these include

• PayPal UK Ltd. Whittaker House, Whittaker Avenue, Richmond-Upon-Thames, Surrey, United Kingdom, TW9 1EH

• Sage Pay Europe Limited, North Park, Newcastle upon Tyne, NE13 9AA

• Syntec Ltd, 18 The Avenue, London W13 8PH

• Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We use many service providers to assist in our marketing efforts or to leave reviews. These include

• Emailcenter UK Limited, West Tithe, Pury Hill Business Park, Alderton Road, Towcester, Northamptonshire, NN12 7LS,

• Ant Marketing Limited, Antenna House, St Mary's Gate, Sheffield, S2 4QA,

• TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA,

• Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K.

• Voucher Express: Voucher Express, PO Box 93, Ripon, North Yorkshire, HG4 1WE

• Pure Print for DM - Pureprint Group, Crowson House, Bolton Close, Bellbrook Park, Uckfield, East Sussex, TN22 1PH

• Salesforce UK, Heron Tower, 110 Bishopsgate, London EC2N 4AY

• Document Despatch Ltd, The Courtyard, 19-23 Homesteads Road, Basingstoke, RG22 5LQ

• The Organic Agency, Winslade House, Organic, Winslade Park Ave, Clyst St Mary, Exeter EX5 1FY

• Smash Marketing - Sapphire House, Roundtree Way, Norwich NR7 8SQ

• The Orange Cow Limited, The Old Bakery, High Street, Pitton, Wiltshire, SP5 1DQ

• Visit The Cotswolds, NHM Accounts Ltd, Redditch, England, B980DH.

• WOLFENDEN AGENCY LIMITED, Half Acre, Sheriff Lane, Eldwick, West Yorkshire, BD16 3ER

• Citypress Union, 2-10 Albert Square, Manchester M2 6LW

Where necessary for the purposes of your or our insurance needs we will disclose your details to insurers, brokers and partners and may need to disclose it to our compliance partner or any organisation (such as the FOS or the FCA) that you may later complain to. These partners are:

• Advisory Insurance Brokers Limited (t/a Towergate Travel), 2 Minster Court, Mincing Lane, London, EC3R 7PD

• Campbell Irvine Limited, 52 Earls Court Road, London, W8 6EJ

• ITC Compliance Ltd, Monarch Court, The Brooms, Emersons Green, Bristol, BS16 7FH

• Pikl Insurance Services Ltd, Second Floor, The Atrium, Suite B St Georges St, Norwich NR3 1AB

These include but are not limited to AirBnB, Vrbo, Booking.com, TripAdviser, Expedia and similar companies. They may pass the information on to other advertising partners.

Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change of ownership happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

You have the right to ask us for a copy of the data we hold about you or any part of that data along with some further information about how we process it and keep it safe. We are allowed to ask you for more information about your identity and to ask you to narrow down your request to help us find your data. This right always applies but there are exemptions that mean you may not always receive all of the information we process and if you are a corporate owner (a company owns your property) the corporate owner cannot make an Access request. You cannot make an access request for someone else’s data without their written authorisation.

This is not a simple right and does not always apply. We have to erase your data if it is no longer needed for the purposes we collected it for or if you withdraw your consent where the processing is based on consent.

For prospective new owners who have not signed a contract with us this processing is based on your consent and we will erase your data on request.

For people who have signed a contract with us we will not erase your data at all while the contract is still valid or if money is owed by us or by you. We will also not erase all of your data for six years because of the rules around corporate financial records. We will also not delete your data if there is an ongoing complaint, if there has been a complaint in the last year, or if we reasonably believe there may be legal action taken in relation to the contract by us, you or a third party.

We will erase your data if we have processed it unlawfully, if you have successfully objected to the processing of your data or if we have a legal obligation to do so.

If your main concern is about marketing communications you may want to tell us to stop sending you marketing communications instead and where this seems to be the reason for an erasure request we will always cease marketing while we discuss this with you.

You always have the right to require us to make sure that the data we hold about you is accurate. Please let us know if it is not and we will fix it. Maybe give us a fighting chance of getting it right though by checking our details in your owner portal and keeping them up to date. Where we disagree that it is wrong we will tell you why and give you the opportunity to provide evidence that we have made a mistake.

Where you have objected to our data processing and we are still in discussions or there is a dispute over the accuracy of the data or we have agreed our processing is unlawful but you wish to preserve evidence or you require the data for a legal claim you can ask us to restrict processing such that we can only continue to store it.

Where our basis for processing your data is for the performance of a contract or based on your consent you can ask us to provide your data in a machine readable format for transmission to another data controller.

Where our basis for processing your data is based on legitimate interests you can object at any time and the Data Protection Officer will consider whether the company has an overriding legitimate interest that would mean we would continue to process your data or whether we should stop. You should note that legal claims would generally be regarded as an overriding interest.

This is an absolute right and you can exercise it at any time by getting in touch with us. Or (and this is probably easier) updating your preferences in your owner portal or in your owner app.

If we have made a decision purely by automated means, generally meaning a computer made the decision, you can ask us to have that decision reviewed by a human. We will tell you when a decision has been made by purely automated means.

Where our processing is based on your consent then that consent can be withdrawn at any time. We will tell you when our processing is based on your consent.