DATA PROTECTION AND PRIVACY POLICY

Last updated 24th March 2026

---

1. INTRODUCTION

1.1 My Getaways Limited ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and share your personal data when you use our website (www.mygetaways.co.uk), our mobile application ("App"), or any of our services (collectively, the "Services").

1.2 This Privacy Policy is provided in compliance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 ("DPA 2018"), and the Privacy and Electronic Communications Regulations 2003 ("PECR").

1.3 Please read this Privacy Policy carefully. By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use our Services.

1.4 This Privacy Policy applies to all users of our Services, including guests, property owners, website visitors, and any other individuals whose personal data we process.

2. DATA CONTROLLER

2.1 The data controller responsible for your personal data is:

My Getaways Limited
Company number: 09726775
Registered office: Unit 6 Ferry Wharf, Hove Enterprise Centre, Basin Road North, BN41 1BD, United Kingdom

2.2 If you have any questions about this Privacy Policy or our data protection practices, please contact our data protection contact at: hello@mygetaways.co.uk.

3. PERSONAL DATA WE COLLECT

We collect and process the following categories of personal data:

3.1 Guest Data

When you make a booking or enquiry, we collect:

3.1(a) Identity data: full name, date of birth (where required for age verification).

3.1(b) Contact data: email address, telephone number, postal address.

3.1(c) Booking data: booking dates, property details, group size, special requests, and booking reference numbers.

3.1(d) Financial data: payment card details (processed securely via Stripe in compliance with PCI DSS), bank details for refunds.

3.1(e) Communications data: records of correspondence between you and us, including emails, SMS messages, and telephone call records.

3.2 Property Owner Data

When you enter into a management agreement with us, we collect:

3.2(a) Identity data: full name, photographic identification (passport or driving licence).

3.2(b) Contact data: email address, telephone number, postal address.

3.2(c) Financial data: bank account details for rental payments, National Insurance number (required by HMRC for tax reporting purposes).

3.2(d) Property data: property address, ownership documents (Land Registry title, insurance certificates, solicitor letters, or mortgage correspondence).

3.2(e) Contractual data: details of our management agreement, commission rates, and service terms.

3.3 Technical and Usage Data

When you visit our website or use our App, we automatically collect:

3.3(a) Technical data: IP address (anonymised where possible), browser type and version, operating system, device identifiers, and time zone settings.

3.3(b) Usage data: pages visited, links clicked, time spent on pages, referring website, and navigation paths.

3.3(c) Cookie data: information collected through cookies and similar technologies. Please refer to our Cookie Policy for full details.

4. HOW WE COLLECT YOUR DATA

We collect personal data through the following means:

4(a) Direct interactions: when you make a booking, create an account, enter into a management agreement, contact us by email, telephone or post, or submit information through our website or App.

4(b) Automated technologies: as you interact with our website and App, we automatically collect technical and usage data through cookies, server logs, and similar technologies.

4(c) Third-party sources: we receive booking data from third-party booking platforms including (but not limited to) Booking.com, Airbnb, Expedia, and other online travel agents through which you may book our properties. The privacy policies of those platforms govern how they share your data with us.

5. LAWFUL BASES FOR PROCESSING

5.1 We only process your personal data where we have a lawful basis to do so under Article 6 of the UK GDPR. The lawful bases we rely on are:

5.1(a) Performance of a Contract (Article 6(1)(b))

We process your personal data where it is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract. This includes processing and managing your booking (including payment processing); communicating with you about your booking (confirmation, check-in instructions, changes); managing our agreement with property owners (rental payments, property management, reporting); and processing refunds and handling damages deposits.

5.1(b) Legitimate Interests (Article 6(1)(f))

We process your personal data where it is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. This includes maintaining the security and integrity of our website, App and Services; analysing website usage to improve our Services; fraud prevention and detection; sending you service-related communications (e.g. booking reminders, review requests); and enforcing our terms and conditions and protecting our legal rights.

5.1(c) Consent (Article 6(1)(a))

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. We rely on consent for sending you marketing emails about offers and promotions (you may opt out at any time); setting non-essential cookies and similar tracking technologies on your device; and processing any special category data (where applicable).

5.1(d) Legal Obligation (Article 6(1)(c))

We process your personal data where it is necessary to comply with a legal obligation, including tax reporting to HMRC (including collection and reporting of property owner National Insurance numbers); compliance with anti-money laundering regulations; and responding to lawful requests from regulatory authorities or courts.

6. HOW WE USE YOUR DATA

We use your personal data for the following purposes:

6(a) To process and manage bookings, including payment processing, confirmation, and guest communications.

6(b) To manage property owner agreements, including rental payments, tax reporting, and property management.

6(c) To provide customer support and respond to enquiries and complaints.

6(d) To maintain the security and functionality of our website and App.

6(e) To analyse website traffic and user behaviour to improve our Services.

6(f) To send you marketing communications where you have provided consent or where we have a legitimate interest to do so (and you have not opted out).

6(g) To comply with legal and regulatory obligations.

6(h) To prevent fraud and protect the safety and security of our guests, property owners, and properties.

7. WHO WE SHARE YOUR DATA WITH

7.1 We do not sell your personal data. We may share your personal data with the following categories of recipients where necessary:

7.1(a) Property owners and managers: to facilitate your booking and stay, we share relevant booking details with the property owner or their appointed representative.

7.1(b) Service providers: we use trusted third-party service providers to support our operations, including payment processors (Stripe), cleaning and housekeeping providers, maintenance contractors, and IT hosting providers. These providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection law.

7.1(c) Booking platforms: where your booking originates from a third-party platform (e.g. Booking.com, Airbnb), we may share relevant data back to that platform as required under our agreement with them.

7.1(d) Analytics and advertising providers: we use analytics services (including Google Analytics, with IP anonymisation enabled) and advertising platforms (including Meta, TikTok, Google, and LinkedIn) to understand how our Services are used and to deliver relevant advertising. These services use cookies and similar technologies, which require your consent as described in our Cookie Policy.

7.1(e) Professional advisers: our accountants, solicitors, and insurers where reasonably necessary.

7.1(f) HMRC and regulatory authorities: where required by law, including tax reporting obligations.

7.1(g) Law enforcement and courts: where required by law, court order, or regulatory requirement.

7.2 In the event of a merger, acquisition, reorganisation or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your data.

8. INTERNATIONAL TRANSFERS

8.1 Our primary servers and operations are based in the United Kingdom. However, some of our third-party service providers (including Google, Meta, Stripe, and other technology providers) may process your personal data outside the United Kingdom.

8.2 Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with Article 46 of the UK GDPR, including:

8.2(a) transfers to countries that the UK Government has determined provide an adequate level of data protection;

8.2(b) transfers subject to the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; or

8.2(c) transfers to organisations that have implemented binding corporate rules approved by a supervisory authority.

8.3 If you would like further information about the specific safeguards applied to international transfers of your data, please contact us at hello@mygetaways.co.uk.

9. DATA RETENTION

9.1 We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. The following retention periods apply:

9.1(a) Guest booking data: six (6) years from the date of your last booking, in line with the limitation period for contractual claims under the Limitation Act 1980.

9.1(b) Property owner data: six (6) years from the termination of the management agreement, or such longer period as required by HMRC for tax records.

9.1(c) Financial and tax records: seven (7) years, as required by HMRC.

9.1(d) Marketing consent records: for as long as you remain subscribed. If you unsubscribe, we will retain a record of your opt-out to ensure we do not contact you again.

9.1(e) Website analytics data: twenty-six (26) months (in line with Google Analytics default retention settings).

9.1(f) CCTV and noise monitoring data: thirty (30) days, unless required for longer in connection with a dispute or legal proceedings.

9.2 When your personal data is no longer required, we will securely delete or anonymise it.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Our website and App use cookies and similar tracking technologies. Strictly necessary cookies (those required for the website to function) are placed automatically. All other cookies, including analytics and advertising cookies, require your consent before they are placed on your device.

10.2 We use the following categories of cookies:

10.2(a) Strictly necessary cookies: required for the operation of our website (e.g. session management, security).

10.2(b) Analytics cookies: used to understand how visitors interact with our website (e.g. Google Analytics, with IP anonymisation enabled).

10.2(c) Advertising cookies: used by advertising platforms (including Meta Pixel, TikTok Pixel, Google Ads, and LinkedIn) to measure the effectiveness of our advertising campaigns and to deliver relevant advertisements.

10.3 You can manage your cookie preferences at any time through your browser settings or through the cookie consent mechanism on our website. For full details, please refer to our Cookie Policy.

11. YOUR RIGHTS

11.1 Under the UK GDPR, you have the following rights in relation to your personal data:

11.1(a) Right of access (Article 15): you have the right to request a copy of the personal data we hold about you.

11.1(b) Right to rectification (Article 16): you have the right to request that we correct any inaccurate or incomplete personal data.

11.1(c) Right to erasure (Article 17): you have the right to request that we delete your personal data, subject to certain legal exceptions (e.g. where we are required to retain it for tax or legal purposes).

11.1(d) Right to restriction of processing (Article 18): you have the right to request that we restrict the processing of your personal data in certain circumstances.

11.1(e) Right to data portability (Article 20): where we process your data on the basis of consent or contractual necessity, you have the right to receive your personal data in a structured, commonly used and machine-readable format.

11.1(f) Right to object (Article 21): you have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis. You also have the right to object to direct marketing at any time.

11.1(g) Right to withdraw consent: where we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

11.2 To exercise any of these rights, please submit a request by email to hello@mygetaways.co.uk with the subject line "Personal Data Request". We will respond to your request without undue delay and in any event within one (1) calendar month of receipt of your request. This period may be extended by a further two (2) months where the request is complex or we receive a number of requests, in which case we will inform you of the extension within one (1) month.

11.3 We may ask you to verify your identity before processing your request, to ensure the security of your data.

11.4 There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

12. DATA SECURITY

12.1 We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage, including:

12.1(a) encryption of data in transit (SSL/TLS) and at rest where appropriate;

12.1(b) PCI DSS-compliant payment processing through Stripe;

12.1(c) access controls limiting access to personal data to authorised personnel on a need-to-know basis;

12.1(d) regular security assessments of our systems and processes; and

12.1(e) contractual obligations on third-party processors to maintain appropriate security measures.

12.2 Whilst we take all reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

13. MARKETING COMMUNICATIONS

13.1 We may send you marketing communications about our Services, offers and promotions where:

13.1(a) you have provided your explicit consent to receive such communications; or

13.1(b) you are an existing customer and the communications relate to similar products or services to those you have previously booked (soft opt-in under Regulation 22 of PECR), and you have not opted out.

13.2 You can opt out of marketing communications at any time by:

13.2(a) clicking the unsubscribe link in any marketing email;

13.2(b) replying STOP to any marketing SMS message; or

13.2(c) contacting us at hello@mygetaways.co.uk.

13.3 Opting out of marketing communications will not affect service communications relating to your booking or account (e.g. booking confirmations, check-in instructions, and account notifications).

14. AUTOMATED DECISION-MAKING

14.1 We use dynamic pricing algorithms to set and adjust rental rates for properties. These algorithms process booking data, seasonal trends, local events, and market conditions. This processing does not involve decisions based solely on automated processing that produce legal effects or significantly affect you as an individual.

14.2 We do not use your personal data for any automated decision-making that has legal or similarly significant effects on you without human intervention.

15. CHILDREN'S DATA

15.1 Our Services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe that we have collected personal data from a child under 13, please contact us immediately at hello@mygetaways.co.uk and we will take steps to delete that data.

15.2 Bookings must be made by an individual aged 21 or over in accordance with our Booking Terms and Conditions.

16. THIRD-PARTY LINKS

16.1 Our website may contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

17. COMPLAINTS

17.1 If you have any concerns about how we process your personal data, we would appreciate the opportunity to address your concerns in the first instance. Please contact us at hello@mygetaways.co.uk.

17.2 You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk

18. CHANGES TO THIS PRIVACY POLICY

18.1 We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are significant, we will notify you by posting a prominent notice on our website or by sending you a direct communication. The date of the most recent update is shown at the top of this policy.

18.2 We encourage you to review this Privacy Policy periodically.

19. CONTACT US

19.1 If you have any questions about this Privacy Policy, or wish to exercise any of your data protection rights, please contact us:

My Getaways Limited
Unit 6 Ferry Wharf, Hove Enterprise Centre, Basin Road North, BN41 1BD
Email: hello@mygetaways.co.uk
Telephone: +44 (0)1273 917900