Privacy

Privacy policy

Last updated 14 July 2026

What we collect, why we collect it, how we protect it. No dark patterns.

1. Who we are

Beyond Stays Group Ltd is the data controller for personal data collected through this website (beyondstays.co.uk), our booking systems, and communications with you.

If you have any questions about this policy or your data, email matt@beyondstaysgroup.co.uk.

2. What we collect

We collect only what we need to handle your enquiry, take a booking, deliver the stay, and comply with the law. Specifically:

We do not knowingly collect data from anyone under 18. If you believe a minor has submitted data, contact us so we can delete it.

3. Why we use it

We do not use your data for third-party advertising and we do not sell it to anyone.

4. Lawful basis

We rely on the following lawful bases under UK GDPR:

5. Who we share it with

We share only what is necessary, and only with:

Where our service providers are outside the UK, we ensure appropriate safeguards are in place (Standard Contractual Clauses).

6. How long we keep it

7. Your rights

Under UK GDPR you have the right to:

To exercise any of these rights, email matt@beyondstaysgroup.co.uk. We respond within 30 days.

8. Security

Your data is stored on services with recognised security standards (Cloudflare, Google, Stripe, Guesty). Access to booking records is restricted to Beyond Stays operational staff. We use two-factor authentication on all admin accounts.

9. Changes to this policy

We may update this policy from time to time. The date at the top shows the last revision. Material changes will be signposted on the site.

Build · v0.1