Privacy Policy

Who we are

The Site is operated by Coolstays, a trading name of Coolstays Ltd, a company registered in England and Wales. Our company registration number is 7804381. Our registered office is at Nile House, Nile St, Brighton, BN1 1HW, UK. When this Privacy Policy mentions “Coolstays,” “we,” “us,” “our,” or “Data Controller” it refers to the Coolstays Ltd trading as Coolstays.

We are registered with the Information Commissioner’s Office as a data controller under number Z3404833.

This Privacy Policy sets out how we collect, process and protect any information (including personal data) that you give when you use this website, or communicate with us in any way.

This Privacy Policy applies to all users of our website and service, including property Owners or agents who advertise with us (“Owners”), website visitors who have registered for an account (“Webusers”) and website visitors who have not registered for an account (“Visitors”).

Use of this website is in accordance with our Terms of Use. By using our site you indicate that you agree to our Terms of Use and this Privacy Policy.

You must be over 18 years old to use our site and to make booking enquiries with Owners. By using our site you confirm that you are over 18 years of age.

If you have any questions about your personal data and this Privacy Policy you can contact us for more information any time by emailing privacy@coolstays.com or calling 01273 939 015.

Our Privacy Policy

We promise to keep your personal data safe and private, not to sell your personal data, and to give you a simple way to view and manage your marketing and communication choices at any time.

This Policy and the UK GDPR

The UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 set out how personal data must be handled in the United Kingdom. This Privacy Policy is designed to comply with these laws.

Personal data includes information commonly considered personal (e.g. names, physical addresses, email addresses), and also data such as IP addresses, behavioural data, location data, financial information, and more.

This Privacy Policy informs you about what kind of information we may collect, how we collect it, why we collect it, the legal basis for collecting it and your rights under the UK GDPR.

Changes to this Policy

We may change this Privacy Policy from time to time by updating this page. Any changes will be effective immediately upon notice which we may give by any means, including updating this page. You should revisit this page regularly to stay informed of the most up-to-date Privacy Policy.

This Privacy Policy was last updated 7th November 2025.

Information we collect

There are three categories of information we collect:

1. Information you give to us

a) Information necessary for use of the site.

We ask for this information when you use the site as it is required for proper performance of our contract with you and/or to comply with our legal obligations.

  1. Account information – When you register with us such as first name, last name and email address. (Lawful basis: Performance of a contract.)
  2. Listing information (if you are an Owner) – such as your address, your property address and geo-location, phone number. (Lawful basis: Performance of a contract.)
  3. Payment information – Payments are processed using our account at Stripe Inc. on their secure platform and will include the method, date and time, amount, card expiry date, billing postcode, your address and other related information. This information is required and necessary for performance of our contract with you. We do not have sight of the card number or CVV code at any time; these will be held securely by Stripe Inc who are audited and certified as a PCI Service Provider Level 1. (Lawful basis: Performance of a contract; legitimate interests in ensuring secure transactions; legal obligation for accounting/tax records.)
  4. Communications – If you contact us or use the site to contact Owners we collect information about the communication and any other information you choose to provide in that communication. (Lawful basis: Performance of a contract; legitimate interests (customer support).)

b) Information you choose to give us.

You can choose to give us additional information that is not essential for use of the site but will enhance your experience and help us provide a better service to you. This information is processed based on your consent (which you may withdraw at any time).

  1. Additional account information (for Owners) – such as a Twitter username, Facebook page or username, Instagram username.
  2. Booking information – If you confirm with us that you have made a booking, we will collect this information along with any personal data you may give to us.
  3. Review information – If you submit a review on the site we will collect this information and any personal data you may include in the review and this will be publicly available on the site (once published). We will also publish your name on the review but we give you the option of entering a public profile name that can be different to your full legal name.
  4. Other information – If you fill out any form on the site or third party sites we may direct you to such as Typeform surveys or Zendesk helpdesk, you are choosing to give us this information.

(Lawful basis (i–iv): Consent; legitimate interests in improving our services.)

2. Information we automatically collect from your use of the website

When you use the website we automatically collect information, including personal data. This information is necessary for the performance of the contract between you and us, and given our legitimate interest to improve the functionality and security of the site and provide you with a good service.

  1. Site Usage Information – We collect information about pages you visit, your searches, enquiries you make, things you save to your wishlists, and other actions. (Lawful basis: Legitimate interests (service operation and improvement).)
  2. Geolocation information – We collect information that includes your IP address and this can be used to determine your approximate location. (Lawful basis: Legitimate interests (fraud prevention; localised content).)
  3. Log data and device information – We collect log data and device information for when you use the site, even if you are not logged in or registered for an account with us. This information is vital to us to prevent fraudulent or malicious use of the site. (Lawful basis: Legitimate interests (security and fraud prevention).)
  4. Cookies – We use cookies and similar tracking technologies on the site and in our emails, such as pixels and web beacons, to analyze trends and movements around the site, serve targeted advertisements, gather demographic information about our user base as a whole, and to tell us when emails we send have been delivered or viewed and links in them clicked. We also partner with third parties to display advertising on our website or to manage and serve our advertising on other sites. You can control the use of cookies on your browser, including disabling use of cookies, but please note that since uniform standards for “Do Not Track” or “DNT” signals have not been adopted, our websites do not currently process or respond to “DNT” signals. Our third party partners may use cookies or similar tracking technologies in order to provide you advertising or other content based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click http://www.youronlinechoices.eu/. For more information about the cookies we use please see our Cookies page at https://www.coolstays.com/cookies (Lawful basis: Consent (for non-essential cookies/marketing); legitimate interests (for strictly necessary cookies).)
  5. Payment information (for Owners) – We collect information related to your payments for services provided including the method, date and time, amount, card expiry date, billing postcode, bank account information (IBAN, SWIFT code, etc), your address and other related information. This information is required and necessary for performance of our contract with you. Card payments are processed securely using our account at Stripe Inc. and will include the method, date and time, amount, card expiry date, card number, CVV code and billing postcode. It may also include your address and other related information. This information is required and necessary for performance of our contract with you. We do not have sight of the card number or CVV code at any time; these will be held securely by Stripe Inc who are audited and certified as a PCI Service Provider Level 1. (Lawful basis: Performance of a contract; legal obligation (records).)
  6. Payment information (for Voucher purchasers) – We collect information required to process a payment when you purchase a Voucher on our voucher sales page. Payments are processed securely using our account at Stripe Inc. and will include the method, date and time, amount, card expiry date, billing postcode, your address and other related information. This information is required and necessary for performance of our contract with you. We do not have sight of the card number or CVV code at any time, but this will be held securely by Stripe Inc who are audited and certified as a PCI Service Provider Level 1. (Lawful basis: Performance of a contract; legal obligation (records).)
  7. Voucher Redeem information for Voucher Holders – We collect information required to process a voucher refund using a secure form at https://vouchers.coolstays.com/redeem/ where we ask for your booking information, your name and contact email/phone, and your bank account information for the voucher refund payment. (Lawful basis: Performance of a contract; legal obligation (records).)
3. Information we collect from third parties

We may collect personal data that other site users may submit to us when they use the website and communicate with us, or we may obtain information from other third parties as detailed below. We have no control over how these third parties may themselves control or process this information and any information request relating to the data they might provide to us must be directed to that third party.

  1. Third party services – if you login or connect to us using Facebook, Google or Apple, they may send us information such as your registration and profile information. This information is controlled by the third party and you authorise its processing by us when you connect using their service and via the privacy settings in your account with them. (Lawful basis: Performance of a contract (account access you requested); Consent (as configured in third-party settings).)
  2. Reviews – (for Owners) If someone has written a review about your property it may contain your personal data. You will be notified when a review is published about your property and you will have the opportunity to request removal. (Lawful basis: Legitimate interests (operating a reviews platform) balanced with your rights.)
  3. Third party booking information – We may receive personally identifiable information (PII) contained in data feeds that we use to display up-to-date accommodation calendar availability information. Where we receive such PII it is processed according to the ‘data minimisation’ principles, whereby we will delete the personal data not required and keep only the minimum data needed to provide calendar availability functionality. (Lawful basis: Legitimate interests (accurate availability information); Performance of a contract.)

How we use this information

  1. To communicate with Webusers and Owners and provide customer support. (Lawful basis: Contract/legitimate interests)
  2. To send you information and promotional material to you by email. You will only receive this information if you have positively opted in and you can stop receiving this content at any time. (Lawful basis: Consent)
  3. To send you alerts and notifications by email based on transactions you make on the site – such as making an enquiry, adding or modifying a wishlist or leaving a review. These are essential for the performance of our contract and you cannot opt out of receiving these messages, but you will only receive them if you make such transactions. (Lawful basis: Contract)
  4. To charge and collect money from our customers. This includes sending you notices and alerts by email or telephoning. We use a third party (Stripe) for secure card payment processing, and we send billing information to them for processing orders and payments. We use third party accounting systems (Quickbooks) to manage our financial accounts. We send them billing information for this purpose. We may send messages to you directly from Quickbooks email system. Quickbooks also offer payment for invoices by card using Paypal. (Lawful basis: Contract/legal obligation)
  5. To provide, support and improve the website and service to you. This may include sharing your personal data with third party service providers to provide and support our service and make certain features available to you. We ensure your data is protected by ensuring all third parties we may use have entered into a contract to only use your data as is necessary and in a manner that is consistent with this Privacy Policy. (Lawful basis: Legitimate interests)
  6. To provide suggestions to you. We use data to suggest properties or other content that we think will be of interest to you. For example suggesting properties similar to those you may have made an enquiry at, or that are on your wishlist. (Lawful basis: Legitimate interests; not solely automated with legal or similarly significant effects.)
  7. To enforce compliance with our Terms of Use and applicable law. This includes storing server log data that help us prevent site misuse and violation. (Lawful basis: Legitimate interests/legal obligation)
  8. To protect the rights and safety of our customers, site visitors and third parties. (Lawful basis: Legitimate interests)
  9. To meet legal requirements, comply with the law, court orders, respond to legal requests or an official investigation. (Lawful basis: Legal obligation)
  10. To provide information to our advisors or agents, such as lawyers and accountants. (Lawful basis: Legitimate interests/legal obligation)
  11. We may share your data with a third party if we choose to sell, transfer or merge part or all of our business – or we seek to acquire another business or merge with them. We will only share your data with a third party in this case if they agree to keep your data safe and private and have the appropriate safeguards in place. In any such event we will notify you of the change either by sending you an email or posting a notice on our Website. (Lawful basis: Legitimate interests/legal obligation)

Summary of our Legal Bases for Processing

Processing Purpose Example Activities Lawful Basis under UK GDPR Typical Data Categories
Account creation & management Registration, login, profile updates Performance of a contract Name, email, login details
Property listing & promotion Owner registration, listing uploads Performance of a contract Owner contact details, property info
Guest enquiries & bookings Messaging, confirmation Performance of a contract Guest name, contact, booking details
Payments & invoicing Stripe/Revolut transactions, Accounting Contract / Legal obligation Billing info, payment details
Marketing communications Newsletters, promotions Consent Contact info, preferences
Analytics & improvement Site analytics (Hotjar, GA) Legitimate interests IP, device, session data
Customer support Helpdesk interactions Legitimate interests Email, ticket content
Legal compliance Record-keeping, regulatory requests Legal obligation Various
Security & fraud prevention Monitoring, logs Legitimate interests / Legal obligation IP, device data

(This table supplements the detailed explanations above.)

Third party links

Coolstays includes links to third party websites including property Owner websites, affiliate partner websites (such as Booking.com), social media sites (such as Facebook or Instagram) and other websites. We do not control these sites and when you visit them you may be providing personal data to the third party. The third party’s use of your information will be governed by their own Privacy Policy which we recommend you review. We do not accept any responsibility or liability for their policies whatsoever.

Recipients of your data (Who we share it with)

  1. Other Site Users:

    1. Making an Enquiry – If you interact with the site to make a booking enquiry with a property owner or agent, we will share with that owner/agent any information you need to provide such as your name, your email address, dates of your proposed stay, how many people are in your group. This is necessary for the adequate performance of our contract with you. When you make a booking enquiry you may choose to provide further information in the contact form and any subsequent message using our messaging system such as your phone number and any other personal data you choose. This information is provided with your consent.
    2. Confirming a booking – If you confirm to us that you have made a booking at a property we list, we will share that booking information with the property owner/agent, including your name, email address, booked dates and booking value. This information is provided with your consent.
    3. Leaving a review – If you choose to leave a review on the site for a property you have stayed at, we may publish this information on the site and it will be visible to all site users and the general public. We will publish your “public name” which is your name as provided to us on registration or a pseudonym if you choose to change it (your “public name”). We will also publish the star rating and any other information you choose to provide. By leaving a review you acknowledge and agree that this information is provided and may be published with your consent.
    4. Uploading Property Information – If you are a property owner or agent your use of the site is governed by the Owner Terms, to which you must agree in order to use our service to promote your property. Any information you upload to our Owners Area may include your personal data and may be provided to the Webusers and the general public as displayed on your property listing with your consent. You always have the opportunity to review the listing and can request changes or removal to this information at any time.
    5. Responding to an Enquiry – If you are a property owner or agent, when you respond to an enquiry from a Webuser using our messaging system, any information you submit (including personal data you choose to submit) will be provided to the enquirer and will be stored on our platform for review by that Webuser at any time. This information is provided by you with your consent.

  2. Our Employees and Contractors: Your data will be shared with our employees, contractors and agents who all enable us to provide the service. We need to share this information in order to ensure the adequate performance of our contract with you. Such recipients will have entered into a contract to keep your data safe and private and in a manner that is consistent with this Privacy Policy.

  3. Service Providers:

    a) Third Party Processors (TTPs) – We use a variety of third party data processors to help us provide and support our services. We need to share information with them in order to ensure the adequate performance of our contract with you. These would be classed as “data processors” under UK GDPR. Examples include payment processors, hosting providers, email delivery systems, site usage analysis services, helpdesk systems and content delivery services. All third party processors we use enter into a contract that requires them to use your personal data only for the provision of services to us and in a manner that is consistent with this Privacy Policy. A full list of TPPs we use can be found at https://www.coolstays.com/data-processors/

    b) Review platforms – If you use the site to make an enquiry we may share your name, email address and the property you made an enquiry at with Feefo, who will send you an email on our behalf asking you to complete a review. Our legal basis for doing this is our legitimate interest in asking for feedback in order to improve our products and services. If you choose to leave a review on the Feefo platform, Feefo would be the “data controller” of the feedback they receive from you and that data would be held in accordance with their own Privacy Policy.

  4. Other Third Parties: We may share your data with a third party if we choose to sell, transfer or merge part or all of our business – or we seek to acquire another business or merge with them. We will only share your data with a third party in this case if they agree to keep your data safe and private and have the appropriate safeguards in place.

Data Processing Agreement with Owners

Where personal data is shared between Coolstays and property Owners or agents for the purposes of advertising, enquiries, and bookings, that processing is governed by our Data Processing Agreement for Owners, which forms part of the Coolstays Owner Terms. This agreement sets out the respective roles and responsibilities of each party under the UK GDPR, including how Owners must safeguard guest information and respond to data-subject rights.

Transfers to third party processors outside the UK/EEA

We are a UK registered company, operating in the UK and our website and service is available to anyone worldwide. We use a number of Third Party Processors (TPPs) to enable us to provide and support the website and service to our Owners, Webusers and Visitors. Some of these TPPs are based outside the United Kingdom and/or the European Economic Area (EEA) and data may be processed on servers located internationally. We only use TPPs who we are confident have the appropriate safeguards in place and they are contractually bound to protect and use it only for the purposes for which it was transferred, consistent with this Privacy Policy.

A full list of TPPs we use can be found at https://www.coolstays.com/data-processors/

International transfer safeguards: Where personal data is transferred outside the UK/EEA, we rely on one or more of the following: UK Government adequacy regulations, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or other ICO-approved safeguards.

Your rights

The UK GDPR provides the following rights for individuals:

  1. Right to be informed – You have the right to be informed about the collection and use of personal data. This Privacy Policy should contain all the information you need for you to exercise this right.
  2. Right of access – You have the right to access your personal data and supplementary information. You can access and update some of your personal data through your account settings. If you have chosen to register and log in via Facebook, Google or Apple you can manage those permissions in your account settings with those providers.
  3. Right to rectification – You have the right to ask us to have inaccurate personal data rectified, or completed if it is incomplete, where you cannot do this yourself in your account settings.
  4. Right to erasure – You have a right to have your personal data erased (“right to be forgotten”). You can ask us to delete your data by emailing us at privacy@coolstays.com. We will respond to a request for erasure within one month (or within three months for complex requests) and may ask you to verify your identity.
  5. Right to restrict processing – In certain circumstances, you have a right to restrict the way we may process your personal data, as an alternative to erasing it, if you have a particular reason for wanting it restricted.
  6. Right to data portability – Your right to data portability entitles you to obtain personal data you have provided to us – in a commonly used, structured format – and request that we send it to another service provider (if technically feasible).
  7. Right to object or withdraw consent – You have the right to object to our processing of your personal data where the use is based on our legitimate interests (including profiling), or where it is used for direct marketing. You may at any time ask us to stop processing of your information for direct marketing purposes, by emailing us at privacy@coolstays.com or by changing the email preference settings in your account. You may withdraw consent at any time where we rely on consent.

You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk | 0303 123 1113.

How long we may keep your data

We generally retain your information for as long as your account is active or as long as necessary to provide you with our service. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.

Typical retention periods:

  • Booking/financial records: 6–7 years (tax/accounting)
  • Owner account and property data: duration of listing + up to 6 years
  • Support correspondence: up to 3 years
  • Marketing preferences: until you opt out
  • Analytics/cookies: up to 24 months

When data is no longer required it will be securely deleted or anonymised.

Summary of Data Retention and Deletion Periods
Data Category Typical Retention Period Deletion / Anonymisation Method Legal / Business Reason
Website Accounts (Guests & Owners) While account is active, then up to 6 years after closure Account and personal details deleted or anonymised after 6 years Contract and legitimate interests – manage accounts, prevent fraud, legal claims limitation
Guest Enquiry Data Up to 6 years from enquiry date Personal details deleted or anonymised after 6 years; anonymised metadata retained for statistics Legitimate interests – dispute handling, fraud prevention, and record keeping (UK Limitation Act 1980)
Booking Data Up to 6 years from booking date Deleted or anonymised after 6 years Contract and legal obligation – accounting, tax and legal compliance
Owner Listing and Payment Records Up to 6 years after termination of listing or final payment Deleted or anonymised after 6 years Contract and legal obligation – financial record keeping, audit, and compliance
Customer Support and Complaint Records Up to 6 years from resolution Deleted or anonymised after 6 years Legitimate interests – resolve disputes, monitor service quality, defend legal claims
Marketing and Newsletter Subscribers Until consent withdrawn or inactivity for 2 years Deleted from mailing lists or anonymised upon unsubscribe Consent – marketing communications; legitimate interests – record of consent
Analytics and Website Usage Data Retained in anonymised or aggregated form Anonymised immediately or after session ends Legitimate interests – improve website and service performance
Cookies and Tracking Data Duration set per cookie (typically up to 2 years) Automatically deleted or user-controlled Consent and legitimate interests – functionality, analytics, advertising
Financial and Transaction Data Up to 6 years from transaction Deleted or anonymised after 6 years Legal obligation – accounting and HMRC compliance
Employee or Contractor Data During engagement and up to 6 years after leaving Deleted or anonymised after 6 years Legal obligation – employment and tax record retention

(Where immediate deletion is not technically possible, data is securely archived until automatic purge schedules apply.)

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online, including encrypted connections (HTTPS/TLS), access controls, monitoring and regular reviews.

Data breaches

We maintain procedures to detect, investigate and report personal-data breaches. If a breach is likely to result in a risk to your rights and freedoms, we will notify the ICO and affected individuals without undue delay, in accordance with Articles 33–34 of the UK GDPR.

Automated decision-making

We do not perform automated decision-making that has legal or similarly significant effects on individuals. If this changes, we will update this Privacy Policy and provide you with information about the logic involved and the potential consequences.

Contact

If you have any questions about this Privacy Policy or our data-protection practices, please contact us via email - privacy@coolstays.com

Type a location / facility to get started