Privacy Policy

Privacy Policy

Last Updated: Febuary 2026

Introduction

This Privacy Policy (“Policy”) explains how Rebel Stays (“Rebel Stays”, “we”, “our”, “us”) collects, uses, stores, and protects your personal information when you:

• Stay at one of our properties
• Use our website (the “Website”)
• Make a booking through us or via third-party platforms
• Interact with us through social media, email, messaging services, or other digital channels

We respect your privacy and are committed to safeguarding your personal data. We process personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Information We Collect

We may collect and process the following categories of personal data:

Personal Identification Information
Name, email address, postal address, phone number, date of birth, and where required by law, identification details such as passport or national ID information.

Payment Information
Credit/debit card details, billing address, and transaction details (usually processed securely via third-party payment providers).

Booking Information
Stay dates, number of guests, property preferences, special requests, and communication relating to your stay.

Technical Information
IP address, browser type, device information, operating system, and usage data collected via cookies and similar technologies.

Marketing & Feedback Data
Your communication preferences, responses to surveys, reviews, and feedback.

If you provide personal information about other individuals (for example, additional guests), you must ensure they are aware of this Policy and consent to their information being shared with us.

How We Use Your Information

We use your personal data for the following purposes:

• To process and manage bookings and payments
  Legal basis: Performance of a contract
• To communicate with you about your booking or stay
  Including via email, phone, SMS, or messaging services such as WhatsApp
  Legal basis: Performance of a contract
• To facilitate and personalise your stay
  Including handling preferences or special requests
  Legal basis: Legitimate interests / contract performance
• To comply with legal and regulatory obligations
  Such as identity verification, guest registration requirements, and tax compliance
  Legal basis: Legal obligation
• To improve our services and website
  Including analytics, service optimisation, and guest experience insights
  Legal basis: Legitimate interests
• To send marketing communications and promotional offers
  Where you have opted in to receive them
  Legal basis: Consent
• To request feedback and conduct guest surveys
• To maintain the safety and security of our properties, systems, and guests
  Including fraud prevention and investigation of misconduct
  Legal basis: Legitimate interests

Guests involved in serious misconduct (such as aggressive behaviour, property damage, theft, or non-payment) may be placed on a restricted guest list, which may prevent future bookings. You may contact us if you believe this has been applied in error.

Data Sharing & Third Parties

We do not sell your personal data. However, we may share it where necessary with:

• Booking platforms and channel managers
• Payment processors
• IT and system providers
• Customer support tools
• Marketing and email service providers
• Professional advisers (e.g. legal, accounting)
• Law enforcement or government authorities where required by law

Some service providers may process personal data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, including to meet legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and legal obligations.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, loss, misuse, alteration, or disclosure. Access to personal data is restricted to those who have a legitimate business need.

Your Rights

Under UK data protection law, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request erasure of your data (where legally permissible)
• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Request transfer of your data to you or another provider (data portability)
• Withdraw consent for marketing at any time

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Cookies & Tracking Technologies

Our Website uses cookies and similar technologies to improve functionality, analyse usage, and enhance user experience. For more information, please see our Cookie Policy.

Contact Us

If you have questions about this Privacy Policy, the personal data we hold about you, or wish to exercise your rights, please contact us:

Email: [privacy@rebelstays.co.uk]
Postal Address: [Insert registered business address]

If you are not satisfied with our response, you may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Policy Updates

We may update this Privacy Policy from time to time. Any changes will be posted on our Website with a revised “Last Updated” date. We encourage you to review this Policy periodically.

By using Rebel Stays’ services, you acknowledge this Privacy Policy.