Privacy Policy
We are committed to protecting your personal information and being transparent about how we use it. This policy explains what data we collect, why we collect it, and your rights in relation to it.
1. Who we are
Nestia Stays is a short-term and serviced accommodation provider operating across the North East and Yorkshire. We are the data controller for the personal information collected through this website and through our booking and enquiry processes.
NESTIA STAYS LTD — Company number 16367798
Registered office address
Unit 3-4 Cranmere Court, Lustleigh Close, Marsh Barton Trading Estate, Exeter, England, EX2 8PW
Nestia Stays Ltd is registered with the Information Commissioner’s Office.
Throughout these Terms, “Nestia Stays”, “we”, “us” and “our” refer to Nestia Stays Ltd.
2. What information we collect
We collect personal information in the following ways:
Information you give us directly, including when you make a booking, submit an enquiry, or contact us by email, telephone, or through a form on this website. This may include:
- Your name and contact details (email address, phone number, postal address)
- Payment information (processed securely by Stripe — we do not store card details)
- Your booking dates, guest numbers, and any special requirements
- Government-issued identification where required for identity verification and fraud prevention
- Any correspondence you send us
Information collected automatically when you browse this website, including:
- Your IP address and browser type
- Pages visited and time spent on the site
- Referring website or search terms used to find us
- Cookie data (see our Cookie Policy for full details)
Information from third parties, such as booking platforms on which our properties are listed, where you make a reservation through that platform and they share your details with us to fulfil the booking.
3. How we use your information
| Purpose | Lawful basis |
|---|---|
| Processing and managing your booking, including sending confirmation, check-in details, and post-stay communications | Contract — necessary to fulfil the booking agreement |
| Identity verification and fraud prevention | Legitimate interests and legal obligation (where applicable) |
| Responding to enquiries and pre-booking communications | Legitimate interests — to respond to people who have contacted us |
| Processing payments securely via Stripe | Contract — necessary to fulfil the booking agreement |
| Sending you information about your stay, including house guides and local information | Contract / Legitimate interests |
| Improving our website and understanding how visitors use it (via Google Analytics) | Legitimate interests — to improve our service |
| Complying with legal and regulatory obligations | Legal obligation |
| Sending you marketing communications about our properties and offers (only where you have opted in) | Consent |
4. Marketing communications
We will only send you marketing emails or messages if you have given us your consent to do so. You can withdraw your consent at any time by clicking the unsubscribe link in any marketing email, or by contacting us directly.
We do not sell your personal information to third parties for marketing purposes.
5. Who we share your information with
We share your personal information only where necessary and with appropriate safeguards in place. Recipients may include:
- Guesty — our property management and booking platform, used to manage reservations and guest communications.
- Stripe — our payment processor. Stripe handles card data securely and in accordance with PCI DSS standards. We do not store payment card details.
- Google — for analytics and, where applicable, advertising services.
- Cleaning and maintenance contractors — we may share your check-in and check-out dates with our operational team to prepare your property. We do not share your contact details with contractors.
- Legal and regulatory authorities — where we are required to do so by law.
We do not sell, rent, or trade your personal information with any third party for commercial purposes.
6. CCTV
Some of our properties may use external CCTV or video doorbells for the purposes of crime prevention, guest safety and property security.
No cameras are installed inside guest accommodation.
Recordings are retained only for as long as reasonably necessary and may be shared with law enforcement where required.
7. International transfers
Some of the third-party services we use may process data outside the United Kingdom or European Economic Area. Where this is the case, we ensure that appropriate safeguards are in place, such as standard contractual clauses or reliance on adequacy decisions. For more information, please contact us.
8. How long we keep your information
We retain personal data only for as long as is necessary for the purposes set out in this policy, or as required by law. Our standard retention periods are:
- Booking records — retained for 7 years after the end of the financial year in which the booking took place, to meet our accounting and legal obligations.
- Enquiry records — retained for 2 years from the date of the enquiry, or until the enquiry is resolved.
- Marketing consent records — retained until you withdraw your consent.
- Website analytics data — retained in accordance with Google Analytics default retention settings (up to 26 months).
9. Keeping your data secure
We take appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure. These include:
- Secure HTTPS connections on this website.
- Payment processing handled entirely by Stripe, which is PCI DSS compliant.
- Access to personal data restricted to those who need it to carry out their role.
- Use of reputable third-party platforms with their own security certifications.
No method of data transmission over the internet is completely secure, and we cannot guarantee absolute security. If you believe your data has been compromised, please contact us immediately.
10. Your rights
Under UK data protection law (UK GDPR), you have the following rights in relation to your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure — you can ask us to delete your data where there is no longer a lawful reason for us to hold it.
- Right to restriction — you can ask us to restrict how we use your data in certain circumstances.
- Right to data portability — you can ask us to provide your data in a structured, machine-readable format.
- Right to object — you can object to us processing your data on the basis of legitimate interests, or for direct marketing.
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us using the details below. We will respond within one month. There is no charge for making a request.
11. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.
Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113
We would always prefer to resolve any concerns directly, so please contact us first and we will do our best to help.
12. Links to other websites
This website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies before providing any personal information.
13. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Any updates will be posted on this page with a revised date. We encourage you to review this policy periodically.
14. Contact us
If you have any questions about this privacy policy or how we handle your personal data, please get in touch.
