Privacy Policy

1. Who we are

Comfortscape Ltd("we", "us", or "our") is the data controller for the personal information described in this Privacy Notice. We are a short-stay accommodation provider operating self-catering rentals in Swansea, the Mumbles, the Gower and Cardiff.

Company number: 17042349 (registered in England and Wales)

Registered address: 31 Haul Fryn, Swansea, Wales, SA7 9EB, United Kingdom

Website: https://www.comfortscape.co.uk

Privacy contact email: contact@comfortscape.co.uk

Privacy contact phone:+44 7572 968424

2. What this policy covers

This notice explains how and why we access, collect, store, use and share ("process") your personal information when you:

  • visit our website at https://www.comfortscape.co.uk or any related site that links to this notice;
  • enquire about, book, or stay at one of our properties (whether direct or through an Online Travel Agent (OTA) such as Airbnb or Booking.com);
  • communicate with us by phone, email or messaging;
  • receive marketing or service messages from us; or
  • are recorded by exterior CCTV at certain managed properties.

If you have any questions about this notice or how we handle your data, please email contact@comfortscape.co.uk.

3. Summary of key points

  • What personal information do we process? We collect identity, contact, booking, ID-verification, payment, communications and limited technical data. We do not store full payment-card numbers — these are handled by Stripe.
  • Do we process sensitive personal information? Only where you choose to provide health or accessibility information so we can accommodate your stay, and only with your explicit consent.
  • Do we receive information from third parties? Yes — limited information from OTAs (such as Airbnb or Booking.com) when you book through them, and from our property-management and automation tools (Hostaway, ChargeAutomation).
  • How do we process your information? To take and manage bookings, take payment, deliver and improve our services, communicate with you, comply with legal obligations, and prevent fraud and protect our property and guests.
  • With whom do we share your personal information? Specific service providers acting on our instructions: Stripe (payments), Hostaway (PMS / channel manager), ChargeAutomation (ID verification, automated guest communications), Xero (accounting), Mailchimp (marketing), Google Analytics (consent-based website analytics), and cleaning, linen and maintenance teams when needed to deliver your stay.
  • Do we sell your data? No. We do not sell your personal information.
  • International transfers? We do not routinely transfer personal data outside the UK / EEA. Where any of our processors do so, they rely on appropriate safeguards (such as the UK International Data Transfer Addendum or the EU Standard Contractual Clauses).
  • How do we keep your information safe? SSL encryption on the site, role-based access, multi-factor authentication, least-privilege controls, vendor encryption in transit and at rest, and staff training and confidentiality obligations.
  • What are your rights? Access, rectification, erasure, restriction, objection, portability, withdrawing consent, and the right to complain to the ICO.
  • How do you exercise your rights? Email contact@comfortscape.co.uk. We aim to respond within one month.

4. The data we collect

Depending on how you interact with us, we may collect the following categories of personal information:

  • Identity and contact data: name, email address, phone number, postal/billing address, names of additional guests on your booking, and contact preferences.
  • Booking data: property booked, dates of stay, arrival and departure times, special requests, and vehicle registration where you provide it.
  • ID and verification data: a copy of your ID or passport and the resulting verification status, where required for the booking (handled by ChargeAutomation).
  • Payment data: payments are processed by Stripe (sometimes via Hostaway or ChargeAutomation). We do not store full card numbers or CVVs. We may retain tokenised references, card type and the last 4 digits for refunds, chargebacks and our financial records.
  • Communications data: emails, messages, call notes, feedback, reviews and complaints.
  • Health and accessibility data: only if you choose to share it so that we can adapt your stay (for example, step-free access, allergens). We treat this as special-category data and process it only with your explicit consent. We delete it after your stay unless we are required to keep it by law.
  • Website / technical data: IP address, device and browser information, pages viewed, and analytics data (Google Analytics — only with your consent).
  • CCTV footage: exterior-only CCTV at certain managed properties; see Section 11 below.

5. How we collect your information

  • Directly from you — via our website, booking flow, email, phone or check-in messaging.
  • From OTAs (such as Airbnb or Booking.com) when you book through them.
  • From our property-management system and automation tools (Hostaway and ChargeAutomation), which receive booking, ID-verification and messaging data on our behalf.
  • Automatically through cookies and analytics, where you have given consent (see Section 9).

6. How and why we use your information (lawful bases)

The UK GDPR requires us to identify a lawful basis for each processing activity. We rely on the following:

  • Performance of a contract: to take payment, confirm and provide your accommodation, manage your stay and provide customer support.
  • Legal obligation: to keep accounting and tax records, comply with safety and lettings regulation, and respond to lawful requests from regulators or law enforcement.
  • Legitimate interests: to keep our properties and guests safe (including ID checks and exterior CCTV), to prevent and detect fraud, to send essential service communications about your booking, and to improve our services. We have balanced these interests against your rights and freedoms.
  • Consent: for marketing emails and SMS, non-essential cookies and analytics, and any health or accessibility information you choose to share with us. You can withdraw consent at any time.
  • Vital interests: in rare circumstances, to protect someone's life or physical safety (for example, a medical emergency on the property).

7. When and with whom we share your information

We share personal data only with parties who need it to deliver our services, and we have written agreements (data processing agreements) in place with our processors. The categories of recipients are:

  • OTAs: Airbnb, Booking.com and similar platforms when you book through them.
  • Property management / channel manager: Hostaway.
  • ID verification and guest automation: ChargeAutomation.
  • Payment processor: Stripe (directly or through Hostaway / ChargeAutomation).
  • Cleaning, linen and maintenance providers: only when necessary to deliver and turn over your stay.
  • Accounting: Xero.
  • Marketing tools: Mailchimp and ChargeAutomation, where you have opted in.
  • Website and analytics providers: Google Analytics — set only with your consent. We may also use Google Maps Platform APIs to display property locations and directions; Google may use limited location signals in the course of providing those maps.
  • Legal, regulatory and corporate parties: we may disclose information where required by law, in response to lawful requests from public authorities, or in connection with the sale, financing or restructuring of our business.

We do not sell your personal information.

8. Payments

  • Payments are processed by Stripe (and through Hostaway / ChargeAutomation where applicable).
  • We do not store full card numbers or CVVs. Stripe stores card data on our behalf using tokenisation.
  • We retain tokenised references, card type and the last 4 digits to process refunds, handle chargebacks and meet our accounting obligations.

9. Cookies and other tracking technologies

We use cookies and similar technologies to keep the site and your booking session secure, to remember your preferences, and — with your consent — for analytics.

When you first visit, our consent banner (Cookiebot / Complianz) lets you accept or reject non-essential cookies. Non-essential cookies, including Google Analytics, are only loaded after you give consent. You can change your choices at any time via the banner or your browser settings.

Cookie categories

  • Essential cookies: required for the site, checkout and booking session to function. Always active.
  • Analytics cookies (e.g. Google Analytics): help us understand site usage. Only set with your consent.
  • Marketing cookies (Mailchimp / ChargeAutomation tags, where used on-site): only set with your consent.

Example cookies in use

We will keep this list current as our consent management tool detects cookies on the site.

Cookie Purpose Duration Type Consent
_ga Google Analytics — site-usage analytics 13 months Third-party Consent
_gid Google Analytics — session analytics 24 hours Third-party Consent
_gat / GA throttling Google Analytics — performance throttling 1 minute Third-party Consent
__stripe_mid / __stripe_sid Stripe — fraud prevention and checkout 1 year / 30 minutes Third-party Essential
hostaway_session Hostaway — booking session Session First-party Essential

Do-Not-Track signals

There is currently no agreed standard for how websites should respond to Do-Not-Track (DNT) signals, so we do not respond to them. We honour the consent choices you make through our cookie banner instead.

10. Marketing

  • With your consent, we send marketing emails and SMS about stays, offers and updates.
  • We use Mailchimp and ChargeAutomation to send these messages.
  • You can opt out at any time via the unsubscribe link in any marketing message, or by contacting contact@comfortscape.co.uk.
  • Even after you opt out of marketing, we may still send you essential service messages about a booking (for example, check-in instructions or changes to your stay).

11. CCTV

  • We operate exterior-only CCTV at certain managed properties for the security of guests and property and for crime prevention.
  • Our CCTV does not record audio.
  • Signage is displayed at all monitored areas so you know CCTV is in operation.
  • Footage is typically retained for 30–60 days unless we need to keep it longer to investigate or report an incident, or to defend a legal claim.
  • Our lawful basis is legitimate interests (security, crime prevention and protecting our property and guests).

12. How long we keep your information

We only keep personal data for as long as we need it for the purposes set out above, or for as long as the law requires. The main retention periods are:

Category of data Retention period
Booking and financial records 6 years (UK tax / legal requirement)
ID-verification documents 30–90 days, unless required for an active issue or legal need
CCTV footage 30–60 days, unless retained for an incident
Marketing contacts Until you unsubscribe, or after 24 months of inactivity
Website / analytics data Up to 13 months (Google Analytics default)

When we no longer have a legitimate business or legal need to keep your information, we delete or anonymise it. Where deletion isn't immediately possible (for example, data held in backups), we securely isolate it from further processing until deletion is possible.

13. How we keep your information safe

We use appropriate organisational and technical security measures, including:

  • SSL / TLS encryption on our website;
  • role-based access and least-privilege permissions;
  • multi-factor authentication on key administrative accounts;
  • encryption in transit and at rest at our key vendors (Stripe, Hostaway, ChargeAutomation, Xero, Mailchimp);
  • written confidentiality and data protection terms with our staff and processors; and
  • staff training on privacy and security.

No system can be guaranteed 100% secure. Transmission of personal information over the internet is at your own risk and we ask you only to access our Services from a secure environment.

14. International transfers

We do not routinely transfer your personal data outside the UK or the EEA. Some of our processors (for example Google, Mailchimp and Stripe) are based in or process data in countries outside the UK / EEA. Where they do, the transfers are protected by appropriate safeguards under UK GDPR — typically the UK International Data Transfer Addendum or the EU Standard Contractual Clauses, together with technical safeguards such as encryption.

15. Your privacy rights

Under UK GDPR (and, where you are based in the EEA or Switzerland, equivalent local laws) you have the right to:

  • access the personal data we hold about you and receive a copy of it;
  • ask us to correct inaccurate or incomplete data;
  • ask us to erase your data, where the law allows;
  • restrict or object to the way we process your data;
  • ask us to transfer your data to you or another provider (data portability);
  • withdraw your consent at any time, where we rely on consent; and
  • not be subject to fully automated decisions that have a legal or similarly significant effect on you.

To exercise any of these rights, please email contact@comfortscape.co.uk. We will respond within one month, and may extend this by a further two months for complex or numerous requests (we will tell you if we need more time).

If you withdraw your consent, this will not affect the lawfulness of processing we carried out before you withdrew it, or any processing we are entitled to carry out under another lawful basis.

16. Children

Our Services are not directed at children. The minimum age to make a booking with us is 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will delete it. If you believe we may hold information about a child, please contact us at contact@comfortscape.co.uk.

17. Complaints

If you have a complaint about how we have handled your personal data, please contact us first at contact@comfortscape.co.uk so we can try to resolve it.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/. If you are based in the EEA, you can complain to your local data protection authority. If you are based in Switzerland, you can contact the Federal Data Protection and Information Commissioner.

18. Changes to this notice

We may update this Privacy Notice from time to time. The current version will always be posted on our website with the "Last updated" date at the top. If we make material changes, we will draw your attention to them — for example, by a banner on the site or a direct notification to active guests.

19. How to contact us

If you have any questions about this notice or our privacy practices, please contact us:

Email: contact@comfortscape.co.uk

Phone:+44 7572 968424

Post: Comfortscape Ltd, 31 Haul Fryn, Swansea, Wales, SA7 9EB, United Kingdom

Appendix A — Health and accessibility consent wording

"By providing health or accessibility information, you consent to us using it solely to accommodate your stay. We will not use it for any other purpose and will delete it after your stay unless required by law."

Appendix B — CCTV signage wording (A4 poster near entry points)

CCTV in operation.

Images are recorded for the safety and security of guests and property.

Controller: Comfortscape Ltd
Contact: contact@comfortscape.co.uk | +44 7572 968424
More info: https://www.comfortscape.co.uk/privacy-policy