Consumer and website privacy policy

Hello there and welcome to the Sykes Cottages Ltd privacy notice. We’re not asking you to agree to this notice or hiding anything in it that should be elsewhere, we’re just using this space to tell you what we are doing with your personal information. We hope we’re doing this in a friendly and plain English way but if anything isn’t clear or you want to know more we’ll tell you how you can ask us a question later. Where we say Sykes Cottages or Sykes, we, our or us in the rest of this notice we mean Sykes Cottages Ltd, it saves us typing it out every time.

There tend to be two groups of people that need to look at our privacy notice, people that want to book a holiday (Holidaymakers) and people that own holiday cottages on our website (Owners). After a bit of explanation in this top section we give you a privacy policy each to make it easier to read.

We want people to understand this so we have written this in a layered format. We want you to be excited about the whole thing (well our DPO does anyway) but we try and make it easy for you just to read a bit of it if that is all you want. We give you a heading so you can find what you want more quickly, then we give you a plain English bit to explain what we are doing then there is the legal language that our legal team make us use because the GDPR says we have to. We hope you find what you need in the plain English bit but if you want the details they are here, just click for more information where you need it and it will drop down before your very eyes like magic. Or like the internet. Same thing.

We hope you find this easy to read and you feel happy with what we are doing.

If you have questions after reading this please email dpo@sykescottages.co.uk and we will get back to you as soon as we can.

We last changed this policy on and it is version 2.0

Holidaymaker Privacy Policy

Who we are

The data controller for your personal information is Sykes Cottages Ltd (Sykes) who operate through a number of brands and companies who together make up the Sykes Group.

read more...

Our trading brands are Best Escapes, Cornish Cottage Holidays, Helpful Holidays, Hogans Irish Cottages, Manor Cottages, Dream Cottages, Coast & Country Cottages, Menai Holiday Cottages, Yorkshire Coastal Cottages, Welsh Coast & Country, LakeLovers, , Carbis Bay Holidays, Lake District Lodge Holidays, John Bray Cornish Holidays, Best of Suffolk, Abersoch Quality Homes and Northumbria Coast and Country Cottages, Lyme Bay Holidays.

Sykes Cottages Ltd, a company registered in England, with company number: 4469189 of 1 City Place, Chester, Cheshire, CH1 3BQ, (referred to as “Sykes”, “Sykes Cottages”, "we", "us" or "our" in this privacy notice) is the primary data controller in relation to your personal data. This means that we are responsible for your personal data.

We are part of a wider Group of companies including Forge Holiday Group Ltd, UKCaravans4hire.com Limited and Forest Holidays Limited and we sometimes use joint technology services to make data more secure, to make our technology better and quicker or to give you a better service. It doesn’t make a difference to the purposes we use your information for and our Group follow this privacy policy when looking after your data. Where we use these services we are joint data controllers with these companies and we have a binding agreement in place to operate to high standards of data protection.

Our contact details

While we have many local offices, for privacy queries our correspondence address is One City Place, Chester, Cheshire, CH1 3BQ, United Kingdom and the email address to contact is dpo@sykescottages.co.uk

read more...

Our Data Protection Officer is a staff member of Forge and its subsidiary companies and can be contacted using the details provided above.

Our relationship with you as a data controller and data subject

When you are booking holidays through our website Sykes is the data controller and you are a data subject

read more...

When you book a holiday through us you have a contract with us for booking services and a contract with the property owner in relation to the property rental. Our property owners are separate data controllers and we will share your details with them to facilitate this contract.

The data we collect from you
Personal data

We collect your personal details including your name, address, email addresses, telephone numbers, title and country of residence. If you enter a competition or interact with us on social media we may collect your social media identifiers. We sometimes check this data using publicly accessible sources used to verify identity.

If you are part of a group of travellers we may collect personal details of members of your party. It is your responsibility as the lead booker to inform them of this privacy policy and that you have provided their data.

We have to collect some of this data from you to create and maintain an account for you on our systems. We manage our interactions with you using an account system and we will tell you when information is required for us to provide our services rather than voluntary.

We collect financial data including transactions we have made with you but we do not generally collect or retain payment card details as this processing is outsourced but we may (if you consent) retain an authorisation to charge a payment method.

We record some calls to or from our call centre. This will include the number dialled or called from as well as the recording itself. We use these recordings for training purposes, fact verification and to meet regulatory obligations in relation to selling insurance. In a similar way we retain transcripts of live chats, text messages and other social media direct messaging that we send to you or you send to us.

If you have booked with us through another website such as Airbnb or booking.com then we will receive data from them rather than collecting it from you directly. The data we receive depends on the relevant website and their own privacy policy.

We also collect data from you about other people who are in your travelling party. You are responsible for telling them you have given us their data our use of which is governed by this privacy policy. Where you provide us with information about children you are responsible for gaining the relevant consent from them or their parents/guardians.

We collect data for marketing and website management purposes including details of how you have used our website, your responses to surveys and feedback requests, your marketing preferences and your cookie consents.

We collect technical data including internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. Some of this data is used for website management and marketing purposes.

When things go wrong and we have to collect debts from you or take other legal action we may get information about other creditors you have and payments you make to them. We will receive this from IVA, bankruptcy or financial advisors as well as your legal representatives.

Special category data

We may rarely receive data from you about your health or about criminal convictions. You may also give us details of your relations such as spouses. We will only ever take this information from you with your consent or if there is an exemption in law such as the protection of public health in a pandemic.

What we do with your data and our lawful bases for doing so
Providing our services to you

We use your personal data to fulfil our contract with you as a booking agent and to assist with fulfilling the contract between you and the property owner. We do this because it is necessary for the performance of the contract to which both you and the owner are a party for the rental agreement as well as the contract between you and us as the booking agent you have made your booking through.

We may use your personal data to sell you insurance from our insurance partner where you want this to happen. We do this because it is necessary as a step for you to form a contract with the insurance partner in the future.

We may provide you with access to a customer portal on our website and you can also access your data through our app. This uses your personal data to provide you with information about your bookings and the feedback you have given and to provide you with on site offers that are personalised to you. We do this either because it is necessary for the performance of our contract with you or because it is in our legitimate interests of providing an excellent service to give you information you want in a way that enables us to be a successful business.

We will also communicate with you by any means (including email) about changes to our terms and conditions, your contract with us or with the property owner or changes to our privacy or other policies that may affect you. This is on the basis of compliance with a legal obligation or because it is necessary to perform the contracts with you.

Sending you information and advertising our services and performance

Marketing and sales materials

We will use your personal data to personalise our advertising and marketing in relation to future bookings or related products including insurance. We do this on the basis of your consent for text, email and telephone calls if you are registered on the TPS. You can withdraw this consent at any time through unsubscribe links, during a telephone conversation, by changing your preferences in your customer portal or by emailing dpo@sykescottages.co.uk For some postal communications and telephone calls where you are not registered with the TPS we rely on our legitimate interests as a growing business.

You may also be eligible to enter competitions or to take part in loyalty schemes. We will process your personal data to check your eligibility and to provide these services on the basis of it being in our legitimate interests as a company seeking to increase repeat custom through providing a service that customers want to use.

Marketing and sales materials for customers of businesses that we acquire

We rely on our legitimate interests as the acquirer of the business to process your personal data in line with the privacy policy of the company you have a contract with.

Our legal obligations

We are subject to legal obligations under the laws of the UK, Ireland, the EU and other countries. We may need to process your personal data to comply with these legal obligations from specific reporting that may be required from time to time to more general obligations in law. This may involve co-operating with public sector organisations such as government agencies, local government and regulators. This may include the Competition and Markets Authority, the UK Information Commissioner’s Office, HMRC and other tax authorities, the Irish Data Protection Commission, the Police or local councils.

Financial information

We will process your personal data to manage payments, collections, fees and charges and debt recovery. This may involve third parties particularly where debt recovery is involved. We do this because it is necessary for the performance of our contract with you.

General business purposes

We may process your personal data for security purposes (including cyber security) and to generally administer our business including for group reorganisations, system maintenance and reporting, preparation of our accounts, the generation of aggregated information for public disclosure, training our staff, auditing of our accounts and processes, verification of compliance with laws and regulations and other internal administration. We do all of this on the basis of our legitimate interests as a business that wishes to grow and develop and also on the basis of legal obligations to which we are subject.

Behaviour analysis

As a company using technology we have a strong legitimate interest in understanding consumer behaviour and we use various technologies to do so. This will not generally involve use of directly identifiable information such as your name or email address but may include use of IP addresses or cookie information (where you have not declined the use of cookies). We do this because it is in our legitimate interests both to improve the user experience but also to maintain the security of our systems.

Customer Service

Where you make a complaint or have a query, or where an owner raises issues with your behaviour during a rental period we will need to process your personal data to mediate between you and them. We do this because it is necessary to fulfil our booking conditions which are part of the contracts between us and you and you and the owner. Where you make queries we will also need to process your personal data to answer. We may use our call recordings for fact verification in customer service queries.

User experience research

We may use your personal data to select people for user experience or market research related to our services, websites or customer services. We will generally provide you with further information about use of your data relating to the particular study we are carrying out at the time. We will not use your information for direct marketing purposes when we perform research. We do this on the basis of our legitimate interests in having robust information about our performance and future trends in the market.

Who we share your data with
Property Owners

Some of your information (usually contact information) will be shared with property owners on the basis that it is necessary to fulfil your contract with them. We will also share some of your personal data with people who provide services to the property such as housekeepers or maintenance personnel.

Other Group companies

Other companies in the Group may receive your personal data either when necessary. Some of these companies may not be based in the EEA.

IT service providers

Our technology is often hosted in the cloud and we use a number of service providers such as Amazon, Microsoft and Salesforce to support our websites and other technology stacks. Generally speaking these companies will be data processors acting entirely on our instructions. Some of these companies will not be in the EEA.

Professional advisors

We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information. The services they provide may be based outside the EEA.

Public authorities

This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.

Payment services providers

We use specialist companies to process payment card details. Currently these include

  • PayPal UK Ltd. Whittaker House, Whittaker Avenue, Richmond-Upon-Thames, Surrey, United Kingdom, TW9 1EH

  • Sage Pay Europe Limited, North Park, Newcastle upon Tyne, NE13 9AA

  • Syntec Ltd, 18 The Avenue, London W13 8PH

  • Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Marketing partners

We use many service providers to assist in our marketing efforts or to leave reviews. These include

  • Emailcenter UK Limited, West Tithe, Pury Hill Business Park, Alderton Road, Towcester, Northamptonshire, NN12 7LS,

  • Ant Marketing Limited, Antenna House, St Mary's Gate, Sheffield, S2 4QA,

  • TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA,

  • Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K.

  • Voucher Express: Voucher Express, PO Box 93, Ripon, North Yorkshire, HG4 1WE

  • Pure Print for DM - Pureprint Group

  • Crowson House, Bolton Close, Bellbrook Park, Uckfield, East Sussex, TN22 1PH

  • Salesforce UK, Heron Tower, 110 Bishopsgate, London EC2N 4AY

  • Document Despatch Ltd, The Courtyard, 19-23 Homesteads Road, Basingstoke, RG22 5LQ

  • The Organic Agency, Winslade House, Organic, Winslade Park Ave, Clyst St Mary, Exeter EX5 1FY

  • Smash Marketing - Sapphire House, Roundtree Way, Norwich NR7 8SQ

  • The Orange Cow Limited, The Old Bakery, High Street, Pitton, Wiltshire, SP5 1DQ

  • Visit The Cotswolds, NHM Accounts Ltd, Redditch, England, B980DH.

  • WOLFENDEN AGENCY LIMITED, Half Acre, Sheriff Lane, Eldwick, West Yorkshire, BD16 3ER

  • Citypress Union, 2-10 Albert Square, Manchester M2 6LW

Insurance providers and compliance partners

Where we sell you insurance we will disclose your details to our insurance partner and may need to disclose it to our compliance partner or any organisation (such as the FOS or the FCA) that you may later complain to. These partners are:

  • Advisory Insurance Brokers Limited, 2 Minster Court, Mincing Lane, London, EC3R 7PD

  • ITC Compliance Ltd, Monarch Court, The Brooms, Emersons Green, Bristol, BS16 7FH

Third party booking platforms

These include but are not limited to AirBnB, Vrbo, Booking.com, TripAdvisor, Expedia and similar companies. They may pass the information on to other advertising partners.

Purchasers or potential purchasers of our business

Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change of ownership happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

International transfers of your data

Sykes is an international company with subsidiary companies or brands in more than one country. Not all of these countries are in the EEA with many employees based in New Zealand in particular. Additionally a number of our service providers are based in countries outside the EEA and, as you would expect, this includes the USA and other high technology countries.

Where we transfer your data we will either transfer it to a country where there is a ruling in force that says that the level of data protection is adequate in the country the information is transferred to or we will use the standard contract clauses provided by the European Commission and validated by the UK Information Commissioner’s Office to provide protection and we will perform a risk assessment on any international transfer of data where these clauses are used.

read more...

If you want to know more about specific safeguards for your data in relation to international transfers please email dpo@sykescottages.co.uk

How long we keep your data

We keep different categories of data for different periods of time depending on what they are used for and we seek to get rid of what we do not need as early as possible. We are required to keep some information for longer periods by law and we keep some because it is in our legitimate interests.

As a guide, you can expect us to retain enough data to identify you for six years after you last interacted with us or we had a commercial relationship with you. This is mainly because that is when records relating to corporate taxation can be removed.

Because holiday letting is a long term proposition and can involve large periods of time between booking with a particular company we will continue to send you marketing promoting our services for up to four years after your last response although the frequency of communications will decrease with time and you can ask us to stop at any time.

While we have a commercial relationship with you we retain full records, including data from more than six years ago and if we reasonably contemplate there may be litigation or there has been a complaint in relation to your property we may retain information beyond the six year standard.

Your statutory Rights
Right of Access (Subject Access Requests)

You have the right to ask us for a copy of the data we hold about you or any part of that data along with some further information about how we process it and keep it safe. We are allowed to ask you for more information about your identity and to ask you to narrow down your request to help us find your data. This right always applies but there are exemptions that mean you may not always receive all of the information we process and if you are a corporate owner (a company owns your property) the corporate owner cannot make an Access request. You cannot make an access request for someone else’s data without their written authorisation.

Right of Erasure (Right to be forgotten)

This is not a simple right and does not always apply. We have to erase your data if it is no longer needed for the purposes we collected it for or if you withdraw your consent where the processing is based on consent.

For people who have booked a rental through us we will not erase your data at all while the contract is still valid or if money is owed by us or by you. We will also not erase all of your data for six years because of the rules around corporate financial records. We will also not delete your data if there is an ongoing complaint, if there has been a complaint in the last year, or if we reasonably believe there may be legal action taken in relation to the contract by us, you or a third party.

We will not generally erase your data if you have booked a rental through us in the last 12 months.

We will erase your data if we have processed it unlawfully, if you have successfully objected to the processing of your data or if we have a legal obligation to do so.

If your main concern is about marketing communications you may want to tell us to stop sending you marketing communications instead and where this seems to be the reason for an erasure request we will always cease marketing while we discuss this with you.

Right to Rectification

You always have the right to require us to make sure that the data we hold about you is accurate. Please let us know if it is not and we will fix it. Where we disagree that it is wrong we will tell you why and give you the opportunity to provide evidence that we have made a mistake.

Right to Restriction

Where you have objected to our data processing and we are still in discussions or there is a dispute over the accuracy of the data or we have agreed our processing is unlawful but you wish to preserve evidence or you require the data for a legal claim you can ask us to restrict processing such that we can only continue to store it.

Right to data portability

Where our basis for processing your data is for the performance of a contract or based on your consent you can ask us to provide your data in a machine readable format for transmission to another data controller.

General Right to object

Where our basis for processing your data is based on legitimate interests you can object at any time and the Data Protection Officer will consider whether the company has an overriding legitimate interest that would mean we would continue to process your data or whether we should stop. You should note that legal claims would generally be regarded as an overriding interest.

Right to object to direct marketing

This is an absolute right and you can exercise it at any time by getting in touch with us.

Right to appeal an automated decision

If we have made a decision purely by automated means, generally meaning a computer made the decision, you can ask us to have that decision reviewed by a human. We will tell you when a decision has been made by purely automated means.

Right to withdraw consent

Where our processing is based on your consent then that consent can be withdrawn at any time. We will tell you when our processing is based on your consent.

Exercising your rights

You can ask our customer or owner services teams on the phone to exercise your rights, send an email to dpo@sykescottages.co.uk or drop us a letter to our postal address at One City Place, Chester, Cheshire, CH1 3BQ, United Kingdom.

Your request may be dealt with by our customer or owner teams initially or by another member of the Legal Team at Sykes but you can ask for it to be looked at by the Data Protection Officer if you wish.

Normally we will deal with your requests within one calendar month but particularly complex requests may take longer. We will let you know when that happens.

Making a complaint

Any complaint about our data processing should be sent to the Data Protection Officer in the first instance who will investigate and respond to you directly. The Data Protection Officer acts independently of the management of the company in considering complaints about Data Protection.

You always have the right to complain to the regulator and for customers in the UK this would be the Information Commissioner’s Office whose details can be found at www.ico.org.uk or if you are in the EU you can complain to the Irish Data Protection Commission whose details can be found at www.dataprotection.ie

Both organisations will expect you to have complained to us first and to have given us an opportunity to respond and will generally refer you back to us if you have not. We would also really appreciate the opportunity to try and resolve your complaint first because we would prefer to resolve matters amicably where we can.

Automated profiling

For marketing and recommendations purposes we may process your data in ways that tell us what you are likely to want to see from us and products that may interest you. We may also make certain offers available to you on this basis. This profiling is automated and may use Machine Learning or Artificial Intelligence tools to give us the results.

Changes to this privacy policy

We always record the data on which the privacy policy has been changed at the top of this page. You can ask us for copies of previous privacy policies and when they were effective from at any time. When we change our purposes for processing your data we will let you know either through this privacy policy or by sending you a direct communication if we think it has a large impact on you. Regular communications may indicate when we have updated this policy and ask you to take a look at it.

Links to other websites or social media

Our website may include links to and from third-party websites, social media, plug-ins and applications. By clicking on these links or enabling connections you may be allowing third parties to collect or share your personal data. We have no control over these third-party websites, plug-ins or applications and are not responsible for their privacy policies, therefore you should also read their privacy policies to understand what personal data they collect about you and how they use it.

Owner Privacy Policy

Who we are

The data controller for your personal information is Sykes Cottages Ltd (Sykes) who operate through a number of brands and companies and who are part of a wider Group called Forge Holiday Group Ltd (Forge).

Read more...

Our trading brands are Best Escapes, Cornish Cottage Holidays, Helpful Holidays, Hogans Irish Cottages, Manor Cottages, Dream Cottages, Coast & Country Cottages, Menai Holiday Cottages, Yorkshire Coastal Cottages, Welsh Coast & Country, LakeLovers, , Carbis Bay Holidays, Lake District Lodge Holidays, John Bray Cornish Holidays, Best of Suffolk, Abersoch Quality Homes and Northumbria Coast and Country Cottages, Lyme Bay Holidays.

Sykes Cottages Ltd, a company registered in England, with company number: 4469189 of 1 City Place, Chester, Cheshire, CH1 3BQ, (referred to as “Sykes”, “Sykes Cottages”, "we", "us" or "our" in this privacy notice) is the primary data controller in relation to your personal data. This means that we are responsible for your personal data.

We are part of a wider Group of companies including Forge Holiday Group Ltd, UKCaravans4hire.com Limited and Forest Holidays Limited and we sometimes use joint technology services to make data more secure, to make our technology better and quicker or to give you a better service. It doesn’t make a difference to the purposes we use your information for and our Group follow this privacy policy when looking after your data. Where we use these services we are joint data controllers with these companies and we have a binding agreement in place to operate to high standards of data protection.

Our contact details

While we have many local offices, for privacy queries our correspondence address is One City Place, Chester, Cheshire, CH1 3BQ, United Kingdom and the email address to contact is dpo@sykescottages.co.uk

Read more...

Our Data Protection Officer is a staff member of Forge and its subsidiary companies and can be contacted using the details provided above.

Our relationship with you as a data subject and data controller

When we are dealing with you in relation to our contract with you or a potential contract between you and us we are a data controller and you are a data subject. These are legal terms that sound a bit weird but it basically means that we have your data and you have certain rights.

That gives you all of the rights we outline below in relation to your personal data, including the right to opt out of marketing or to request a copy of all of your personal data. These rights only apply to your personal data so if you have set up a company to own and let out your cottage this will make a difference to how we deal with you as companies do not have data protection rights. Please ask us if you want to know more about this.

When we share information about guests or our contractors with you we do so on the basis that you are a separate and independent data controller. Again these are legal terms but this time it means you have responsibilities rather than rights. You might ant to visit the Information Commissioner’s Office website at www.ico.org.uk to help understand these responsibilities.

As letting out your property is a commercial activity you should consider registering with the Information Commissioner’s Office and considering how you will meet your responsibilities. If you have set up a company to manage your property they may be the data controller. If a customer requests details of you as a data controller we have to provide them with your name and contact details. We will always provide them with the name and address we have on the owner record so you should dmake sure these details are always up to date.

The data we collect from you and elsewhere
Personal data

We collect your personal details including your name, address, email addresses, telephone numbers, title and country of residence. Depending on your taxation or residency status we may also be required to collect your date of birth, your NI number or taxpayer identification number as well as any VAT numbers you may have and your country of residence and/or tax domicile. We also collect details about your property which will include the address and photographs and may include prospective, current and past properties you have let through us or may let through us. We sometimes collect or check this data using publicly accessible sources such as Companies House or the Land Registry. Any registration or licence numbers you have enabling you to let out a property may also be collected and displayed to the public. We will also sometimes need to collect copies of documentation such as passports or driving licences to verify your identity.

We make financial projections about the likely value of bookings for both you and for us in relation to your property. These are based on information we collect from you. We may make decision about what price we charge for our services or which service levels you are entitled to on an automated or manual basis depending on these projections.

We have to collect some of this data from you to create and maintain an account for you on our systems. We manage our interactions with you using an account system and we will tell you when information is required for us to provide our services rather than being a voluntary supply of data by you.

We create models and projections about your likely future behaviours by combining the data we have collected with aggregated data sets.

We collect financial data including transactions we have made with you, details of your tax status and your bank account details. We do not generally collect or retain payment card details as this processing is outsourced but we may (if you consent) retain an authorisation to charge a payment method.

We record some calls to or from our call centre. This will include the number dialled or called from as well as the recording itself. We use these recordings for training purposes, fact verification and to meet regulatory obligations in relation to selling insurance. In a similar way we retain transcripts of live chats, text messages and other social media direct messaging that we send to you or you send to us.

We also collect data from you about other people such as those who manage your property. You are responsible for telling them you have given us their data our use of which is governed by this privacy policy.

We collect data for marketing and website management purposes including details of how you have used our website, your responses to surveys and feedback requests, your marketing preferences and your cookie consents.

We collect technical data including internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. Some of this data is used for website management and marketing purposes.

When things go wrong and we have to collect debts from you or take other legal action we may get information about other creditors you have and payments you make to them. We will receive this from IVA, bankruptcy or financial advisors as well as your legal representatives.

We also receive your information from third party lead generators, these include:

  • Ant Marketing Ltd, Glenigan Limited, Company number 8249446 (England & Wales) Registered address: 80 Holdenhurst Road, Bournemouth, BH8 8AQ.

Special category data

We may rarely receive data from you about your health or about criminal convictions. You may also give us details of your relations such as spouses. We will only ever take this information from you with your consent.

What we do with your data and our lawful bases for doing so
Providing our services to you

We use your personal data to fulfil our contract with you as agent for letting your property out to holidaymakers. We do this because it is necessary for the performance of the contract to which both you and the holidaymaker are a party for the rental agreement as well as the contract between you and us as your agent.

We may use your personal data to introduce you to our insurance partner where you want this to happen. We do this because it is necessary as a step for you to form a contract with the insurance partner in the future.

We may provide you with access to an owner portal on our website and an owner app. These use your personal data to provide you with information about bookings, feedback, the performance of your properties and to provide you with general information. We do this either because it is necessary for the performance of our contract with you or because it is in our legitimate interests of providing a comprehensive owner service to give you information you want in a way that enables us to be a successful business.

We will also communicate with you by any means (including email) about changes to our terms and conditions, your contract with us or changes to our privacy or other policies that may affect you. This is on the basis of compliance with a legal obligation or because it is necessary to perform our contract with you.

Sending you information and advertising our services and performance

Marketing and sales materials for prospective new owners

We will use your personal data to personalise our advertising and marketing in relation to you potentially letting your property through us. Where we send you marketing through texts, emails or by phoning you if you are registered on the TPS we do this on the basis of your consent. You can withdraw this consent at any time through unsubscribe links, during a telephone conversation or by emailing dpo@sykescottages.co.uk We may send you marketing through the post on the basis of our legitimate interest in growing our property offer and this will usually be the case when we call you (if not registered on the TPS) or where we have obtained your information from a publicly available source such as the Land Registry.

Once you book a visit to your property we are taking steps to offer you a contract and our lawful basis for communicating after this time is that it is necessary to form the contract.

Marketing and sales materials for existing owners

We will use your personal data to personalise our advertising and marketing in relation to retaining you as an owner and providing you with new services or options. We do this on the basis of your consent for text, email (including social media direct messaging such as WhatsApp) and telephone calls if you are registered on the TPS. You can withdraw this consent at any time through unsubscribe links, during a telephone conversation or by emailing dpo@sykescottages.co.uk For some postal communications and telephone calls where you are not registered with the TPS we rely on our legitimate interests as a growing business.

We aim to give you maximum control over your preferences and have enabled you to choose to receive:

  • No marketing;
  • Informational marketing relating to the performance of the holiday let sector and of Sykes, proposed legislation and regulations, free gifts and general updates that do not suggest any financial commitment by you;
  • Commercial marketing where we will tell you about special offers, commercial options for your property such as new pricing opportunities or information about partnerships we have formed with other companies to enable you to take advantage of discounts.

You can change your preferences by communication channel and the above categories at any time in your owner portal.

You may also be eligible to enter competitions, to take part in loyalty schemes or you may be a key account for us. We will process your personal data to check your eligibility and to provide these services on the basis of it being in our legitimate interests as a company seeking to grow its available property stock.

Marketing and sales materials for owners in businesses that we acquire

We rely on our legitimate interests as the acquirer of the business to process your personal data in line with the privacy policy of the company you have a contract with.

Our legal obligations

We are subject to legal obligations under the laws of the UK, Ireland, the EU and other countries. We may need to process your personal data to comply with these legal obligations from specific reporting that may be required from time to time to more general obligations in law. This may involve co-operating with public sector organisations such as government agencies, local government and regulators. This may include the Competition and Markets Authority, the UK Information Commissioner’s Office, HMRC and other tax authorities, the Irish Data Protection Commission, the Police or local councils.

Financial information

We will process your personal data to manage payments, collections, fees and charges and debt recovery. This may involve third parties particularly where debt recovery is involved. We do this because it is necessary for the performance of our contract with you.

General business purposes

We may process your personal data for security purposes (including cyber security) and to generally administer our business including for group reorganisations, system maintenance and reporting, preparation of our accounts, the generation of aggregated information for public disclosure, training our staff, auditing of our accounts and processes, verification of compliance with laws and regulations and other internal administration. We do all of this on the basis of our legitimate interests as a business that wishes to grow and develop and also on the basis of legal obligations to which we are subject.

Behaviour analysis

As a company using technology we have a strong legitimate interest to understand consumer behaviour and we use various technologies to do so. This will not generally involve use of directly identifiable information such as your name or email address but may include use of IP addresses or cookie information (where you have not declined the use of cookies). We do this because it is in our legitimate interests both to improve the user experience but also to maintain the security of our systems.

Other websites

Part of the Sykes service is the use of partner websites (for example Airbnb and booking.com) to advertise your property. Where any of the information relating to your property is your personal data this will involve them using this data on our behalf. This is necessary for us to perform our contract with you.

Customer Service

Where you make a complaint or have a query, or where a holidaymaker raises issues with one of your properties we will need to process your personal data to mediate between you and them. We do this because it is necessary to fulfil our booking conditions which are part of the contracts between us and you and you and the holidaymakers. Where you make queries we will also need to process your personal data to answer. We may use our call recordings for fact verification in customer service queries.

Managed services

Where we provide managed services (cleaning, maintenance etc) to your property we will need to use your personal data to manage the contract with the managed services providers that we employ to fulfil our contract with you.

User experience research

We may use your personal data to select people for user experience or market research related to our services, websites or customer services. We will generally provide you with further information about use of your data relating to the particular study we are carrying out at the time. We will not use your information for direct marketing purposes when we perform research. We do this on the basis of our legitimate interests in having robust information about our performance and future trends in the market.

Who we share your data with
Holidaymakers

Some of your information (usually contact information) will be shared with holidaymakers on the basis that it is necessary to fulfil your contract with them. If a holidaymaker requests your contact details as you are a data controller for their data we have to provide it as a legal obligation.

Other Group companies

Other companies in the Group may receive your personal data either when necessary. Some of these companies may not be based in the EEA.

IT service providers

Our technology is often hosted in the cloud and we use a number of service providers such as Amazon, Microsoft and Salesforce to support our websites and other technology stacks. Generally speaking these companies will be data processors acting entirely on our instructions. Some of these companies will not be in the EEA.

Professional advisors

We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information. The services they provide may be based outside the EEA.

Public authorities

This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.

Payment services providers

We use specialist companies to process payment card details. Currently these include

  • PayPal UK Ltd. Whittaker House, Whittaker Avenue, Richmond-Upon-Thames, Surrey, United Kingdom, TW9 1EH

  • Sage Pay Europe Limited, North Park, Newcastle upon Tyne, NE13 9AA

  • Syntec Ltd, 18 The Avenue, London W13 8PH

  • Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Marketing partners

We use many service providers to assist in our marketing efforts or to leave reviews. These include

  • Emailcenter UK Limited, West Tithe, Pury Hill Business Park, Alderton Road, Towcester, Northamptonshire, NN12 7LS,

  • Ant Marketing Limited, Antenna House, St Mary's Gate, Sheffield, S2 4QA,

  • TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA,

  • Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K.

  • Voucher Express: Voucher Express, PO Box 93, Ripon, North Yorkshire, HG4 1WE

  • Pure Print for DM - Pureprint Group, Crowson House, Bolton Close, Bellbrook Park, Uckfield, East Sussex, TN22 1PH

  • Salesforce UK, Heron Tower, 110 Bishopsgate, London EC2N 4AY

  • Document Despatch Ltd, The Courtyard, 19-23 Homesteads Road, Basingstoke, RG22 5LQ

  • The Organic Agency, Winslade House, Organic, Winslade Park Ave, Clyst St Mary, Exeter EX5 1FY

  • Smash Marketing - Sapphire House, Roundtree Way, Norwich NR7 8SQ

  • The Orange Cow Limited, The Old Bakery, High Street, Pitton, Wiltshire, SP5 1DQ

  • Visit The Cotswolds, NHM Accounts Ltd, Redditch, England, B980DH.

  • WOLFENDEN AGENCY LIMITED, Half Acre, Sheriff Lane, Eldwick, West Yorkshire, BD16 3ER

  • Citypress Union, 2-10 Albert Square, Manchester M2 6LW

Insurance providers

Where we introduce you to an insurance provider we will disclose your details to them. Currently we introduce to:

  • Pikl Insurance Services Ltd, Second Floor, The Atrium, Suite B St Georges St, Norwich NR3 1AB.

Third party booking platforms

These include but are not limited to AirBnB, Vrbo, Booking.com, TripAdviser, Expedia and similar companies. They may pass the information on to other advertising partners.

Purchasers or potential purchasers of our business

Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change of ownership happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

International transfers of your data

Sykes is an international company with subsidiary companies or brands in more than one country. Not all of these countries are in the EEA with many employees based in New Zealand in particular. Additionally a number of our service providers are based in countries outside the EEA and, as you would expect, this includes the USA and other high technology countries.

Where we transfer your data we will either transfer it to a country where there is a ruling in force that says that the level of data protection is adequate in the country the information is transferred to or we will use the standard contract clauses provided by the European Commission and validated by the UK Information Commissioner’s Office to provide protection and we will perform a risk assessment on any international transfer of data where these clauses are used.

If you want to know more about specific safeguards for your data in relation to international transfers please email dpo@sykescottages.co.uk.

How long we keep your data

We keep different categories of data for different periods of time depending on what they are used for and we seek to delete what we do not need as early as possible. We are required to keep some information for longer periods by law and we keep some because it is in our legitimate interests.

As a guide, you can expect us to retain enough data to identify you for six years after you last interacted with us or we had a commercial relationship with you. This is mainly because that is when records relating to corporate taxation can be removed.

Because holiday letting is a long term proposition and can involve large periods of time between actions such as buying a property we will continue to send you marketing promoting our services for up to four years after your last response although the frequency of communications will decrease with time and you can ask us to stop at any time.

While we have a commercial relationship with you we retain full records, including data from more than six years ago and if we reasonably contemplate there may be litigation or there has been a complaint in relation to your property we may retain information beyond the six year standard.

Your statutory Rights
Right of Access (Subject Access Requests)

You have the right to ask us for a copy of the data we hold about you or any part of that data along with some further information about how we process it and keep it safe. We are allowed to ask you for more information about your identity and to ask you to narrow down your request to help us find your data. This right always applies but there are exemptions that mean you may not always receive all of the information we process and if you are a corporate owner (a company owns your property) the corporate owner cannot make an Access request. You cannot make an access request for someone else’s data without their written authorisation.

Right of Erasure (Right to be forgotten)

This is not a simple right and does not always apply. We have to erase your data if it is no longer needed for the purposes we collected it for or if you withdraw your consent where the processing is based on consent.

For prospective new owners who have not signed a contract with us this processing is based on your consent and we will erase your data on request.

For people who have signed a contract with us we will not erase your data at all while the contract is still valid or if money is owed by us or by you. We will also not erase all of your data for six years because of the rules around corporate financial records. We will also not delete your data if there is an ongoing complaint, if there has been a complaint in the last year, or if we reasonably believe there may be legal action taken in relation to the contract by us, you or a third party.

We will erase your data if we have processed it unlawfully, if you have successfully objected to the processing of your data or if we have a legal obligation to do so.

If your main concern is about marketing communications you may want to tell us to stop sending you marketing communications instead and where this seems to be the reason for an erasure request we will always cease marketing while we discuss this with you.

Right to Rectification

You always have the right to require us to make sure that the data we hold about you is accurate. Please let us know if it is not and we will fix it. Maybe give us a fighting chance of getting it right though by checking our details in your owner portal and keeping them up to date. Where we disagree that it is wrong we will tell you why and give you the opportunity to provide evidence that we have made a mistake.

Right to Restriction

Where you have objected to our data processing and we are still in discussions or there is a dispute over the accuracy of the data or we have agreed our processing is unlawful but you wish to preserve evidence or you require the data for a legal claim you can ask us to restrict processing such that we can only continue to store it.

Right to data portability

Where our basis for processing your data is for the performance of a contract or based on your consent you can ask us to provide your data in a machine readable format for transmission to another data controller.

General Right to object

Where our basis for processing your data is based on legitimate interests you can object at any time and the Data Protection Officer will consider whether the company has an overriding legitimate interest that would mean we would continue to process your data or whether we should stop. You should note that legal claims would generally be regarded as an overriding interest.

Right to object to direct marketing

This is an absolute right and you can exercise it at any time by getting in touch with us. Or (and this is probably easier) updating your preferences in your owner portal or in your owner app.

Right to appeal an automated decision

If we have made a decision purely by automated means, generally meaning a computer made the decision, you can ask us to have that decision reviewed by a human. We will tell you when a decision has been made by purely automated means.

Right to withdraw consent

Where our processing is based on your consent then that consent can be withdrawn at any time. We will tell you when our processing is based on your consent.

Exercising your rights

You can ask our customer or owner services teams on the phone to exercise your rights, send an email to dpo@sykescottages.co.uk or drop us a letter to our postal address at One City Place, Chester, Cheshire, CH1 3BQ, United Kingdom.

Your request may be dealt with by our customer or owner teams initially or by another member of the Office of the General Counsel at Sykes but you can ask for it to be looked at by the Data Protection Officer if you wish.

Normally we will deal with your requests within one calendar month but particularly complex requests may take longer. We will let you know when that happens.

Making a complaint

Any complaint about our data processing should be sent to the Data Protection Officer in the first instance who will investigate and respond to you directly. The Data Protection Officer acts independently of the management of the company in considering complaints about Data Protection.

You always have the right to complain to the regulator and for customers in the UK this would be the Information Commissioner’s Office whose details can be found at www.ico.org.uk or if you are in the EU you can complain to the Irish Data Protection Commission whose details can be found at www.dataprotection.ie

Both organisations will expect you to have complained to us first and to have given us an opportunity to respond and will generally refer you back to us if you have not. We would also really appreciate the opportunity to try and resolve your complaint first because we would prefer to resolve matters amicably where we can.

Automated profiling

For marketing and recommendations purposes we may process your data in ways that tell us what you are likely to want to see from us and products that may interest you. We may also make certain offers available to you on this basis. This profiling is automated and may use Machine Learning or Artificial Intelligence tools to give us the results.

Changes to this privacy policy

We always record the date on which the privacy policy has been changed at the top of this page. You can ask us for copies of previous privacy policies and when they were effective from at any time. When we change our purposes for processing your data we will let you know either through this privacy policy or by sending you a direct communication if we think it has a large impact on you. Regular communications may indicate when we have updated this policy and ask you to take a look at it.

Links to other websites or social media

Our website may include links to and from third-party websites, social media, plug-ins and applications. By clicking on these links or enabling connections you may be allowing third parties to collect or share your personal data. We have no control over these third-party websites, plug-ins or applications and are not responsible for their privacy policies, therefore you should also read their privacy policies to understand what personal data they collect about you and how they use it.