Who we are
The Site is operated by Coolstays, a trading name of Coolstays Ltd, a company registered in
England and Wales. Our company registration number is 7804381. Our registered office is at 15-17
Middle Street, Brighton, BN1 1AL, UK.
When this Privacy Policy mentions “Coolstays,” “we,” “us,” “our,” or “Data Controller” it refers
to the Coolstays Ltd trading as Coolstays.
We are registered with the Information Commissioner’s Office as a data controller under number
Z3404833.
This Privacy Policy sets out how we collect, process and protect any information (including
personal data) that you give when you use this website, or communicate with us in any way.
This Privacy Policy applies to all users of our website and service, including property Owners
or agents who advertise with us (“Owners”), website visitors who have registered for an account
(“Webusers”) and website visitors who have not registered for an account (“Visitors”).
Use of this website is in accordance with our Terms of Use. By using our site you indicate that
you agree to our Terms of Use and this Privacy Policy.
You must be over 18 years old to use our site and to make booking enquiries with Owners. By
using our site you confirm that you are over 18 years of age.
If you have any questions about your personal data and this Privacy Policy you can contact us
for more information any time by emailing privacy@coolstays.com or calling 01237 692 300.
Our Privacy Policy
We promise to keep your personal data safe and private, not to sell your personal data, and to
give you a simple way to view and manage your marketing and communication choices at any
time.
This Policy and the GDPR
GDPR stands for the General Data Protection Regulation, a European privacy law approved by the
European Commission in 2016. The GDPR will replace a prior European Union privacy directive
known as Directive 95/46/EC (the “Directive”), which has been the basis of European data
protection law since 1995.
The GDPR is an attempt to strengthen, harmonize, and modernize EU data protection law and enhance
individual rights and freedoms, consistent with the European understanding of privacy as a
fundamental human right. The GDPR regulates, among other things, how individuals and
organizations may obtain, use, store, and eliminate personal data. It applies to any
organisation processing personal data of EU citizens.
Personal data will now include not only data that is commonly considered to be personal in nature
(e.g. names, physical addresses, email addresses), but also data such as IP addresses,
behavioral data, location data, financial information, and more.
The GDPR was adopted in April 2016, but will officially be enforceable on 25th May 2018.
This Privacy Policy has been designed to comply with these new regulations. It will inform you
about what kind of information we may collect, how we collect it, why we collect it, the legal
basis for collecting it and your rights under the GDPR.
Changes to this Policy
We may change this Privacy Policy from time to time by updating this page. Any changes will be
effective immediately upon notice which we may give by any means, including updating this page.
You should revisit this page regularly to stay informed of the most uptodate Privacy Policy.
This Privacy Policy was last updated 27th April 2018
Information we collect
There are three categories of information we collect:
1. Information you give to us
- a) Information necessary for use of the site.
We ask for this information when you use the site as it is required for proper performance
of our contract with
you.
- i) Account information - When you register with us such as first name, last name and
email
address.
- ii) Listing information (if you are an Owner) - such as your address, your property
address
and geo-location, phone number
- iii) Payment information - Payments are processed using our account at Stripe Inc.
on
their
secure platform and will include the method, date and time, amount, card expiry
date,
billing postcode, your address and other related information. This information is
required
and necessary for performance of our contract with you. We do not have sight of the
card
number or CVV code at any time, but this will be held securely by Stripe Inc who are
audited
and certified as a PCI Service Provider Level 1.
- iv) Communications - If you contact us or use the site to contact Owners we collect
information about the communication and any other information you choose to provide
in
that
communication.
- b) Information you choose to give us.
You can choose to give us additional information that is not essential for use of the site
but will enhance your
experience and help us provide a better service to you. This information is processed based
on your consent.
- i) Additional account information (for Owners) - such as a Twitter username,
Facebook page or username,
Instagram username.
-
ii) Booking information - If you confirm with us that you have made a booking, we will
collect this information along with any personal data you may give to us
- iii) Review information - If you submit a review on the site we will collect
this information and
any
personal data you may include in the review and this will be publicly available on
the site (once
published). We will also publish your name on the review but we give you the option
of entering a public
profile name that can be different to your full legal name.
- iv) Other information - If you fill out any form on the site or third party sites
we may direct you to
such as SurveyMonkey, Typeform surveys or Zendesk helpdesk, you are choosing to give us
this
information.
2. Information we automatically collect from your use of the website
When you use the website we automatically collect information, including personal data. This
information is necessary for the performance of the contract between you and us, as well a
given our legitimate interest to improve the functionality of the site and provide you with
a good service.
- i) Site Usage Information - We collect information about pages you visit, your
searches, enquiries you make,
things you save to your wishlists, and other actions.
- ii) Geolocation information - We collect information that includes your IP address
and this can be used to
determine your approximate location.
- iii) Log data and device information - We collect log data and device information
for when you use the site,
even
if you are not logged in or registered for an account with us. This information is
vital to us for to prevent
fraudulent or malicious use of the site.
- iv) Cookies - We use cookies and similar tracking technologies on the site and in
our emails, such as pixels and
web beacons, to analyze trends and movements around the site, serve targeted
advertisements, gather demographic
information about our user base as a whole, and to tell us when emails we send have
been delivered or viewed and
links in them clicked. We also partner with third parties to display advertising on
our website or to manage and
serve our advertising on other sites. You can control the use of cookies on your
browser, including disabling
use of cookies, but please note that since uniform standards for “Do Not Track” or
“DNT” signals have not been
adopted, our website do not currently process or respond to “DNT” signals. Our third
party partners may use
cookies or similar tracking technologies in order to provide you advertising or
other content based upon your
browsing activities and interests. If you wish to opt out of interest-based
advertising click
http://www.youronlinechoices.eu/. For more information about the cookies we use
please see our Cookies page at
https://www.coolstays.com/cookies
- v) Payment information (for Owners) - We collect information related to your
payments for services provided
including the method, date and time, amount, card expiry date, billing postcode,
bank account information (IBAN,
SWIFTcode, etc), your address and other related information. This information is
required and necessary for
performance of our contract with you. Card payments are processed securely using our
account at Stripe Inc. and
will include the method, date and time, amount, card expiry date, card number, CVV
code and billing postcode. It
may also include your address and other related information. This information is
required and necessary for
performance of our contract with you. We do not have site, of the card number or CVV
code at any time, but this
will be held securely by Stripe Inc who are audited and certified as a PCI Service
Provider Level 1.
- vi) Payment information (for Voucher purchasers) - We collect information required
to process a payment when you
purchase a Voucher on our voucher sales page. Payments are processed securely using
our account at Stripe Inc.
and will include the method, date and time, amount, card expiry date, billing
postcode, your address and other
related information. This information is required and necessary for performance of
our contract with you. We do
not have sight of the card number or CVV code at any time, but this will be held
securely by Stripe Inc who are
audited and certified as a PCI Service Provider Level 1.
- vii) Voucher Redeem information for Voucher Holders - We collect information
required to process a voucher
refund
using a secure form at https://vouchers.coolstays.com/redeem/ where we ask for your
booking information, your
name and contact email/phone, and your bank account information for the voucher
refund payment.
3. Information we collect from third parties
We may collect personal data that other site users may submit to us when they use the
website and communicate with us, or we may obtain information from other third parties as
detailed below. We have no control how these third parties may themselves control or process
this information and any information request relating to the data they might provide to us
must be directed to that third party.
- i) Third party services - if you login or connect to us using Facebook, they may
send us information such as
your
registration and profile information. This information is controlled by Facebook and
you authorise its
processing by us when you connect using their service and via the privacy settings
in your Facebook account.
- ii) Reviews - (for Owners) If someone has written a review about your property it
may contain your personal
data.
You will be notified when a review is published about your property and you will
have the opportunity to request
removal.
- iii) Third party booking information - We may receive personally identifiable
information (PII) contained in
data
feeds that we use to display up-to-date accommodation calendar availability
information. Where we receive such
PII it is processed according to the 'data minimisation' principles, whereby we will
delete the personal data
not required and keep only the minimum data needed to provide calendar availability
functionality.
How we use this information
We may use and disclose personal data only for the following purposes:
- 1. To communicate with Webusers and Owners and provide customer support.
- 2. To send you information and promotional material to you by email. You will only receive
this
information if you have positively opted in and you can stop receiving this content at any
time.
- 3. To send you alerts and notifications by email based on transactions you make on the site
- such
as making an enquiry, adding or modifying a wishlist or leaving a review. These are
essential for
the performance of our contract and you cannot opt out of receiving these messages, but you
will
only receive them if you make such transactions.
- 4. To charge and collect money from our customers. This includes sending you notices and
alerts by
email or telephoning. We use a third party (Stripe) for secure card payment processing, and
we send
billing information to them for processing orders and payments. We use third party
accounting
systems (Quickbooks) to manage our financial accounts. We send them billing information for
this
purpose. We may send messages to you directly from Quickbooks email system. Quickbooks also
offer
payment for invoices by card using Paypal.
- 5. To provide, support and improve the website and service to you. This may include sharing
your
personal data with third party service providers to provide and support our service and make
certain
features available to you. We ensure your data is protected by ensuring all third parties we
may use
have entered into a contract to only use your data as is necessary and in a manner that is
consistent with this Privacy Policy.
- 6. To provide suggestions to you. We use data to suggest properties or other content that we
think
will be of interest to you. For example suggesting properties similar to those you may have
made an
enquiry at, or that are on your wishlist.
- 7. To enforce compliance with our Terms of Use and applicable law. This includes storing
server log
data that help us prevent site misuse and violation.
- 8. To protect the rights and safety of our customers, site visitors and third parties.
- 9. To meet legal requirements, comply with the law, court orders, respond to legal requests
or an
official investigation.
- 10. To provide information to our advisors or agents, such as lawyers and accountants.
- 11. We may share your data with a third party if we choose to sell, transfer or merge part
or all of
our business - or we we seek to acquire another business or merge with them. We will only
share your
data with a third party in this case if they agree to keep your data safe and private and
have the
appropriate safeguards in place. In any such event we will notify you of the change either
by
sending you an email or posting a notice on our Website.
Third party links
Coolstays includes links to third party websites including property Owner websites, affiliate
partner websites (such as Booking.com), social media sites (such as Facebook or Twitter) and
other
websites. We do not control these sites and when you visit them you may be providing personal
data
to the third party. The third party’s use of your information will be governed by their own
Privacy
Policy which we recommended you review. We do not accept any responsibility or liability for
their
policies whatsoever.
Recipients of your data (Who we share it with)
-
1. Other Site Users:
- a) Making an Enquiry- If you interact with the site to make a booking enquiry with a
property owner
or agent, we will share with that owner/agent any information you need to provide
such as your name,
your email address, dates of your proposed stay, how many people are in your group.
This is
necessary for the adequate performance of our contract with you. When you make a
booking enquiry you
may choose to provide further information in the contact form and any subsequent
message using our
messaging system such as your phone number and any other personal data you choose.
This information
is provided with your consent.
-
b) Confirming a booking - If you confirm to us that you have made a booking at a
property we list, we will share that booking information with the property owner/agent,
including your name, email address, booked dates and booking value. This information is
provided with your consent.
- c) Leaving a review - If you choose to leave a review on the site for a property you
have stayed at,
we may publish this information on the site and it will be visible to all site users
and the general
public. We will publish your “public name” which is your name as provided to us on
registration or a
pseudonym if you choose to change it (your “public name”). We will also publish the
star rating and
any other information you choose to provide. By leaving a review you acknowledge and
agree that this
information is provided and may be published with you consent.
- d) Uploading Property Information - If you are a property owner or agent your use of
the site is
governed by the Owner Terms, to which you must agree in order to use our service to
promote your
property. Any information you upload to our Owners Area may include your personal
data and may be
provided to the Webusers and the general public as displayed on your property
listing with your
consent. You always have the opportunity to review the listing and can request
changes or removal to
this information at any time.
- e) Responding to an Enquiry - If you are a property owner or agent, when you respond
to an enquiry
from a webuser using our messaging system, any information you submit (including
personal data you
choose to submit) will be provided to the enquirer and will be stored on our
platform for review by
that Webusers at any time. This information is provided by you with your consent.
- 2. Our Employees and Contractors:
You data will be shared with our employees, contractors and agents who all enable us to
provide the
service. We need to share this information in order to ensure the adequate performance of
our
contract with you. Such recipients will have entered into a contract to keep your data safe
and
private and in a manner that is consistent with this Privacy Policy.
- 3. Service Providers:
- a) Third Party Processors - We use a variety of third party data processors to help
us
provide and
support our services. We need to share information with them in order to ensure the
adequate
performance of our contract with you. These would be classed as “data processors”
under
GDPR.
Examples include payment processors, hosting providers, email delivery systems, site
usage
analysis
services, helpdesk systems and content delivery services. All third party processors
we use
enter
into a contract that requires them to use your personal data only for the provision
of
services to
us and in a manner that is consistent with this Privacy Policy.
-
b) Hotjar: We use Hotjar in order to better understand our users’ needs and to
optimise this
service
and experience. Hotjar is a technology service that helps us better understand our
users
experience
(e.g. how much time they spend on which pages, which links they choose to click,
what users
do and
don’t like, etc.) and this enables us to build and maintain our service with user
feedback.
Hotjar
uses cookies and other technologies to collect data on our users’ behavior and their
devices
(in
particular device's IP address (captured and stored only in anonymised form), device
screen
size,
device type (unique device identifiers), browser information, geographic location
(country
only),
preferred language used to display our website). Hotjar stores this information in a
pseudonymised
user profile. Neither Hotjar nor we will ever use this information to identify
individual
users or
to match it with further data on an individual user. For further details, please see
Hotjar’s
privacy policy at www.hotjar.com
- b) Review platforms - If you use the site to make an enquiry we may share your name,
email
address
and the property you made an enquiry at with Feefo, who will send you an email on
our behalf
asking
you to complete a review. Our legal basis for doing this is our legitimate interest
in
asking for
feedback in order to improve our products and services. If you choose leave a review
on the
Feefo
platform, Feefo would be the "data controller" of the feedback they receive from you
and it
that
data would be help in accordance with their own Privacy Policy.
- 4. Other Third Parties:
We may share your data with a third party if we choose to sell, transfer or merge part or
all of our
business - or we we seek to acquire another business or merge with them. We will only share
your
data with a third party in this case if they agree to keep your data safe and private and
have the
appropriate safeguards in place.
Transfers to third part processors outside the EU
We are a UK registered company, operating in the UK and our website and service is available to
anyone worldwide. We use a number of Third Party Processors (TPPs) to enable us to provide and
support the website and service to our Owners, Webusers and Visitors. Some of these TPPs are
based
outside the European Economic Area (EEA) and data is processed on servers located outside the
EEA.
These TPPs have limited access to your information and perform process on our behalf. We only
use
TPPs who we are confident have the appropriate safeguards in place and they are contractually
bound
to protect and use it only for the purposes for which it was transferred, consistent with this
Privacy Policy.
Examples of TPPs we use include (but are not limited to):
Hosting - Amazon Web Services (AWS), Rackspace
Email - Sendgrid, Postmark, Mailchimp
SaaS - Freshworks (Freshdesk), Zapier, Slack, Feefo, Quickbooks, Stripe, Hotjar
Safeguards - EU-US Privacy Shield
The EU-US Privacy Shield is a framework that protects the fundamental rights of anyone in the EU
whose personal data is transferred to the United States for commercial purposes. Our TPPs are
certified and comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield
Framework. They comply with the Privacy Shield Principles for all transfers of personal data
from
the EU and Switzerland. Where appropriate we have signed Data Processing Addendums with TPPs to
be
confident that any data from the EEA that is being transfered outside of the the EEA will be
subjected to the same high levels of security, privacy control, and data protection that it
would
receive in the EU.
Your rights
The GDPR provides the following rights for individuals:
- 1. Right to be informed
You have the right to be informed about the collection and use of personal data. This
Privacy Policy
should contain all the information you need for you to exercise this right.
- 2. Right of access
You have the right to access your personal data and supplementary information. You can
access and
update some of your personal data through your account settings. If you have chosen to
register and
log in via Facebook you can manage those permissions in your account settings at Facebook.
- 3. Right to rectification
You have the right to ask us to have inaccurate personal data rectified, or completed if it
is
incomplete, where you cannot do this yourself in your account settings.
- 4. Right to erasure
You have a right to have your personal data erased. This is also known as the “right to be
forgotten”. You can ask us to delete your data by emailing us at privacy@coolstays.com We
will
respond to a request for erasure within one month. We may ask you to verify your identity.
- 5. Right to restrict processing
In certain circumstances, you have a right to restrict the way we may process your personal
data, as
an alternative to erasing it, if you have a particular reason for wanting it restricted
- 6. Right to data portability
Your right to data portability entitles you to obtain personal data you have provided to us
- in a
commonly used, structured format - and request that we send it to another another service
provider
(if technically feasible).
- 7. Right to object or withdraw consent
You have the right to object to our processing of your personal data where the use is based
on our
legitimate interests (including profiling), or where it is used for direct marketing. You
may at any
time ask us to stop processing of your information for direct marketing purposes, by
emailing us at
privacy@coolstays.com or by changing the email preference settings in your account.
How long we may keep your data
We generally retain your information for as long as your account is active or as long as
necessary
to provide you with our service. We may also retain and use your information in order to comply
with
our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised
access or disclosure, we have put in place suitable physical, electronic and managerial
procedures
to safeguard and secure the information we collect online.