Privacy Policy

1. Introduction

Prestige Residence (“we”, “us”, or “our”) is a luxury hotel concierge service registered in England and Wales with its principal office in London, United Kingdom. We are committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website at prestigeresidence.com and our related services. It also sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website or submitting a quote request, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Data Controller

Prestige Residence is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at:

3. Personal Data We Collect

We collect personal data that you provide directly to us, as well as data collected automatically when you visit our website.

3.1 Information You Provide

• Contact details: your full name, email address, and telephone number, provided when you submit a quote request or contact us.
• Travel preferences: destination preferences, preferred travel dates, number of guests, room type selections, meal plan preferences, and any special requirements or accessibility needs.
• Booking details: information related to your quote requests, booking confirmations, and payment transactions.
• Communications: records of correspondence between you and our team, including emails and any feedback you provide.
• Newsletter subscription: your email address if you subscribe to our mailing list.

3.2 Information Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: pages visited, time spent on pages, referral source, click patterns, and navigation paths through our website.
• Cookie data: information collected through cookies and similar tracking technologies (see Section 8 below).

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• Processing quote requests: to receive your enquiry, liaise with hotel partners on your behalf, and provide you with a personalised quote for your stay.
• Facilitating bookings: to coordinate reservations, process payments, and send you trip details and confirmation information.
• Personalisation: to tailor our recommendations and communications to your preferences and travel history.
• Communications: to respond to your enquiries, send service-related updates, and, where you have opted in, deliver marketing communications including our newsletter.
• Improving our services: to analyse website usage, identify trends, and enhance the functionality and user experience of our platform.
• Legal compliance: to comply with applicable laws, regulations, and legal processes.

5. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases to process your personal data:

• Contract performance (Article 6(1)(b)): processing is necessary to fulfil a quote request you have submitted, to manage your booking, or to take pre-contractual steps at your request.
• Legitimate interests (Article 6(1)(f)): we process certain data where it is in our legitimate business interests, such as improving our website, understanding how our services are used, and tailoring recommendations — provided these interests are not overridden by your rights and freedoms.
• Consent (Article 6(1)(a)): where you have given explicit consent, such as subscribing to our newsletter or accepting non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Legal obligation (Article 6(1)(c)): where processing is necessary to comply with a legal obligation to which we are subject, such as financial record keeping or responding to lawful requests from authorities.

6. Sharing Your Data with Third Parties

We do not sell your personal data to third parties. We may share your information with the following categories of recipients, only to the extent necessary to provide our services:

• Hotel partners: we share your name, contact details, travel dates, and stay preferences with our partner hotels to obtain quotes and facilitate your reservation. Each hotel partner operates as an independent data controller for the data they receive.
• Payment processors: we use Stripe to process payments securely. When you make a payment, your payment card details are collected and processed directly by Stripe in accordance with their privacy policy. We do not store your full card details on our systems.
• Email and communication services: we use third-party email service providers to send transactional emails (such as quote confirmations) and, where you have opted in, marketing communications.
• Analytics providers: we use Google Tag Manager and associated analytics tools to understand how visitors use our website. These services may collect anonymised or pseudonymised data about your browsing behaviour.
• Hosting and infrastructure: our website and database are hosted by third-party cloud providers who process data on our behalf under strict data processing agreements.
• Professional advisors and legal authorities: we may disclose your data to our legal advisors, accountants, or regulatory bodies where required by law or to protect our legal rights.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

• Quote and booking records: retained for six years from the date of your last interaction, in line with HMRC requirements for financial records.
• Contact and communication records: retained for three years from the date of your last contact with us, unless an active booking or ongoing relationship exists.
• Newsletter subscribers: your email address is retained until you unsubscribe. You can unsubscribe at any time using the link in our emails.
• Website analytics data: anonymised analytics data is retained for up to 26 months.

When retention periods expire, we securely delete or anonymise your data so that it can no longer be associated with you.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse site traffic, and understand how visitors interact with our platform. Cookies are small text files placed on your device when you visit our website.

Types of Cookies We Use

• Strictly necessary cookies: essential for the website to function, such as session management and security. These cannot be disabled.
• Analytics cookies: used via Google Tag Manager and Google Analytics to collect anonymised data about page views, traffic sources, and user journeys. These help us improve our website.
• Functional cookies: remember your preferences, such as currency selection and language settings, to provide a more personalised experience.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to refuse or delete cookies — consult your browser’s help documentation for instructions.

9. International Data Transfers

As we work with hotel partners and service providers around the world, your personal data may be transferred to and processed in countries outside the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Transfers to countries that the UK Secretary of State has determined provide an adequate level of data protection.
• Use of Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO) or the UK International Data Transfer Agreement (IDTA).
• Binding corporate rules or other legally recognised transfer mechanisms where applicable.

If you would like further information about the specific safeguards applied to the transfer of your data, please contact us at privacy@prestigeresidence.com.

10. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access: you can request a copy of the personal data we hold about you.
• Right to rectification: you can ask us to correct any inaccurate or incomplete data.
• Right to erasure: you can request that we delete your personal data, subject to certain legal exceptions (such as ongoing contractual obligations or legal retention requirements).
• Right to restrict processing: you can ask us to limit the processing of your data in certain circumstances, for example while we verify the accuracy of your data.
• Right to data portability: you can request that we provide your data in a structured, commonly used, machine-readable format, or transfer it directly to another controller where technically feasible.
• Right to object: you can object to the processing of your data where we rely on legitimate interests as our legal basis. You also have the absolute right to object to direct marketing at any time.
• Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
• Rights related to automated decision-making: you have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently carry out automated decision-making.

To exercise any of these rights, please email us at privacy@prestigeresidence.com. We will respond to your request within one month, as required by law. In certain circumstances, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), secure hosting environments, access controls limiting data access to authorised personnel, and regular reviews of our security practices. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Children’s Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete the information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will update the “last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes your acceptance of the revised policy.

14. Complaints

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so that we can try to resolve the matter. You can reach our privacy team at privacy@prestigeresidence.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your personal data is being processed, please contact us: