Privacy Policy – Nestor group
Nestor Stay Ltd (“Nestor”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect your personal data when you use our website, make a booking, or interact with us.
1. Who We Are
Nestor Stay Ltd is a provider of short-term accommodation services in the UK.
Contact details:
Email: guest@nestorstay.com
Address: 2 Leman Street, London E1W 9US
If you have any questions about this policy or your data, please contact us at the above email.
2. What Personal Data We Collect
We may collect and process the following types of personal data:
- Usage data (how you use our website)
- Identity data (name, date of birth, ID documents where required)
- Contact data (email address, phone number)
- Booking data (stay details, preferences, communications)
- Payment data (processed securely via third-party providers)
- Technical data (IP address, browser type, device information)
3. How We Collect Your Data
We collect data:
- From third-party booking platforms (e.g. Booking.com, Airbnb)
- When you make a booking with us
- When you contact us directly
- When you use our website
4. Lawful Bases for Processing
We rely on the following legal bases under UK GDPR:
- Contract: to manage bookings and provide accommodation
- Legal obligation: to comply with legal and regulatory requirements
- Legitimate interests: to operate and improve our services
- Consent: for marketing communications and non-essential cookies
5. How We Use Your Data
We use your personal data to:
- Process and manage bookings
- Communicate with you about your stay
- Verify identity where required
- Process payments
- Improve our website and services
- Send marketing communications (where you have consented)
- Comply with legal obligations
6. Sharing Your Data
We do not sell your personal data.
We may share your data with trusted third parties where necessary, including:
- Payment providers (e.g. Stripe, PayPal)
- Property management and operational staff
- IT and hosting providers
- Professional advisers (legal, accounting)
All third parties are required to respect the security of your data and process it lawfully.
7. International Transfers
Some of our service providers may process data outside the UK.
Where this happens, we ensure appropriate safeguards are in place, such as:
• UK adequacy regulations
• Standard Contractual Clauses (SCCs)
8. Data Retention
We retain personal data only as long as necessary, including:
• Booking and financial records: up to 6 years (legal requirement)
• Guest verification data: retained only as long as necessary for compliance
• Marketing data: until you withdraw consent
9. Your Rights
Under UK GDPR, you have the right to:
• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner’s Office (ICO)
Requests are free of charge unless they are manifestly unfounded or excessive.
10. Cookies
We use cookies to improve your experience.
Non-essential cookies (e.g. analytics) are only used with your consent.
You can manage your preferences via our cookie banner.
11. Security
We implement appropriate technical and organisational measures to protect your personal data.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for their privacy practices.
13. Changes to This Policy
We may update this policy from time to time. The latest version will always be available on our website.
14. Contact and Complaints
If you have concerns about how we handle your data, please contact us first.
You also have the right to complain to:
Information Commissioner’s Office (ICO)
https://ico.org.uk
This policy reflects our commitment to protecting your privacy and complying with UK data protection law.
Effective Date: 26th March 2026
Approved by: Mark Hudson, Director