Privacy Policy

Last updated: April 2026

1. Who We Are

Green Key Locations ("we", "us", "our") operates the website greenkeylocations.co.uk. We are a UK-based serviced accommodation provider offering short-term rental properties in Norwich and Wymondham, Norfolk.

When you make a booking enquiry or request information through our website, we collect and process personal data about you as described in this Privacy Policy.

Data controller: Green Key Locations

Email: info@greenkeylocations.co.uk

2. What Personal Data We Collect

We may collect the following categories of personal data:

Identity & Contact Full name, email address, phone number
Booking Information Check-in/check-out dates, number of guests, property preferences
Financial Payment details (processed securely via third-party payment provider)
Communication Messages, enquiries, and feedback you send us
Technical IP address, browser type, and device information (collected automatically by our hosting platform)
Special Requirements Accessibility needs, dietary requirements, or other preferences voluntarily disclosed

We do not collect special category data (such as health, racial origin, political opinions, religious beliefs, or biometric data) unless voluntarily provided by you for a specific purpose (e.g., accessibility requirements).

3. How We Collect Your Data

  • Direct enquiry form — when you submit a booking or availability enquiry via our website form
  • Email and phone contact — when you write to us or call us directly
  • Booking platforms — when you book via Airbnb, Booking.com, or similar; we receive your data from their iCal/booking systems
  • Cookies — we use essential and functional cookies to operate our website (see our Cookie Policy)

4. Why We Use Your Data (Purposes & Lawful Basis)

We only process your personal data when we have a lawful basis to do so under UK GDPR. The lawful bases we rely on are:

Contract performance (Article 6(1)(b))

We process your data to provide the accommodation services you have requested, including managing your booking, check-in, and stay.

Legal obligation (Article 6(1)(c))

We retain financial records and booking data as required by HMRC and other UK law.

Legitimate interests (Article 6(1)(f))

We may use your contact details to respond to enquiries and send service-related communications. You can opt out at any time.

Consent (Article 6(1)(a))

Where we send marketing communications, we only do so with your explicit consent, which you can withdraw at any time.

5. Who We Share Your Data With

We only share your personal data with third parties when necessary and only with organisations that handle your data responsibly:

  • Booking platforms — Airbnb, Booking.com, and similar channels, as part of managing your booking
  • Payment processors — payment providers used to process transactions (PCI-DSS compliant)
  • Property management tools — software we use to manage bookings and guest communications
  • Guest identity verification — where required by law, for fraud prevention or regulatory compliance
  • Legal obligations — law enforcement, regulators, or other authorities when legally required

We do not sell, rent, or trade your personal data with third parties for marketing purposes.

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes set out above. As a general guide:

  • Booking enquiries (no booking made): up to 12 months from last contact
  • Confirmed bookings: for the duration of your stay plus 7 years (for financial and tax record obligations)
  • Financial records: 7 years from the end of the relevant financial year (as required by HMRC)
  • ID verification records: as required by law (typically up to 1 year for accommodation providers)

After these periods, your data is securely deleted or anonymised.

7. Your Rights Under UK GDPR

You have a number of rights regarding your personal data. To exercise any of these rights, please contact us at info@greenkeylocations.co.uk.

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data, subject to legal retention obligations.

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, commonly used format, or request it be transmitted to another provider.

Right to Object

Object to processing based on legitimate interests, including direct marketing.

Rights Related to Automated Decision-Making

Request human review of any automated decisions that significantly affect you.

We will respond to all requests within one month. There is no charge for exercising your rights.

8. How We Keep Your Data Secure

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes:

  • Encrypted data transmission (HTTPS/TLS) on our website
  • Access controls limiting who can access guest data
  • Secure storage of booking and financial records
  • Regular review of data access and retention

9. Cookies

We use cookies on our website to ensure basic functionality. For full details of what cookies we use and why, please see our Cookie Policy.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., Airbnb, Booking.com). We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

11. Complaints

If you have any concerns about how we have handled your personal data, please contact us first and we will do our best to resolve the issue.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

ICO: www.ico.org.uk

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Helpline: 0303 123 1113

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.