This policy explains what personal data Beyond Stays Group collects when you use our website or engage with our services, how we use it, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018.
Beyond Stays Group ("Beyond Stays", "we", "us", "our") is a Manchester-based property management company. We are registered with the Information Commissioner's Office (ICO) as a data controller under the UK Data Protection Act 2018. For the purposes of the UK GDPR, we act as data controller for personal data collected via our website (beyondstaysgroup.co.uk) and services.
Registered office: Manchester, United Kingdom. Contact us for our full postal address if required for a legal notice.
We collect the following categories of personal data:
We do not collect special category data (health, ethnicity, religion, biometric data, etc.) unless you volunteer it in your message, and we do not seek to collect it.
Under UK GDPR we can only process your personal data where we have a lawful basis. The bases we rely on depend on the activity:
| Purpose | Legal basis |
|---|---|
| Responding to your enquiries | Legitimate interests: responding to prospective clients |
| Providing services once we engage | Contract: performance of a contract you enter with us |
| Sending you a written valuation, proposal, or rent offer | Legitimate interests, and contract once you engage |
| Marketing communications (only where you opt in) | Consent |
| Complying with legal and regulatory obligations | Legal obligation |
| Security, fraud prevention, and website analytics | Legitimate interests |
We share personal data only where necessary and always under appropriate contractual and technical safeguards. Categories of recipient include:
We never sell your personal data.
Some of our service providers (notably Cloudflare and Resend) are headquartered outside the UK, including in the United States. When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, typically the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum. You may request a copy of these safeguards by emailing us.
We keep personal data only for as long as necessary for the purpose we collected it, then delete or anonymise it. Typical retention periods:
Under UK GDPR you have the following rights:
To exercise any of these rights, email hello@beyondstaysgroup.co.uk with your request. We respond within 30 days.
We implement technical and organisational security measures to protect your personal data, including:
No system is completely secure. If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals as required by law.
For any privacy question, data subject request, or complaint, contact us at hello@beyondstaysgroup.co.uk. Include "Data Protection" in the subject line so we can prioritise it.
If you are not satisfied with our response, you can complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk or 0303 123 1113.
Last updated: 8 July 2026. If you have any questions about this policy, email hello@beyondstaysgroup.co.uk.