Data Protection

Privacy Policy

Effective 8 July 2026

This policy explains what personal data Beyond Stays Group collects when you use our website or engage with our services, how we use it, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018.

Who we are

Beyond Stays Group ("Beyond Stays", "we", "us", "our") is a Manchester-based property management company. We are registered with the Information Commissioner's Office (ICO) as a data controller under the UK Data Protection Act 2018. For the purposes of the UK GDPR, we act as data controller for personal data collected via our website (beyondstaysgroup.co.uk) and services.

Registered office: Manchester, United Kingdom. Contact us for our full postal address if required for a legal notice.

What information we collect

We collect the following categories of personal data:

  • Contact details: name, email address, phone number, postal address where provided
  • Property details: address, property type, tenancy status, service interest (Management Only, Guaranteed Rent, Block Management)
  • Financial details: only when relevant to a service engagement (for example, bank details for rent payment). We never store card details on our site.
  • Communications: the content of any messages you send us via our contact form, WhatsApp, email, or Calendly booking
  • Technical data: IP address, browser type, device type, and pages visited. This is collected via Cloudflare Web Analytics, which is privacy-friendly and does not use cookies to identify individuals.

We do not collect special category data (health, ethnicity, religion, biometric data, etc.) unless you volunteer it in your message, and we do not seek to collect it.

How we collect it

  • Directly from you: when you complete our contact form, message us on WhatsApp, book via Calendly, email us, or engage with our services
  • Indirectly, through third parties: from OpenRent, referrals from other landlords, letting agents, or introducers you have authorised
  • Automatically: from Cloudflare Web Analytics as you use our website

Why we use it (legal bases)

Under UK GDPR we can only process your personal data where we have a lawful basis. The bases we rely on depend on the activity:

Purpose Legal basis
Responding to your enquiries Legitimate interests: responding to prospective clients
Providing services once we engage Contract: performance of a contract you enter with us
Sending you a written valuation, proposal, or rent offer Legitimate interests, and contract once you engage
Marketing communications (only where you opt in) Consent
Complying with legal and regulatory obligations Legal obligation
Security, fraud prevention, and website analytics Legitimate interests

Who we share it with

We share personal data only where necessary and always under appropriate contractual and technical safeguards. Categories of recipient include:

  • Our operational service providers: Cloudflare (hosting and CDN), Resend (transactional email delivery), Guesty (channel management platform for property management engagements), Enso Connect (guest communication platform), PriceLabs (pricing optimisation)
  • Our accountants, lawyers, and other professional advisors when required
  • Regulatory authorities, HMRC, and law enforcement where required by law
  • Third parties with your explicit consent (for example, a referred landlord you have introduced under our referral programme)

We never sell your personal data.

International data transfers

Some of our service providers (notably Cloudflare and Resend) are headquartered outside the UK, including in the United States. When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, typically the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum. You may request a copy of these safeguards by emailing us.

How long we keep it

We keep personal data only for as long as necessary for the purpose we collected it, then delete or anonymise it. Typical retention periods:

  • Enquiries that do not lead to engagement: 12 months from last contact
  • Client records (during engagement): duration of the service agreement plus 7 years for accounting and tax purposes
  • Referral programme records: 24 months from submission
  • Website analytics data: 12 months rolling
  • Marketing consent records: until you withdraw consent

Your rights

Under UK GDPR you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): request deletion where lawful
  • Right to restrict processing: pause processing while an issue is resolved
  • Right to object: object to certain processing based on our legitimate interests
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time
  • Right to complain to the ICO: if you are not satisfied, you can contact the Information Commissioner's Office at ico.org.uk or 0303 123 1113

To exercise any of these rights, email hello@beyondstaysgroup.co.uk with your request. We respond within 30 days.

How we protect your data

We implement technical and organisational security measures to protect your personal data, including:

  • HTTPS encryption on all pages
  • Access controls on internal systems (least privilege)
  • Encrypted storage for sensitive data
  • Regular backups and disaster recovery procedures
  • Vendor due diligence on all service providers

No system is completely secure. If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals as required by law.

Contact us

For any privacy question, data subject request, or complaint, contact us at hello@beyondstaysgroup.co.uk. Include "Data Protection" in the subject line so we can prioritise it.

If you are not satisfied with our response, you can complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk or 0303 123 1113.

Last updated: 8 July 2026. If you have any questions about this policy, email hello@beyondstaysgroup.co.uk.

WhatsApp Us