M & Y Elite Properties Privacy Policy

Last Updated: 27/11/2025

1. Introduction and Data Controller

M & Y Elite Properties (“we,” “our,” or “us”) operates a serviced accommodation business in the United Kingdom. We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This policy explains how we collect, use, disclose, and safeguard your personal data when you:

  • Make a booking or enquiry as a guest.

  • Visit our website, www.myeliteproperties.co.uk. 

  • Are a property owner we work with.

  • Are a supplier or service provider to us.

We are the “data controller” for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, meaning we determine how and why your personal data is processed.

2. Information We Collect

We may collect, use, store, and transfer different kinds of personal data, which we have grouped as follows:

A. For Guests:

  • Identity & Contact Data: Title, full name, date of birth, nationality, passport or driving licence number (for identity verification), email address, telephone number, home address.

  • Booking & Financial Data: Booking details (dates, property, number of guests), payment card details, transaction history, billing address.

  • Guest Preference Data: Special requirements (e.g., accessibility needs, preferences for high/low floor), travel purposes, any feedback you provide.

  • Technical & Usage Data: IP address, browser type, how you use our website, collected via cookies and similar technologies.

B. For Property Owners:

  • Identity & Contact Data: Full name, address, email, telephone number, proof of identity and ownership.

  • Financial Data: Bank account details for receiving payments, tax information (e.g., National Insurance number if relevant for self-assessment).

  • Property Data: Property address, details about the accommodation, safety certification records (Gas Safety, EPC, etc.).

C. Special Category Data: In limited circumstances, we may process more sensitive data, such as health information if you disclose a disability to ensure we provide appropriate accommodation. We will only process this with your explicit consent.

3. How We Collect Your Personal Data

We use different methods to collect data from and about you:

  • Direct Interactions: You provide most of the data by filling in forms on our website, corresponding with us by post, phone, email, or in person. This includes data you provide when you:

    • Make a booking.

    • Create an account on our website.

    • Request a quotation.

    • Subscribe to our marketing.

    • Give us feedback or contact us.

    • Enter a competition or survey.

  • Automated Technologies: We automatically collect Technical Data about your equipment and browsing behaviour on our website via cookies and server logs.

  • Third Parties or Publicly Available Sources: We may receive personal data about you from:

    • Online Travel Agents (OTAs): Such as Booking.com, Airbnb, Expedia, etc., when you book our properties through their platforms.

    • Payment Service Providers: Such as Stripe, PayPal, or your bank.

    • Publicly Available Sources: Such as Companies House or the Land Registry (for verifying property owners).

4. How We Use Your Personal Data (Our Lawful Bases)

We will only use your personal data when the law allows us to. Our primary lawful bases are:

  • Contract: To perform the contract we are about to enter into or have entered into with you (e.g., to process your booking, manage your stay, and pay owners/suppliers).

  • Legal Obligation: To comply with our legal responsibilities (e.g., complying with the Immigration (Hotel Records) Order 1972 which requires us to keep a record of all guests over 16, and HMRC tax requirements).

  • Legitimate Interests: For our legitimate business interests, provided your interests and fundamental rights do not override those interests (e.g., for marketing analysis, administrative tasks, and fraud prevention).

  • Consent: Where we have obtained your clear, specific consent for a particular purpose (e.g., sending direct marketing emails). You can withdraw consent at any time.

The table below describes our specific purposes for processing.

Purpose / Activity

Type of Data

Lawful Basis for Processing

To register and manage your booking

Identity, Contact, Financial

Performance of a contract

To manage payments and fees

Identity, Contact, Financial

Performance of a contract / Legal obligation

To manage our relationship with you (e.g., send booking confirmations, check-in info, requests for feedback)

Identity, Contact, Marketing

Performance of a contract / Legitimate interests (to improve service)

To comply with legal obligations (e.g., keeping guest registers, safety compliance)

Identity, Contact

Legal obligation

To verify guest identity and prevent fraud

Identity, Contact, Financial

Legitimate interests / Legal obligation

To send marketing communications

Identity, Contact, Marketing

Consent

To manage our relationship with property owners

Identity, Contact, Financial, Property

Performance of a contract

5. Data Sharing and Transfers

We may have to share your personal data with the parties set out below for the purposes outlined in section 4.

  • Service Providers: Acting as “data processors” who provide:

    • IT and System Administration Services (e.g., our property management software provider, website host).

    • Payment Processing Services (e.g., Stripe, PayPal).

    • Cleaning and Maintenance Companies (they will only receive necessary guest contact details for access).

  • Online Travel Agents (OTAs): Such as Booking.com and Airbnb, in accordance with their own privacy policies, to manage bookings made on their platforms.

  • Property Owners: We will share necessary guest information (name, contact details, booking dates) with the owner of the property you are staying in to facilitate your stay.

  • Professional Advisers: Including lawyers, bankers, auditors, and insurers.

  • Government Bodies: HMRC, regulators, and other authorities who require reporting of processing activities in certain circumstances.

  • Emergency Services: In case of an emergency at the property.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

We do not routinely transfer your personal data outside the UK. If we ever need to (e.g., using a cloud server located in the EU/US), we will ensure that a similar degree of protection is afforded to it by using specific contracts approved for use in the UK.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Financial and Transaction Data: We are required by UK tax law to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers.

  • Guest Registration Data: We are required by the Immigration (Hotel Records) Order 1972 to keep a record of all guests (name and nationality) for at least 12 months.

  • Marketing Data: We will retain your data for marketing purposes until you withdraw your consent or opt-out.

8. Your Legal Rights

Under data protection laws, you have the right to:

  • Request access to your personal data (a “data subject access request”).

  • Request correction of the personal data that we hold about you.

  • Request erasure of your personal data in certain circumstances.

  • Object to processing of your personal data where we are relying on a legitimate interest.

  • Request restriction of processing of your personal data.

  • Request the transfer of your personal data to you or a third party.

  • Withdraw consent at any time where we are relying on consent to process your personal data.

You will not have to pay a fee to exercise any of these rights. We may need to request specific information from you to help us confirm your identity.

9. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at the details in the “Contact Us” section below.

You also have the right to lodge a complaint with the UK supervisory authority at any time. The Information Commissioner’s Office (ICO) can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

10. Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

11. Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

12. Changes to This Privacy Policy

We may update this policy from time to time. The current version will always be available on our website. We will notify you of any significant changes by email or a notice on our website.

13. Contact Us

If you have any questions about this privacy policy or wish to exercise your rights, please contact our Data Protection Manager:

Data Protection Manager
M & Y Elite Properties
Suite A, 82 James Carter Road, Mildenhall, IP28 7DE
[email protected]
03301333875/WhatsApp: 07500597107

en_USEnglish
en_USEnglish