Privacy Policy for Delisio Stays (HouseBuddy Ltd)

1) Who we are (data controller)

Delisio Stays is a trading name of HouseBuddy Ltd, a company registered in England & Wales (no. 13059590), registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
For the purposes of UK GDPR and the Data Protection Act 2018, HouseBuddy Ltd is the data controller for personal data processed in connection with our website and short-stay operations.

• Contact (privacy): [email protected] or [email protected]

• ICO registration: ZB185573

2) What data we collect

We collect and process personal data in the following categories:

• Identity & contact: name, email, phone number, postal address.

• Booking & stay data: reservation details, property, dates, guests, preferences, messages with us, check-in/out time, deposits, incident/damage reports.

• Payment data: cardholder name, last 4 digits, token/ID from our payment processor (we do not store full card numbers).

• Verification/ID data: where required by law (e.g., Italy guest registration), passport/ID details for each staying guest.

• Technical & usage data: IP address, device/browser information, pages viewed, referral source, cookie identifiers and analytics events.

• Marketing & social: your marketing preferences; interactions with our emails and with our social media pages.

• Owner/landlord contact data (B2B): where you are a property owner engaging us (covered here for transparency; owners also receive a separate agreement).

3) Where we get your data from

• Directly from you (forms, checkout, email/phone, messaging apps used for support).

• Booking channels you use (e.g., Airbnb, Booking.com, VRBO) — these platforms act as independent controllers when you book through them and then share data with us to fulfil your reservation.

• Our service providers (e.g., identity-verification tools where used, payment processors, property-access/lock solutions).

• In limited cases, from co-travellers or the person who makes a booking on your behalf.

4) Why we use your data (lawful bases)

We process personal data only when we have a legal basis. Typical purposes and bases are:

• To take and manage your booking; provide the stay; customer support — contractual necessity.

• Guest verification and legal reporting (e.g., Italian guest ID reporting; city/tourist taxes) — legal obligation.

• Security, building rule enforcement, fraud prevention, incident handling — legitimate interests (to protect guests, owners, neighbours and our business).

• Service improvement, analytics, troubleshooting our website and operations — legitimate interests.

• Marketing by email/SMS — consent, and for UK “soft opt-in” to existing customers PECR applies; you can opt out anytime.

• Record-keeping, tax and accounting — legal obligation and legitimate interests.

• Defending/establishing legal claims — legitimate interests.

5) Sharing your data

We share personal data only as needed for the purposes above, with appropriate safeguards:

• Booking platforms/marketplaces you use (independent controllers).

• Payment processors to process transactions securely.

• Property operations providers (e.g., channel manager/booking engine, guest-communication tools, cleaners/maintenance contractors, smart-lock/keysafe providers, identity-verification providers where used).

• Analytics and advertising tools (e.g., site analytics, email delivery/engagement).

• Public authorities where required by law (e.g., Italian public security/Questura guest registration, city/tourist tax authorities) or to comply with lawful requests.

• Professional advisers and insurers (legal/insurance matters).

• Buyers/investors in the context of a corporate transaction (subject to confidentiality).

We do not sell your personal data.

6) International transfers

Your data may be transferred outside the UK/EEA (for example, when we use global cloud services). Where we do so, we rely on:

• UK/EU adequacy regulations, or

• standard contractual clauses with the UK addendum / IDTA (and, where relevant, EU SCCs), plus supplementary safeguards where required.

You can request a copy of the relevant transfer mechanism.

7) Data retention

We keep data only for as long as necessary for the purposes described:

• Bookings, invoices, communications, incident records: typically 6 years after the end of the financial year of your stay (for tax/accounting and legal claims).

• Verification/ID data for Italy guest reporting: retained only as long as necessary to comply with legal reporting and verification; we do not keep ID copies longer than required by law or operational necessity.

• Payment tokens/records: as provided by our processor and as needed for chargebacks/fraud — typically up to 6 years.

• Marketing data: until you withdraw consent/opt out, after which we maintain a minimal suppression record to honour your choice.

• Cookies/analytics identifiers: per the lifetimes set out in our Cookie Policy.

8) Cookies and similar technologies

We use cookies and similar technologies for site functionality, analytics and (where consented) marketing. For details, please see our Cookie Policy, where you can manage preferences.

9) Your rights

Under UK GDPR (and, where applicable, EU GDPR), you have rights to:

• Access your data; rectification; erasure; restriction; portability; and object to processing based on legitimate interests or direct marketing.

• Withdraw consent at any time (this does not affect processing prior to withdrawal).

• Complain to a supervisory authority. In the UK this is the Information Commissioner’s Office (ICO): ico.org.uk | 0303 123 1113. You may also have the right to complain to your local EEA authority if you reside in the EEA.

To exercise your rights, contact [email protected] or [email protected]. We may need to verify your identity before responding.

10) Children

Our services are not directed to children under 18. We do not knowingly collect children’s data for marketing purposes.

11) Security

We apply technical and organisational measures appropriate to the risk (access controls, encryption in transit, pseudonymisation where appropriate, staff training, least-privilege access, and vendor due-diligence). No system is perfectly secure; we maintain incident response procedures and will notify you and regulators of data breaches where legally required.

12) Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means about individual guests. We may use risk scoring and dynamic pricing tools to help prevent fraud and optimise operations; final decisions that materially affect a booking involve human review.

13) EEA/Italy addendum (when you stay in the EEA)

For stays at properties in the EEA (including Italy):

• Local legal duties. We may be required to collect guest ID information and submit guest data to public authorities (e.g., Italian guest registration and imposta di soggiorno/city tax reporting). The legal basis is legal obligation.

• EU GDPR. If you are an EEA resident booking a stay in the EEA, your local mandatory consumer and data protection rights continue to apply. Where we are required to appoint an EU representative, their details will be listed above.

• Cross-border transfers from the EEA to the UK or other countries use EU GDPR transfer tools (e.g., EU SCCs or adequacy, as applicable).

14) Third-party links

Our site may link to third-party websites (e.g., booking marketplaces). Those sites have their own privacy policies and are independent controllers of your data.

15) Changes to this policy

We may update this Policy from time to time. We’ll post the new version with an updated “Last updated” date and, if changes are material and you have an active booking or subscription, we’ll notify you by email or in-app message.

16) Contact us

HouseBuddy Ltd (trading as Delisio Stays)
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: [email protected] | [email protected]

Effective date: January 2025

Last updated: July 2025