Privacy Policy
GDPR & Data Protection
PrivéStay is designed in line with the principles of the General Data Protection Regulation (GDPR), including data minimization, purpose limitation, and privacy by design.
- PrivéStay does not require guest accounts, logins, or profiles.
- No guest email addresses, phone numbers, payment details, or location data are collected.
- The only guest data that may be processed is a first name, solely for identifying and fulfilling requests.
- Guest data is processed on the lawful basis of legitimate interest, strictly to enable the requested service during a guest's stay.
Data Retention & Deletion
Guest request data is retained only for the duration necessary to:
- Fulfill requests
- Resolve operational issues
- Maintain service quality
Data is automatically deleted or anonymized after this period.
Data Subject Rights
Where applicable under GDPR, individuals have the right to:
- Request access to their data
- Request correction or deletion
- Object to processing
Requests can be submitted via our contact form.
International Data Transfers
Where data is processed outside the European Economic Area (EEA), appropriate safeguards are in place to ensure GDPR-compliant protection.