Consumer and website privacy notice

Welcome to our Privacy Notice
We know planning a holiday should be exciting, not complicated. This notice explains how we use your personal information and why, in a way that’s clear and easy to follow.

You'll find separate sections for Guests booking a stay and Owners listing their property, so you can go straight to what matters to you.

Our goal is simple: to keep your information safe while you enjoy everything else.

We last changed this policy on 05 January 2026 and it is version 3.0

Guest
Owner

Guest Privacy Policy

Who we are

We are Sykes Cottages Ltd (Sykes) and we also trade under number of different brands. Our trading brands are Best Escapes, Best of Suffolk, Carbis Bay Holidays, Coast & Country Cottages, Coast & Country Holidays, Cornish Cottage Holidays, Dream Cottages, Helpful Holidays, Hogans Irish Cottages, John Bray Cornish Holidays, Lake District Lodge Holidays, Lakelovers, Lyme Bay Holidays, Manor Cottages, Menai Holidays, Northumbria Coast & Country Cottages, Sykes Holiday Cottages, UK Lodge Breaks and Yorkshire Coastal Cottages.

Sykes Cottages Ltd, is a company registered in England, with company number: 4469189 of One City Place, Chester, Cheshire, CH1 3BQ, (referred to as “Sykes”, “Sykes Cottages”, "we", "us" or "our" in this privacy notice) is the primary data controller in relation to your personal data. This means that we are responsible for your personal data.

We are part of a wider Group of companies called Forge Holiday Group which includes Forge Holiday Group Ltd, Forest Holidays Limited and Bachcare and we share some services such as Technology, Operations and Customer Service Centre Support, Cyber Security, Legal, People & Culture, Finance and Marketing. We have Group information sharing agreements in place to govern this information sharing.

Our contact details

If you have any questions about this privacy notice or with to contact us with any data protection queries or concerns, please email dpo@sykescottages.co.uk

The data we collect from you

We collect personal data when you:

• Book a holiday with us.

• Visit our website or use our app.

• Contact us by phone, email, live chat, social media, or other channels.

• Enter competitions or respond to surveys.

We may collect:

• Your name, address, email, phone number, title, and country of residence.

• Details of other people in your travel party. If you're the lead booker, please make sure they know you've shared their information with us and that it's covered by this privacy notice.

• Social media identifiers if you interact with us online.

• Information from public sources to help verify your identity.

• Technical data like your IP address, browser type, device info, and location settings.

• Marketing preferences, cookie consents, and how you use our website or app.

If you book through a third-party site (like Airbnb or Booking.com), we receive your data from them. What we get depends on their privacy policy.

If you provide information about children, you're responsible for getting the right consent from them or their parent/guardian.

Special category data

In the course of providing our services, we may occasionally collect special category data, such as information about your or a member of your travel party's health. This may include details you provide to us about accessibility requirements for accommodation or health-related reasons for cancelling a booking. We will only collect and use this information:

• With your explicit consent, or

• Where there is a legal basis to do so, such as protecting vital interests or complying with public health obligations.

We treat all such data with the highest level of confidentiality and only use it for the purpose for which it was provided.

What we do with your data & our lawful bases for doing so

We use your personal data for the following purposes, and each use is supported by a lawful basis under the UK GDPR:

🏡 Managing Your Booking

We use your data to:

• Process your holiday booking.

• Support the rental agreement between you and the property owner.

• Share your details with the property owner (who is a separate data controller).

Legal basis: Contract

📱 Account and Customer Portal & App Access

We use your data to:

• Create and manage your account.

• Give you access to your bookings, feedback, and personalised offers via our website and app.

Legal basis: Contract

📞 Customer Service and Complaints

We use your data to:

• Respond to enquiries and complaints.

• Mediate between you and property owners if issues arise during your stay.

• Verify facts using call recordings or chat transcripts.

• Operate our global property restriction policy.

Legal basis: Contract or Legitimate Interest

🌍 Global Booking Restrictions

In rare cases we process your personal data to operate our global restrictions policy. This means that if you have breached our booking terms or policy (for example, due to serious misconduct, fraudulent activity, or behaviour that poses a risk to property or safety), we may restrict you from making future bookings across our brands.

This includes:

• Identifying serious misconduct or fraudulent activity.

• Applying restrictions across all brands to protect property and safety.

• Maintaining records of breaches to prevent repeat incidents.

Legal basis: Legitimate interests – in protecting our properties, owners, colleagues, and other guests from harm and ensuring the integrity of our booking platform.

🕵️ Know Your Customer (KYC) Checks

Very occasionally we carry out KYC checks to verify customer identity and prevent financial crime.

This includes:

• Collecting and validating identification documents where required.

• Using third-party verification tools to confirm identity and reduce fraud risk.

Legal basis: Compliance with anti-money laundering and counter-terrorism financing regulations, and legitimate interests in safeguarding our business.

💳 Payments and Financial Management

We use your data to:

• Manage payments, fees, and refunds.

• Recover debts, which may involve third-party agencies.

Legal basis: Contract

📢 Marketing and Promotions

We use your data to:

• Send you marketing communications about future bookings, offers, and related products (like insurance).

• Personalise advertising and promotional content.

• Run competitions and loyalty schemes.

Legal basis:

• Consent for marketing email, SMS, and calls

• Legitimate interests for postal marketing, competitions and loyalty scheme

• Legitimate interests in promoting Business to Business opportunities

You can withdraw your consent or object to marketing communication at any time via unsubscribe links, your customer portal, or completing the Online form

🎁 Bloom Loyalty Programme

We use your personal data to:

• Enrol you in our Bloom loyalty programme if you're eligible.

• Track your bookings and activity to award loyalty benefits.

• Send you updates, offers, and rewards related to the programme.

Legal basis:

• Performance of a contract – where you've signed up to Bloom and we need to deliver the benefit and member only exclusive offers.

• Legitimate interests – in encouraging repeat bookings and customer engagement through loyalty rewards.

You can opt out of Bloom at any time by updating your preferences in your customer App.

🔄 Business Acquisitions

If you are a customer of a business we acquire, we may continue to process your data in line with that business's privacy policy.

Legal basis: Legitimate interests

⚖️ Legal & Regulatory Compliance and Business Operations

We may process your data to:

• Comply with UK, Irish, EU, and other Financial, Legal and Audit obligations.

• Carry out internal and external audits, staff training, and internal reporting.

• Prepare financial accounts and aggregated data for public disclosure.

• Cooperate with regulators and public authorities (e.g. ICO, HMRC, CMA, police, local councils).

Legal basis: Legal obligation

🛡️ Security and Business Operations

We use your data to:

• Maintain cybersecurity and protect our systems from threats

• Monitor and prevent fraud or unauthorised access

• Ensure the availability and integrity of our IT infrastructure.

• Support business continuity and disaster recovery planning

• Manage internal governance, risk and compliance processes.

Legal basis: Legitimate interests in ensuring security and efficient business operations

📊 Data Analytics & Behaviour Analysis, Website & App Usage

We use data analytics to help us understand how customers interact with our services, improve our offerings, and make informed business decisions.

This includes:

• Analysing how people use our website and app (e.g. pages visited, time spent, clicks).

• Using cookie and tracking technologies to understand browsing behaviour (where consent is given).

• Aggregating booking and customer service data to identify trends and improve performance.

• Using our data warehouse to combine and analyse data from multiple sources (e.g. bookings, feedback, marketing responses, customer service interactions) to: Improve customer experience, forecast demand and plan resources, Personalise offers and communications, monitor business performance and support strategic decisions.

Legal basis: Legitimate interests in improving services and protecting systems or Consent where required for non-essential cookies

🔍 User Experience and Market Research

We may invite you to take part in research or surveys to improve our services. We'll provide more details at the time.

Legal basis: Legitimate interests in understanding customer needs and improving services

🤖 Artificial Intelligence (AI) and Automated Tools

We use AI technologies to improve and personalise our services, customer experience, and operational efficiency. This includes:

• Chatbots and Virtual Assistants: If you contact us via live chat or certain digital channels, you may interact with an AI-powered chatbot. We will always make it clear when you are communicating with an AI tool.

• Call Transcription and Analysis: Calls to our customer service teams may be recorded, transcribed, and analysed using AI tools. This helps us improve service quality, resolve issues, and train our AI systems.

• Review and Feedback Analysis: We use AI to scan and analyse customer reviews and feedback to identify trends and improve our services.

• Training AI Models: We may use anonymised or pseudonymised call transcripts and interaction data to train and improve our AI tools.

• Transparency: We are committed to being open about our use of AI. We will always let you know when you are interacting with an AI system.

Legal basis:

Legitimate interests – in improving our services, ensuring quality, and developing technology responsibly.

Who we share your data with

Property Owners

Your Name, Contact Telephone Number, Postcode and Email Address will be shared with property owners on the basis that it is necessary to fulfil your contract with them. This also ensures owners can keep you informed and provide timely assistance during your stay should you require it.

If you make a complaint about the property or leave a review following your stay, the content of your complaint or review may be shared with the property owner. This is necessary to help them understand and respond to feedback, address any issues raised, and improve the quality of their accommodation and service.

Important: When you book a property, you have a contract with us as the booking agent and a contract with the owner of the property, the owner becomes a separate data controller for any personal data they receive about you (for example, your name or contact details). This means they have their own legal responsibilities under data protection law to keep your information secure and use it only for lawful purposes.

Other Group companies

Other companies in the Forge Holiday Group may receive your personal data either when necessary for the provision of shared services.

IT service providers

Our technology is often hosted in the cloud, and we use a number of service providers such as our cloud hosting providers, CRM provider, security software providers to support our websites and other technology stacks.

Professional advisors

We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information.

Public authorities

This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.

Payment services providers

We use specialist companies to process payment card details.

Marketing partners

We use many service providers to assist in our marketing efforts,

Insurance providers and compliance partners

Where necessary for the purposes of your or our insurance needs we will disclose your details to insurers, brokers and partners and may need to disclose it to our compliance partner or any organisation (such as the FOS or the FCA) that you may later complain to. These partners are:

• Advisory Insurance Brokers Limited (t/a Towergate Travel), 2 Minster Court, Mincing Lane, London, EC3R 7PD

• AWP P&C S.A., 102 George Street, Croydon, CR9 6HD

• ITC Compliance Ltd, Monarch Court, The Brooms, Emersons Green, Bristol, BS16 7FH

• Pikl Insurance Services Ltd, Second Floor, The Atrium, Suite B St Georges St, Norwich NR3 1AB

Third party booking platforms

These include but are not limited to AirBnB, Vrbo, Booking.com, TripAdvisor, Expedia and similar companies. They may pass the information on to other advertising partners.

Purchasers or potential purchasers of our business

Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change of ownership happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

International transfers of your data

One of the companies in our Group, Bachcare is based in New Zealand and so where Bachcare provide shared services on behalf of the Group, this may involve the transfer of data to New Zealand.

We use some trusted service providers located outside the UK or EEA.

For example:

• Kosovo – where we use customer service providers.

• Egypt – where we work with software development partners.

• United States – where we use a range of technology and infrastructure providers.

Whenever we transfer your personal data internationally, we make sure it is protected in line with UK GDPR requirements. Depending on the country and provider, we use one or more of the following safeguards:

• Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA) or Binding Corporate Rules (BCRs) PLUS Transfer Impact Assessments (TIAs) – to assess and manage any risks.

• EU–US and UK–US Data Privacy Frameworks – for US-based partners who are certified under these schemes.

We only transfer personal data where necessary for our services, and we ensure appropriate technical, contractual and legal safeguards are in place to protect your rights.

If you want to know more about specific safeguards for your data in relation to international transfers, please contact our Data Protection Officer.

How long we keep your data

We keep most customer data for six years after the end of the financial year in which your last booking took place. This is to meet our legal, accounting, and insurance obligations, and to help us respond to any queries or complaints.

In some cases, we may keep data for longer if required by law or if there is an ongoing dispute or debt.

Your Rights

Right to access

You can ask to see the personal data we hold about you.

Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to erasure

You can ask us to delete your personal data when it's no longer needed or if you withdraw your consent.

Right to restrict processing

You can ask us to limit how we use your data in certain circumstances.

Right to data portability

You can ask to receive your data in a format you can use elsewhere or have it sent to another organisation.

Right to object

You can object to how we use your data, especially for marketing or profiling.

Right to withdraw consent

Where we rely on your consent, you can withdraw it at any time.

You also have the right to complain to us

if you're unhappy with how we've handled your personal data. We'll do our best to resolve your concerns quickly and fairly.

Exercising your rights

You can email dpo@sykescottages.co.uk or ask our customer services teams on the phone.

Please note that not all rights apply in every situation. Whether a right applies may depend on the lawful basis we're using to process your data. For example, some rights may not apply where processing is based on a legal obligation or where data is needed to fulfil a contract.

Making a complaint

You always have the right to complain to the regulator and for customers in the UK this would be the Information Commissioner's Office whose details can be found at www.ico.org.uk or if you are in the EU you can complain to the Irish Data Protection Commission whose details can be found at www.dataprotection.ie

Both organisations will expect you to have complained to us first and to have given us an opportunity to respond and will generally refer you back to us if you have not. We would also really appreciate the opportunity to try and resolve your complaint first because we would prefer to resolve matters amicably where we can.

Automated profiling

For marketing and recommendations purposes we may process your data in ways that tell us what you are likely to want to see from us and products that may interest you. We may also make certain offers available to you on this basis. This profiling is automated and may use Machine Learning or Artificial Intelligence tools to give us the results.

Changes to this privacy policy

We always record the data on which the privacy policy has been changed at the top of this page. You can ask us for copies of previous privacy policies and when they were effective from at any time. When we change our purposes for processing your data we will let you know either through this privacy policy or by sending you a direct communication if we think it has a large impact on you. Regular communications may indicate when we have updated this policy and ask you to take a look at it.

Links to other websites or social media

Our website may include links to and from third-party websites, social media, plug-ins and applications. By clicking on these links or enabling connections you may be allowing third parties to collect or share your personal data. We have no control over these third-party websites, plug-ins or applications and are not responsible for their privacy policies, therefore you should also read their privacy policies to understand what personal data they collect about you and how they use it.

Owner Privacy Policy

Who we are

Sykes Cottages Ltd, is a company registered in England, with company number: 4469189 of One City Place, Chester, Cheshire, CH1 3BQ, (referred to as "Sykes", "Sykes Cottages", "we", "us" or "our" in this privacy notice) is the primary data controller in relation to your personal data. This means that we are responsible for your personal data.

Our contact details

If you have any questions about this privacy notice or with to contact us with any data protection queries or concerns, please email dpo@sykescottages.co.uk

The data we collect from you and elsewhere

We collect personal information when you:

• Register as an owner or enquire about letting your property, attend one of our events or webinars.

• Communicate with us by phone, email, live chat, or social media.

• Use our owner portal, website or app.

• Respond to surveys or marketing campaigns.

What we collect may include:

• Your name, address, email, phone number, and country of residence.

• Financial details such as bank account information, tax status, VAT numbers.

• Property details including address, photos, and service preferences.

• Identification documents for verification (e.g., licences).

• Technical data like IP address, browser type, and device information.

• Marketing preferences and cookie consents.

We may also collect information from public sources (e.g., Companies House, Land Registry) and third-party lead generators.

What we do with your data and our lawful bases for doing so

🏠 Managing Your Account and Property Listing

We use your data to:

Set up and maintain your owner account. Manage your property listing and ensure accurate details. Communicate with you about your property and bookings, complaints, property issues and reviews.

Legal basis: Performance of a contract – to provide our services as your letting agent.

🔑 Providing Services

We use your data to: Facilitate bookings and manage rental agreements.

Coordinate managed services (e.g., cleaning, maintenance). Introduce you to insurance partners if requested. Send you essential updates about our terms, business operations or changes to short term holiday let legislation or requirements.

Legal basis: Performance of a contract – necessary to fulfil our agreement with you and your Guests.

📱 Owner Portal and App Access

We use your data to: Give you access to property performance insights.

Provide updates and tools to manage your property.

Legal basis: Performance of a contract – to deliver the services you signed up for.

Legitimate interests – in providing a comprehensive owner experience.

📢 Marketing and Promotions

We use your data to: Send marketing communications about new services, offers, and industry updates. Personalise advertising and promotional content.

Legal basis: Consent – for email, SMS where required.

Legitimate interests – for postal marketing and phone calls for general business growth.

You can withdraw consent or update preferences anytime via your owner portal or by contacting us.

💳 Financial Management

We use your data to: Process payments, fees, and refunds.

Manage debt recovery, which may involve third-party agencies.

Legal basis: Performance of a contract – to manage financial transactions related to your property.

🔄 Business Acquisitions

If you are a customer of a business we acquire, we may continue to process your data in line with that business's privacy policy.

Legal basis: Legitimate interests

⚖️ Legal & Regulatory Compliance and Business Operations

We may process your data to:

• Comply with UK, Irish, EU, and other Financial, Legal and Audit obligations.

• Carry out internal and external audits, staff training, and internal reporting.

• Prepare financial accounts and aggregated data for public disclosure.

• Cooperate with regulators and public authorities (e.g. ICO, HMRC, CMA, police, local councils).

Legal basis: Legal obligation

🛡️ Security and Business Operations

We use your data to:

• Maintain cybersecurity and protect our systems from threats

• Monitor and prevent fraud or unauthorised access

• Ensure the availability and integrity of our IT infrastructure.

• Support business continuity and disaster recovery planning

• Manage internal governance, risk and compliance processes.

Legal basis: Legitimate interests in ensuring security and efficient business operations

📊 Data Analytics & Behaviour Analysis, Website & App Usage

We use data analytics to help us understand how customers interact with our services, improve our offerings, and make informed business decisions.

This includes:

• Analysing how people use our website and app (e.g. pages visited, time spent, clicks).

• Using cookie and tracking technologies to understand browsing behaviour (where consent is given).

• Aggregating booking and customer service data to identify trends and improve performance.

• Using our data warehouse to combine and analyse data from multiple sources (e.g. bookings, feedback, marketing responses, customer service interactions) to: Improve customer experience, Forecast demand and plan resources, Personalise offers and communications, monitor business performance and support strategic decisions.

Legal basis: Legitimate interests in improving services and protecting systems or Consent where required for non-essential cookies

🔍 User Experience and Market Research

We may invite you to take part in research or surveys to improve owner engagement and our services. We'll provide more details at the time.

Legal basis: Legitimate interests in understanding customer needs and improving services

🤖 Artificial Intelligence (AI) and Automated Tools

We use AI technologies to improve our services, customer experience, and operational efficiency. This includes:

• Review and Feedback Analysis: We use AI to scan and analyse customer reviews and feedback to identify trends and improve our services.

Who we share your data with

Guests

We share some of your details (such as your name, email address, and address) with guests when required and on request. This is necessary to fulfil your contract and their booking, and it ensures compliance with UK consumer and marketing laws. When guests stay at your property, you are also a data controller for their personal data (for example, when you receive their names or contact details). This means you must handle that data lawfully and securely.

Other Group companies

Other companies in the Forge Holiday Group may receive your personal data either when necessary for the provision of shared services.

IT service providers

Professional advisors

We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information.

Public authorities

This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.

Payment services providers

We use specialist companies to process payment card details.

Marketing partners

We use many service providers to assist in our marketing efforts,

Insurance providers and compliance partners

• Advisory Insurance Brokers Limited (t/a Towergate Travel), 2 Minster Court, Mincing Lane, London, EC3R 7PD

• AWP P&C S.A., 102 George Street, Croydon, CR9 6HD

• ITC Compliance Ltd, Monarch Court, The Brooms, Emersons Green, Bristol, BS16 7FH

• Pikl Insurance Services Ltd, Second Floor, The Atrium, Suite B St Georges St, Norwich NR3 1AB

Third party booking platforms

These include but are not limited to AirBnB, Vrbo, Booking.com, TripAdvisor, Expedia and similar companies. They may pass the information on to other advertising partners.

Purchasers or potential purchasers of our business

International transfers of your data

One of the companies in our Group, Bachcare is based in New Zealand and so where Bachcare provide shared services on behalf of the Group, this may involve the transfer of data to New Zealand.

We use some trusted service providers located outside the UK or EEA.

For example:

• Kosovo – where we use customer service providers.

• Egypt – where we work with software development partners.

• United States – where we use a range of technology and infrastructure providers.

• EU–US and UK–US Data Privacy Frameworks – for US-based partners who are certified under these schemes.

We only transfer personal data where necessary for our services, and we ensure appropriate technical, contractual and legal safeguards are in place to protect your rights.

If you want to know more about specific safeguards for your data in relation to international transfers, please contact our Data Protection Officer.

How long we keep your data

We keep most owner data for six years after the end of the financial year in which your last booking took place. This is to meet our legal, accounting, and insurance obligations, and to help us respond to any queries or complaints.

In some cases, we may keep data for longer if required by law or if there is an ongoing dispute or debt.

Your Rights

Right to access

You can ask to see the personal data we hold about you.

Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to erasure

You can ask us to delete your personal data when it's no longer needed or if you withdraw your consent.

Right to restrict processing

You can ask us to limit how we use your data in certain circumstances.

Right to data portability

You can ask to receive your data in a format you can use elsewhere or have it sent to another organisation.

Right to object

You can object to how we use your data, especially for marketing or profiling.

Right to withdraw consent

Where we rely on your consent, you can withdraw it at any time.

You also have the right to complain to us if you're unhappy with how we've handled your personal data. We'll do our best to resolve your concerns quickly and fairly.

Exercising your rights

You can email dpo@sykescottages.co.uk or ask our Owner Relations Teams or your account manager on the phone.

Making a complaint

Automated profiling

Changes to this privacy policy

Links to other websites or social media