Owner Privacy Notice

1. Introduction

The Travel Chapter Limited are committed to protecting and respecting your personal data and privacy.

This Privacy Notice relates to how we use and collect personal data from you as a Holiday Cottage Owner when you engage with The Travel Chapter Limited (“we”, “us” or “our” or “Company”) to market, manage, or let your property, use our services or access our website. It also relates to our use of any personal information you provide to us by telephone (including SMS or WhatsApp), in written correspondence (including letter and email), through our social media channels and in person.

Please note that:

  • our website is not intended for children under the age of 18; and
  • our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Notice of every website you visit.

Whenever you provide personal data, we are legally obliged to use your information inline with all applicable laws concerning the protection of such information; including but not limited to the Data Protection Act 2018 and the General Data Protection Regulation, as it applies to the UK (UK GDPR), described in this notice as the “Data Protection Laws”.

This Privacy Notice also forms part of our terms of business and is not intended to override them. This Privacy Notice sets out the basis on which any Personal Information we collect from you, or that is provided to us by a third party, will be processed by us.

2. Who are we and how to contact us

We are The Travel Chapter Group. We operate a number of websites and brands including holidaycottages.co.uk. For a full list of our brands and websites please click here.

For the purpose of the Data Protection Laws, the data controlleris The Travel Chapter Limited. We are a private limited company registered in England and Wales under company number 02431506. Our registered office is at Travel Chapter House, Gammaton Road, Bideford, Devon. EX39 4DF, United Kingdom, our ultimate parent company Bookmark Topco Limited (a company registered in Jersey, company no 139976), its subsidiaries, affiliates and/or any of our brands.

ICO Reference number: Z4968059.

If you would like this Privacy Notice in another format (for example, audio, large print, braille) please contact our Data Protection Team using the contact details provided below:

Controller

The Travel Chapter Limited

Address

Travel Chapter House, Gammon Road, Bideford, North Devon, EX39 4DF

Email

DPO@travelchapter.com

In addition, you have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk).  We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

3. Changes to this Privacy Notice

This version of the Privacy Notice was last updated on 08.01.2026 and historic versions can be obtained by contacting our Data Protection Team using the contact details provided above.

This Privacy Notice may be updated from time to time. If the change impacts you or your Personal Information, we will inform you of changes made to this Privacy Notice.

4. Personal Information we collect about you

We only collect data from you directly; it is important that the Personal Data we hold about you is accurate and current. We cannot be held responsible for any inaccurate or incomplete data on our system arising from inaccurate entry of data by you into our information systems.  Please keep us informed if your Personal Data changes during your relationship with us.

Type of Personal Information Collected

Identity Data:

Personal Information includes:

• Title or Identifier

• Surname

• First Name

• Gender

Type of Personal Information Collected

Contact Data:

Personal Information includes:

• Billing Address (Primary Residential Address)

• Email addresse(s)

• Home Telephone Number

• Mobile Phone Number

Type of Personal Information Collected

Financial Data:

Personal Information includes:

• Bank account details

Type of Personal Information Collected

HMRC Owner Personal Data (Individual):

Personal Information includes:

• Owner(s) Names

• Date of Birth

• Tax identification number (National Insurance Number)

Type of Personal Information Collected

HMRC Owner Company Data:

Personal Information includes:

• Legal Name

• Registered Address

• Company Registration Number

• Tax identification number

Type of Personal Information Collected

Your Property Details:

Personal Information includes:

• Property Address

• Features

• Availability Pricing (current letting status)

Type of Personal Information Collected

Website(s):

Personal Information includes:

• For your online experience to function, we set whether you are logged in or out and record anonymous information to maintain your identify across multiple servers.

• Server logs are collected to monitor technical errors, aid diagnosis andother system activity which may include your device & IP Address.

Type of Personal Information Collected

Technical Data:
(Includes Internet Session Data)

Personal Information includes:

• Your Login Data (Username& Password)

• Owner ID

• Internet protocol (IP) address

• Browser type and version

• Time zone setting and location

• Browser plug-in types and versions

• Operating system and platform

• Other technology on the devices you use to access our website or our app

Type of Personal Information Collected

Voice calls:

Personal Information includes:

• Voice calls inbound and outbound may be     recorded for Training and Quality Purposes

• Electronic Transcripts are created from those recorded calls

Type of Personal Information Collected

Usage data:

Personal Information includes:

• Information about how you use our website, Owner Web App and Owner APP(Android / IOS)

Type of Personal Information Collected

Marketing and Communications:

Personal Information includes:

• Email Address collected during Owner Onboarding

• Your preferences in receiving marketing from us

Type of Personal Information Collected

Contractual Data:

Personal Information includes:

• Terms of the Letting Agreement, Communications (eMails, WhatsApp, TestMessage)

Please note that we may collect and/or process other personal data from time to time. If we ask you to provide any other personal information not described above, the personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point that you are asked to provide your personal information.

4.1 How is your personal data collected

We use different methods to collect data from and about you including through:

Method / Source

Direct - interactions

Interaction

• Completing webforms

•  Corresponding with us by post, phone, messaging service or email

•  Booking of the Property

• Creating an account on our website;

•  Subscribing to our additional service(s);

• Requesting marketing to be sent to you;

•  Completion of forms at trade shows/shows

•  Giving us feedback

•  Contacting us

Personal Information

• Identity Data

• Contact Data

• Voice calls

Method / Source

Automated technologies or interactions

Interaction

• When you visit our website

• Website Cookies and other similar technologies. Please see our cookie notice for further details

Personal Information

• Technical Data

Method / Source

Direct - HMRC mandated disclosure

Interaction

• In accordance with HMRC regulations introduced in 2024, we are legally required to collect and report specific information about property owners who earn income through holiday lettings. This is part of HMRC’s initiative to improve tax compliance and transparency

Personal Information

•  Identity Data

•  Contact Data

•  HMRC Personal Data

•  HMRC Company Data

•  Financial Data

Method / Source

Publicly Available Sources

Interaction

• Valuation Office Agency (Public Body)

• Land Registry (Public Body)

Personal Information

•  Identity Data

•  Contact Data

Method / Source

Special Category Data

Interaction

• Sometimes we may receive data from you about your health or about criminal convictions. You may also give us details of your relations, such as spouses. We will only ever take this information from you with your consent.

Personal Information

•  Special Category Data

4.2 If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel all or part of a service you have with us but we will notify you if this is the case at the time.

We use different methods to collect data from and about you including through:

5. How we use your personal data

We are required to tell you what we use your Personal Information for and the lawful basis on which we can process your Personal Information. We have set out below in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate:

Purpose/Activity

To fulfil a contract with you, the Owner

Type of Personal Information

• Identity Data

• Contact Data

Lawful basis for processing

• Formation of a Contract

Details

The Owner and the Agent have formed a contract for the agent to provide services to you, which include:

• Manage your property listings and bookings

• Communicate with you about bookings, maintenance, and payments

• Fulfil our contractual obligations

Purpose/Activity

Comply with legal and regulatory requirements

Type of Personal Information

• Identity Data

• Contact Data

• HMRC Personal Data

• HMRC Company Data

Lawful basis for processing

• Formation of a Contract

Details

• HMRC disclosure

• Statutory Licensing / Registration Scheme number

Purpose/Activity

To send operational communications

Type of Personal Information

• Identity Data

• Contact Data

Lawful basis for processing

• Formation of a Contract

Details

Communicate with you about bookings, maintenance, and payments. Note: These communications are not made for marketing purposes.

Purpose/Activity

To monitor browsing on our website or use our Owner Web APP and APP

Type of Personal Information

• Technical Data

Lawful basis for processing

• Consent

• Legitimate interest

Details

We may communicate with you about our products, services, promotions, and news or, where applicable, relevant third parties’ services.

Purpose/Activity

Marketing communications (email)

Type of Personal Information

• Contact Data

Lawful basis for processing

• Consent (Newsletters & Owner Comms)

Details

We may communicate with you about our products, services, promotions, and news or, where applicable, relevant third parties’ services.

Purpose/Activity

Marketing communications (phone)

Type of Personal Information

• Contact Data

Lawful basis for processing

• Consent

Details

Where we send you marketing through texts, or by phoning you if you are registered on the TPS we do this on the basis of your consent. You can withdraw this consent at any time during a telephone conversation.

Purpose/Activity

Legal Proceedings

Type of Personal Information

• Identity Data

• Contact Data

Lawful basis for processing

• Formation of a contract

Details

We may use the information we collect to investigate or address claims or disputes relating to your use of our services, or as otherwise allowed by applicable law.

Purpose/Activity

Fact verification and to meet regulatory obligations

Type of Personal Information

• Voice calls and transcripts

Lawful basis for processing

• Formation of a contract

Details

We use these recordings and transcripts for training purposes, fact verification and to meet regulatory obligations in relation to selling insurance. In a similar way we may retain transcripts  of live chats, text messages and other social media direct messaging that we send to you or you send to us.

Purpose/Activity

People who manage your property

Type of Personal Information

• Identity data

• Contact data

Lawful basis for processing

• Formation of a contract

Details

We also collect data from you about other people such as those who manage your property. You are responsible for telling them you have given us their data our use of which is governed by this Privacy Notice.

Purpose/Activity

Potential Owner Lead

Type of Personal Information

• Identity data

• Contact data

Lawful basis for processing

• Legitimate interest

Details

We may send you marketing through the post on the basis of our legitimate interest in growing our property offer where we have obtained your information from a publicly available source such as the Land Registry.

Purpose/Activity

Customer Services / Complaints Team

Type of Personal Information

• Identity data

• Contact data

Lawful basis for processing

• Contract

Details

Where you make a complaint or have a query, or where a holidaymaker raises issues with one of your properties, we will need to process your personal data to mediate between you and them. We do this because it is necessary to fulfil our booking conditions which are part of the contracts between us and you and you and the holidaymakers.

Purpose/Activity

Research and Development

Type of Personal Information

• Identity data

Lawful basis for processing

• Legitimate interest

Details

We may use the information we collect for testing, research, analysis and product development. This allows us to gain better market insights.

Purpose/Activity

Public Forums

Type of Personal Information

• Identity data

Lawful basis for processing

• Information made publicly available

Details

When you choose to share personal information through public platforms—such as blogs, social media, or independent review sites—please be aware that this data is provided voluntarily and at your own risk. We do not control these platforms, and any personal data you disclose may be visible to others and used outside our privacy practices.

We never sell your data to third parties or allow third parties to contact you without your permission. We may process your Personal Information for more than one lawful ground depending on the specific purpose for which we are using your Personal Information. Please contact us if you need details about the specific legal grounds we are relying on to process your Personal Information where more than one ground has been set out in the table above.

6. Who do we share your personal data with

We always treat your data with sensitivity and keep it secure. At times we share your information with others where it is either necessary to perform our services to you, where we are required by law to disclose information or where you have given your consent to share information.

6.1 During booking process

Data receiver

Lead Booker (Holidaymaker)

Transfer method

• Email Account

• Post (Letter) when requested

Type of Personal Information

• Contract Data

Description of data sharing

Only Property Owner First name, Surname, email address and phone number are shared with the lead booker before stay. It is only shared once the booking (the contract) has been formed between the Owner and the Lead Booker (Guest) for the rental of the property.

Data receiver

Lead Booker (Holidaymaker)

Transfer method

• Email Account

• Post (Letter) when requested

Type of Personal Information

• Contract Data

Description of data sharing

We will only share a property owner's personal address where there is a lawful basis to do so. In rare circumstances, this may include situations where a legal case is pending or anticipated, and disclosure is necessary. We will inform the individual concerned, unless doing so is legally prohibited or if it would prejudice the legal process.

6.2 Our processors

When using our websites, we may provide Personal Information about you to the following third parties, who will process your Personal Information as our processor:

We require all processors to respect the security of your Personal Information and to treat it in accordance with the law.

Processor

Booking Platforms

Description

We have booking platforms back end managed by third-party vendors.

Data location

Inside EU (UK)

Processor

Customer Relationship Management (CRM) System

Description

We use a cloud based CRM to help administer the booking between the Lead Booker and Owner.

Data location

Inside EU (UK)

Processor

Cloud Service Providers

Description

Our technology is often hosted in the cloud and we use a number of service providers to support our websites and other technology stacks. Generally speaking, these companies will be data processors acting entirely on our instructions.

Data location

Inside EU (UK)

Processor

Payment Services Providers

Description

We use specialist companies to process payment card details, and bank transfers to you as an Owner. We do not keep any credit card details of Owners or Lead Bookers in our information systems.

Data location

Inside EU (UK)

Processor

Third party booking platforms

Description

These include but are not limited to AirBnB, Vrbo, Booking.com, TripAdviser, Expedia and  similar companies.

Data location

Inside EU (UK)

6.3 Other third parties if required by applicable law (Regulatory Authorities)

Third Party

Competent Authority

Description

We may disclose your Personal Data to any Competent Authority which include:

• Law enforcement body,

• Regulator,

• Government agency,

• Court

or other third party where we believe disclosure is necessary: (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other

Third Party

Solicitors

Description
Third Party

Purchasers / Mergers and Acquisitions

Description

We may also be required to share your Personal Data as part of any sale, transfer or merger of our business or assets (or parts there of). Such disclosure will be subject to the buyer’s processing of your Personal Data on terms equal to the protections afforded to you by this Privacy Notice.

6.4 Other parties

Third Party

Property Owner

Description

When enquiring about a holiday we are required to share details about the Lead Booker with the owner to arrange the booking. When booking a holiday, we will share both the Lead Booker details to the owner and the owners details to the guest.

Third Party

Users of our Services as an Agent

Description

When using one of our services (a guest enquiring about a holiday, for example) we may share details about them with parties we contract with. For example, when booking a holiday, we will share both the guest details to the owner and the owner's details to the guest.

Third Party

General Public

Description

When you submit content through public forums such as blogs, social media and independent partners for holiday reviews, any personal information provided in such forums is done so at your own risk as voluntarily provided by you.

Third Party

Other Service providers

Description

In order to perform or market our services to you, we may provide information to our service providers who act on our behalf, such as mailing houses, research firms and companies offering marketing services/tools. The information we provide will always be limited to that which is necessary for them to fulfil the service they provide us and where we do so, we have appropriate agreements in place to ensure your information is kept secure. If one of our service providers is based outside the European Economic Area (EEA) we will ensure that appropriate safeguards are in place.

Third Party

Business Partners

Description

We may share your personal data with our trusted business partners, such as consultants and marketing partners. We do this where we believe we have a legitimate interest, which has been balanced with your interests, or where you have given your consent for us to do so, or in circumstances where it is necessary to fulfil a contract you have entered. We will not share your information with any other organisation for their own direct marketing purposes, without your specific consent.

Third Party

Third party advertising platforms

Description

Where we share your data with third party advertising platforms (such as Google or Facebook) to provide you with relevant and personalised marketing content, this information may be joined with information held within that platform. To opt out or review your privacy settings, please see ‘Your Rights’ below.

Third Party

With other members of our group

Description

We may share information with our subsidiaries or parent companies tohelp us provide our services, conduct data processing on our behalf or to inform you of services carried out by our group which we think may be relevant to you.

Third Party

With your consent

Description

We may share  your information other than as described in this statement if we notify you and you provide your specific consent for this purpose.

Third Party

Insurance Providers

Description

Where necessary for the purposes of your or our insurance needs we will disclose your details to insurers, brokers and partners and may need to disclose it to our compliance partner or any organisation (such as the FCA) that you may later complain to.

7. Data security

We store personal data securely within our systems using approved, industry-standard platforms. For security reasons, we cannot disclose the number or nature of our databases, but all data is processed and stored in line with UK GDPR and our internal Information Security Policy.

Some data may be anonymised and aggregated for statistical or analytical purposes. Once anonymised, it no longer identifies individuals and therefore falls outside the scope of personal data under GDPR.

We apply a combination of technical and organisational measures to protect personal data. These include access controls, encryption, network monitoring, secure data centres, and staff training. Regular audits and reviews ensure that our security measures remain effective and proportionate to the risks involved.

Access to personal data is limited strictly to authorised personnel who require it to perform their duties. Access levels are managed under the principle of least privilege and are regularly reviewed.

Travel Chapter stores personal data on secure servers operated by Amazon Web Services(AWS) in the EU-West-1 region (Ireland). This location is within the European Economic Area (EEA), which the UK Government recognises as providing an adequate level of data protection. AWS complies with GDPR and UK GDPR requirements and implements robust technical and organisational security measures to protect personal data.

8. Data retention

We keep different categories of data for different periods of time depending on what they are used for, and we seek to delete what we do not need as early as possible. We are required to keep some information for longer periods by law, and we keep some because it is in our legitimate interests.

As a guide, you can expect us to retain enough data to identify you for six years after you last interacted with us or we had a commercial relationship with you. This is mainly because that is when records relating to corporate taxation can be removed.

Because holiday letting is a long term proposition and can involve large periods of time between actions, such as buying a property, we will continue to send you marketing promoting our services for up to two years after your last response, although the frequency of communications will decrease with time and you can ask us to stop at anytime.

While we have a commercial relationship with you, we retain full records, including data from more than six years ago, and if we reasonably contemplate there may be litigation, or there has been a complaint in relation to your property, we may retain information beyond the six-year period.

9. Your legal rights under UK data protection law

You have rights, as a Data Subject, under the Data Protection Laws in relation to your Personal Information.

Your right

Request access to your Personal Information

Description

This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.

Your right

Request correction of the Personal Information that we hold about you

Description

You may wish to correct any inaccuracies in your information which we hold. If you would like to do this, please let us have enough information to identify you (e.g. account number, username, registration details) and let us know the information that is incorrect and what it should be replaced with. 

Your right

Request erasure of your Personal Information

Description

This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You can ask us to erase your Personal Information where:

• you do not believe that we need your Personal Information in order to process it for the purposes set out in this Privacy Notice;

• if you had given us consent to process your Personal Information, you withdraw that consent and we cannot otherwise legally process your Personal Information;

• you object to our processing and we do not have any legitimate interests that mean we can continue to process your Personal Information; or

• your Personal Information has been processed unlawfully or has not been erased when it should have been.

Your right

Object to processing of your Personal Information

Description

Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Information which override your rights and freedoms.

Your right

Processing your data for marketing purposes

Description

You may opt-out of receiving marketing communications from us by contacting us at DPO@travelchapter.com, writing to us, or contacting us by phone 01237 459842 to update your preferences. You can also opt out of certain marketing communications through the following means:

Email: By following the unsubscribe link at the bottom of each marketing email or updating your preferences in your account (where applicable).

Post: By following instructions from within the mailing itself or sending back to the sender address.

Your right

Request restriction of processing of your Personal Information

Description

This enables you to ask us to suspend the processing of your Personal Information in the following scenarios:

• if you want us to establish the Personal     Information’s accuracy;

• where our use of the Personal Information is     unlawful, but you do not want us to erase it;

• where you need us to hold the Personal     Information even if we no longer require it as you need it to establish, exercise or defend legal claims; or

• you have objected to our use of your Personal     Information, but we need to verify whether we have overriding legitimate grounds to use it

• Object to your data being used for “Profiling”

Your right

Request the transfer of your Personal Information to you or to a third party.

Description

We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use, or where we used the information to perform a contract with you.

Your right

Withdraw consent at any time where we are relying on consent to process your Personal Information.

Description

This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact our Data Protection Team using the contact details provided in section 2. We will respond to any data subject rights that you want to exercise within a month of receiving your request, unless your request is complex, in which case we will communicate how long it will potentially take.

Please be aware that there are exceptions and exemptions that apply to some of the data subject rights, which we will apply in accordance with applicable UK Data Protection Laws.

10. Data protection complaints

Any complaint about our data processing should be sent to the Data Protection Officer in the first instance who will investigate and respond to you directly. The Data Protection Officer acts independently of the management of the company in considering complaints about Data Protection.

You always have the right to complain to the regulator. For customers in the UK this would be the Information Commissioner’s Office whose details can be found at www.ico.org.uk. If you are in the EU, you can complain to the Irish Data Protection Commission whose details can be found at www.dataprotection.ie

Both organisations will expect you to have complained to us first and to have given us an opportunity to respond and will generally refer you back to us if you have not. We would also really appreciate the opportunity to try and resolve your complaint first because we would prefer to resolve matters amicably where we can.

Glossary

Controller

Has the meaning given to it in the Data Protection Law;

Data Protection Law

Means the regulations on the protection of natural persons with regard to the processing of personal data and on the free movement of such data known as the UK General Data Protection Regulation ((EU) 2016/679), and any national legislation implementing this Regulation and related statutory instruments, as amended or in force from time to time;

Data Protection Team

Means the person whose details are set out in Section 2 of the Privacy Notice,

Data Subject (You)

Has the meaning given to it in the Data Protection Law;

Identity Data

Means the Personal information described as such in Section 5.1 of the Privacy Notice;

Personal Information

Means "Personal Data" as defined in the Data Protection Law;

Processor

Has the meaning given to it in the Data Protection Law;

Technical Data

Means the Personal Information described as such in Section 5.1 of the Privacy Notice;

Usage Data

Means the Personal Information described as such in Section 5.1 of the Privacy Notice;

we, us and our

Means The Travel Chapter Limited

you, your

Means the person browsing our website, entering a competition, entering into arrangements with us,