1. Who We Are
Branest & Co Ltd is a private limited company registered in England and Wales, operating short-term holiday accommodation and property management services in Birmingham and the West Midlands. We act as a data controller for the personal data we collect about our guests and clients.
For any data protection matters, you may contact us at: hello@branestco.co.uk
2. Data We Collect
We collect the following categories of personal data depending on your relationship with us:
| Category | Examples | Source |
|---|---|---|
| Identity data | Full name, date of birth, government-issued ID (for verification purposes) | Directly from you |
| Contact data | Email address, phone number, postal address | Directly from you |
| Booking data | Check-in/out dates, number of guests, property preferences, special requests | Directly from you or booking platforms (Airbnb, Booking.com) |
| Financial data | Payment card details (last four digits), bank account details for damage deposits, transaction records | Directly from you or payment processors |
| Marketing preferences | Consent to receive newsletters, promotional offers, and service updates | Directly from you |
| Technical data | IP address, browser type, cookies, pages visited on our website | Automatically, via cookies |
| Communications data | Messages, enquiries, reviews, support correspondence | Directly from you |
We do not collect special category data (such as health information or biometrics) unless you voluntarily provide it to us for a specific accessibility or welfare reason.
3. How We Use Your Data
We process your personal data only where we have a lawful basis to do so under UK GDPR. The table below sets out how and why:
| Purpose | Lawful Basis |
|---|---|
| Processing your booking and managing your stay | Performance of a contract |
| Verifying your identity prior to check-in | Legitimate interests (security and fraud prevention) |
| Processing payments and issuing receipts | Performance of a contract / Legal obligation |
| Sending booking confirmations and service communications | Performance of a contract |
| Sending marketing emails and special offers | Consent (you may withdraw at any time) |
| Compliance with legal obligations (e.g. tax records) | Legal obligation |
| Improving our website and services through analytics | Legitimate interests |
| Responding to complaints or disputes | Legitimate interests / Legal obligation |
4. Payment Data
We use reputable third-party payment processors to handle all card transactions. We do not store your full payment card details on our systems. Where damage deposits are held, these are managed securely and returned in line with our cancellation and deposit terms.
Booking platform payments (e.g. Airbnb, Booking.com) are governed by the respective platform’s payment terms and privacy policies.
5. Sharing Your Data
We do not sell your personal data. We may share it with the following parties only where necessary:
- Booking platforms (Airbnb, Booking.com) to facilitate your booking and communicate pre-arrival information
- Payment processors to process payments securely
- Property owners and landlords where we manage a property on behalf of a third party, certain booking details may be shared with the property owner
- Professional advisors accountants, solicitors and insurers, where required
- Regulatory authorities HMRC, local councils, and (from summer 2026) the national short-term rental registration scheme, as required by law
- Maintenance and cleaning contractors limited contact information only, to coordinate property access
All third parties are required to process your data in compliance with applicable data protection law.
6. International Transfers
Some of our third-party service providers (such as Airbnb and Booking.com) operate internationally. Where your data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised by the UK Information Commissioner’s Office (ICO).
7. Data Retention
We retain your personal data only for as long as necessary for the purposes set out in this policy, or as required by law:
- Booking and financial records: 7 years (HMRC requirement)
- Guest identity verification documents: Up to 12 months post-stay, unless a longer period is required
- Marketing preferences and contact data: Until you withdraw consent or request deletion
- Website analytics data: 26 months (standard analytics retention)
8. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Request a copy of the personal data we hold about you (Subject Access Request).
Ask us to correct inaccurate or incomplete data.
Request deletion of your data where there is no compelling reason to keep it.
Ask us to pause processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests, including direct marketing.
Withdraw marketing consent at any time without affecting prior processing.
Lodge a complaint with the ICO at ico.org.uk or 0303 123 1113.
To exercise any of these rights, please contact us at hello@branestco.co.uk. We will respond within one calendar month.
9. Cookies
Our website uses cookies to improve your browsing experience and understand how visitors interact with our site. You will be presented with a cookie consent banner on your first visit. You may withdraw cookie consent at any time via your browser settings.
- Strictly necessary cookies: Essential for website functionality (no consent required)
- Analytics cookies: Help us understand site traffic (require your consent)
- Marketing cookies: Used for remarketing campaigns (require your consent)
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or disclosure. This includes encrypted data storage, access controls, and regular security reviews.
In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Significant changes will be communicated to you via email if you are an existing guest or client.
Contact Us
For any questions about this Privacy Policy or how we handle your data:
Branest & Co Ltd
Birmingham, West Midlands, England
Email: hello@branestco.co.uk
Website: www.branestco.co.uk