Privacy Policy

Last updated: [INSERT DATE]

1. Who We Are

Workstays Eur Ltd (Company No. 17125585), trading as Work Stays ("We", "Us", "Our"), operates the Work Stays platform at www.work-stays.co.uk. Our registered and trading address is 1 Larkspur Close, Hartlepool, Durham, TS26 0WD.

We are the data controller for personal data processed through the platform. We are registered with the Information Commissioner's Office (ICO); our registration number is [INSERT ICO REGISTRATION NUMBER]. For any data protection query, contact us at privacy@work-stays.co.uk.

2. The Personal Data We Collect

Depending on how you use Work Stays, we may collect:

  • Account and company information — name, business name, registered company number, role, email address, telephone number, and address.
  • Identity verification information — identity documents and related details where verification is required for a Host or Guest account.
  • Booking information — accommodation requests, offers, dates, occupant names and numbers, and property details.
  • Payment information — invoicing details, bank account details for payouts, and transaction records (card payments are handled by our payment provider; we do not store full card details).
  • Communications — messages, enquiries and correspondence sent through or to the platform.
  • Technical data — IP address, device and browser information, and usage data collected via cookies and similar technologies (see Section 9).

We do not carry out credit checks on Guests.

3. How We Use Personal Data

We process personal data to:

  • Operate the platform, create and manage accounts, and authenticate users.
  • Facilitate and administer the bidding, booking, invoicing and payment process between Hosts and Guests.
  • Verify the identity and legitimacy of users where required.
  • Communicate with you about your account, bookings, enquiries and service matters.
  • Send marketing communications where you have consented or where we have a lawful basis to do so (you can opt out at any time).
  • Comply with our legal, accounting and regulatory obligations, and to prevent fraud and misuse.

4. Legal Bases for Processing

We rely on the following legal bases under the UK GDPR:

  • Performance of a contract — to provide the platform and facilitate bookings between Hosts and Guests.
  • Legitimate interests — to operate, secure and improve the platform, prevent fraud, and conduct business administration, balanced against your rights.
  • Legal obligation — to meet our accounting, tax and regulatory duties.
  • Consent — for optional marketing communications, which you may withdraw at any time.

5. How We Share Personal Data

We share personal data only as necessary to operate the platform:

  • Between Hosts and Guests — to facilitate a booking, we share relevant booking and occupant details with the Host, and Host and property details with the Guest. Host and Guest each act as independent controllers of the data they receive.
  • Service providers acting on our behalf, including: our email and communications provider (Brevo), our invoicing and accounting provider (Xero), our e-signature provider (SignWell), and our payment provider (PayPal). These providers process data under our instructions and appropriate safeguards.
  • Professional advisers, regulators and authorities where required by law.
  • A successor entity in the event of a sale, merger or reorganisation of our business.

We do not sell personal data.

6. International Transfers

Where any provider processes personal data outside the UK, we ensure an appropriate safeguard is in place (such as adequacy regulations or standard contractual clauses) so that your data receives an equivalent level of protection.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax or reporting requirements. Booking, invoicing and tax records are generally retained for at least six years in line with HMRC requirements. Account data is retained while your account is active and for a reasonable period thereafter.

8. Your Rights

Under the UK GDPR you have the right to: access your personal data; have inaccurate data corrected; have data erased in certain circumstances; restrict or object to processing; data portability; and to withdraw consent where processing is based on consent. To exercise any right, contact privacy@work-stays.co.uk. You also have the right to complain to the ICO (www.ico.org.uk), though we would welcome the chance to address your concern first.

9. Cookies

Work Stays uses cookies and similar technologies to operate the platform and improve your experience. We use:

  • Essential cookies — required for the platform to function, including login, security and session management. These cannot be switched off.
  • Functional and analytics cookies — to remember your preferences and understand how the platform is used, so we can improve it.

You can control non-essential cookies through your browser settings or any cookie preferences tool provided on the site. Disabling essential cookies may prevent parts of the platform from working.

10. Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse, including access controls, encryption in transit, and secure session handling. No system is completely secure, but we work to protect your data and to notify you and the ICO of any breach where legally required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The version in force is published at www.work-stays.co.uk. Significant changes will be notified via the platform or by email.

Version 1 · Published 16 Jun 2026