Wiseman Holidays

Privacy Policy

Last updated: 27 June 2026

1. Introduction

1.1 Wiseman Holidays Ltd ("we", "us", "our") is the controller of personal data collected through this website (the "Site"). We are a company registered in England and Wales (company number 16865199) with our registered office at 1 Hanway Place, London, England, W1T 1HA.

1.2 This policy explains what personal data we collect when you use the Site, how we use it, who we share it with, and the rights you have under UK data protection law (the UK GDPR and the Data Protection Act 2018).

1.3 By using the Site, creating an account, or making a booking, you confirm that you have read and understood this policy.

2. Personal data we collect

2.1 Account information. When you create an account we collect your name, email address, and a password (stored as a salted hash; we never see your password in plain text).

2.2 Booking information. When you make a booking we collect your name, email address, the property booked, your check-in and check-out dates, the number of guests, and any special requests you provide.

2.3 Payment information. Payments are processed by Stripe Payments UK Ltd ("Stripe"). We do not receive or store your full card number; Stripe handles the card details and returns to us only a payment confirmation and a reference (the "payment intent ID") used to process refunds.

2.4 Communications. If you message a host through the Site, we store the contents of those messages so the conversation can be retrieved by you and by the host.

2.5 Account preferences. If you set notification preferences (for example, opting out of certain booking emails), we store those preferences against your account.

2.6 Favourites. If you save properties to favourites while logged in, we store the list of property identifiers against your account.

2.7 Technical data. Our hosting provider, Vercel Inc., automatically logs technical information about your visit, including your IP address, browser type, the pages you view, and the time of your visit. This data is used to operate the Site, prevent abuse, and diagnose problems.

3. How we use your personal data, and the lawful bases on which we rely

3.1 We process your personal data for the following purposes:

(a) to provide the Site, create your account, and authenticate you when you log in — lawful basis: performance of a contract with you;

(b) to take and fulfil your bookings, process payments, and issue refunds — lawful basis: performance of a contract with you;

(c) to send you transactional emails about your account and bookings (account verification, booking confirmations, cancellations, and refund notifications) — lawful basis: performance of a contract with you;

(d) to enable communication between guests and hosts about a booking — lawful basis: performance of a contract with you;

(e) to comply with our legal obligations, including accounting, tax, and anti-fraud requirements — lawful basis: legal obligation;

(f) to operate, secure, and improve the Site — lawful basis: our legitimate interests in running and protecting our business, balanced against your interests and rights.

4. Who we share your personal data with

4.1 We use the following third-party service providers to operate the Site. Each processes your data on our instructions under a written contract:

(a) Supabase Inc. — database and authentication services;

(b) Stripe Payments UK Ltd — payment processing;

(c) Resend, Inc. — transactional email delivery;

(d) Vercel Inc. — website hosting;

(e) Sanity.io — content management for the Site's published content (does not process guest data).

4.2 We share your name, contact email, booking dates, and any messages you send with the host of the property you book, so that the host can prepare for your stay and respond to your enquiries.

4.3 We may disclose your personal data to courts, regulators, law-enforcement agencies, or other third parties where we are required to do so by law or to protect our legal rights.

4.4 We do not sell your personal data and we do not share it with advertisers.

5. Cookies and similar technologies

5.1 We use a small number of cookies that are essential to the operation of the Site:

(a) a session cookie set by our authentication provider when you log in, which keeps you logged in across pages;

(b) cookies set by Stripe during checkout to operate the payment flow and detect fraud.

5.2 We do not currently use analytics, advertising, or tracking cookies. If this changes in future we will update this policy and, where required, seek your consent before such cookies are set.

6. International transfers

6.1 Some of our service providers are based outside the United Kingdom (for example, in the United States). Where personal data is transferred outside the UK, we rely on appropriate safeguards recognised under UK data protection law, including the UK addendum to the EU Standard Contractual Clauses and the UK–US Data Bridge where applicable.

7. How long we keep your personal data

7.1 We keep your account information for as long as your account remains open. If you close your account, we will delete or anonymise your account information within a reasonable period, except where we are required to retain it (for example, booking and payment records retained for tax purposes).

7.2 We keep booking and payment records for at least seven years after the end of the tax year in which the booking took place, in order to meet our accounting and tax obligations.

7.3 We keep messages between guests and hosts for the duration of the booking relationship and for a reasonable period afterwards to support any disputes or follow-up enquiries.

8. Your rights

8.1 Under UK data protection law you have the right to:

(a) request access to the personal data we hold about you;

(b) request correction of inaccurate personal data;

(c) request erasure of your personal data, subject to limits where we are required to retain it;

(d) object to or restrict our processing in certain circumstances;

(e) request that we provide a copy of your personal data in a portable format;

(f) withdraw consent at any time, where our processing is based on consent.

8.2 To exercise any of these rights, please contact us at info@wiseman-holidays.co.uk. We will respond within one month of receiving your request.

8.3 You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator, if you believe we have not handled your personal data lawfully. The ICO can be contacted at ico.org.uk or on 0303 123 1113.

9. Security

9.1 We use technical and organisational measures to protect your personal data, including encryption of data in transit (HTTPS), salted password hashing, and access controls on our databases. No system is perfectly secure; you are responsible for keeping your account password confidential and for notifying us promptly if you believe your account has been compromised.

10. Changes to this policy

10.1 We may update this policy from time to time. The "Last updated" date at the top of this page shows when it was last changed. Where the changes are material we will notify you, for example by email, before they take effect.

11. Contact

11.1 Wiseman Holidays Ltd, 1 Hanway Place, London, England, W1T 1HA. Email: info@wiseman-holidays.co.uk.