Privacy Policy — stay.comfortscape

Updated Privacy Policy for Comfortscape (Cariri Ltd)

last updated on 16/12/2025

Who we are

Cariri Ltd (trading as “Comfortscape”)

Company number: 14571009

Registered address: As per Companies House

Website: https://stay.comfortscape.co.uk/

Privacy contact: Karina Cariri (Director)

Email: contact@comfortscape.co.uk

Phone: 07572 968424

ICO Registration: ZC035825

What this policy covers How we collect, use, share and protect your personal data when you visit our website, enquire, book, stay, or receive marketing from us.

The data we collect

Identity/contact: name, email, phone, address, guest names.

Booking: property, dates, arrival/departure times, special requests, vehicle reg.

ID/verification: copy of ID/passport and verification status (where required).

Payment: payments processed by Stripe. We do not store full payment card data; Stripe processes payments and stores card data on our behalf. We may retain tokenised references, card type and last 4 digits for refunds and records.

Communications: emails, messages, feedback, complaints.

Health/access needs: only if provided by you, to accommodate your stay (processed with your explicit consent).

Website/technical: IP, device, browser, analytics (Google Analytics with consent).

CCTV: exterior-only CCTV at some managed properties, location-dependent.

How we collect it

Directly from you (website, email, phone, checkout).

From OTAs (e.g., Airbnb/Booking.com) if you book through them.

From our PMS/channel manager and automation tools (Hostaway, ChargeAutomation).

Automatically via cookies/analytics with your consent.

Why we use your data (lawful bases)

Contract: to take payment, confirm and provide accommodation, customer support.

Legal obligation: accounting/tax, safety compliance.

Legitimate interests: security and fraud prevention (including ID checks and CCTV), protecting property and guests, improving our services, essential service communications.

Consent: marketing emails/SMS; non-essential cookies/analytics; any health/accessibility information. Withdraw consent anytime.

Payments

Processor: Stripe (and through Hostaway/ChargeAutomation where applicable).

Storage: We do not store full card numbers or CVV. Stripe stores card data on our behalf using tokenisation.

Sharing your data

OTAs you use to book.

PMS/channel manager: Hostaway.

ID/automation: ChargeAutomation.

Payments: Stripe.

Cleaning/linen/maintenance teams (only when necessary to deliver the service).

Accounting: Xero.

Website/analytics providers (e.g., Google Analytics) with consent. We do not sell your data. No routine transfers outside the UK/EEA are intended.

CCTV

Exterior-only at certain locations, for security and crime prevention.

No audio recorded.

Signage: signs will be displayed at all monitored areas.

Retention: typically 30–60 days unless needed for an incident.

Retention

Booking/financial records: 6 years (tax/legal).

ID verification: 30–90 days unless required for an active issue/legal need.

CCTV: 30–60 days.

Marketing contacts: until you unsubscribe or after 24 months of inactivity. We may keep anonymised/aggregated data for analytics.

Cookies and analytics

We use a consent banner (e.g., Cookiebot/Complianz). Non-essential cookies (including Google Analytics) only load with your consent.

You can change your preferences any time via the banner or your browser settings.

Marketing

With your consent, we send emails/SMS about stays and offers.

Tools: Mailchimp and ChargeAutomation.

Opt out anytime via the unsubscribe link or contact@comfortscape.co.uk .

Your rights Access, rectification, erasure, restriction, objection, portability, and the right to withdraw consent. Contact: contact@comfortscape.co.uk . We aim to respond within one month.

Security SSL on our site; role-based access; MFA; least-privilege; vendor encryption in transit/at rest; staff training and confidentiality.

Children We do not knowingly collect children’s data. Minimum booking age is 18+.

Complaints Email contact@comfortscape.co.uk . You can also complain to the ICO: https://ico.org.uk/make-a-complaint/

Changes We’ll post updates on this page with an effective date.

Add-ons you can copy/paste

A) Cookie policy summary

Essential cookies: required for site and booking functionality. Always active.

Analytics cookies (Google Analytics): help us understand site usage. Only set with your consent.

Marketing cookies (Mailchimp/ChargeAutomation tags if used on-site): only with consent.

Manage consent: use the cookie banner at any time.

B) Example cookies table (adjust after you deploy tools)

_ga (Google Analytics): analytics; 13 months; third-party; consent.

_gid (Google Analytics): session analytics; 24 hours; third-party; consent.

_gat / GA throttling: performance; 1 minute; third-party; consent.

__stripe_mid / __stripe_sid (Stripe): fraud prevention and checkout; 1 year / 30 minutes; third-party; essential.

hostaway_session (Hostaway): booking session; session; first-party; essential.

C) Health/access needs consent wording “By providing health or accessibility information, you consent to us using it solely to accommodate your stay. We will not use it for any other purpose and will delete it after your stay unless required by law.”

D) CCTV sign wording (A4 poster near entry points) “CCTV in operation Images are recorded for the safety and security of guests and property. Controller: Cariri Ltd (Comfortscape) Contact: contact@comfortscape.co.uk | 07572 968424 More info: stay.comfortscape.co.uk/privacy”

Next steps (do these now)

Implement a consent banner (Cookiebot/Complianz). Send me the final list of cookies detected and I’ll refine the table.

Place CCTV signage at all monitored entrances/external areas.

Ensure Hostaway/ChargeAutomation/Stripe/Xero DPA links are accepted and stored.

Add the health/access consent line to your booking flow or pre-arrival form.

Publish this policy at /privacy and link it in your footer and booking pages.