Privacy & Cookies Policy

Last Updated: [Insert Date]

1. Introduction

CozyStayHub.net ("we," "us," or "our") is committed to protecting the privacy and security of your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other applicable privacy laws.

This policy explains:

• What personal data we collect

• How we use, store, and protect your data

• Your legal rights regarding your data

• Our use of cookies and tracking technologies

By using CozyStayHub.net, you consent to the collection and processing of your personal data as described in this policy.

2. Detailed Data Collection Practices

A. Data You Provide Directly

We collect information when you:

• Create an account: Name, email, phone number, address, profile picture (optional)

• Make a booking: Travel dates, payment details, special requests

• List a property: Property details, pricing, availability calendar, ID verification (for Hosts)

• Contact us: Customer service inquiries, dispute resolution communications

B. Data Collected Automatically

• Technical Data:

  • IP address, device type, browser version

  • Operating system, screen resolution

  • Crash logs, performance metrics

• Usage Data:

  • Pages visited, time spent on site

  • Clickstream data, search queries

  • Referring website (if applicable)

C. Data from Third Parties

We may receive:

• Payment processors: Transaction status, last 4 digits of payment cards

• Social media platforms: Profile information (if you log in via Google/Facebook)

• Fraud detection services: Risk assessment scores

• Public databases: Business registration details (for Host verification)

3. Purposes & Legal Bases for Processing

PurposeData UsedLegal BasisBooking processingContact details, payment infoContractual necessityAccount managementLogin credentials, profile dataLegitimate interestCustomer supportCommunication historyLegitimate interestFraud preventionIP address, device dataLegal obligationMarketing communicationsEmail address, booking historyConsent (opt-in required)Service improvementUsage analyticsLegitimate interest

4. Data Sharing & International Transfers

A. Categories of Recipients

• Hosts: Receive guest contact details for booking fulfillment

• Service Providers:

  • Cloud hosting providers (AWS, Google Cloud)

  • Payment processors (Stripe, PayPal)

  • Analytics providers (Google Analytics)

• Legal Authorities: When required by law or to protect our rights

B. International Data Transfers

If data is transferred outside the UK:

• We use UK-approved transfer mechanisms (Standard Contractual Clauses)

• Conduct transfer impact assessments where required

5. Advanced Cookie & Tracking Disclosure

A. Strictly Necessary Cookies

Cookie NamePurposeDurationsession_idMaintain user login sessionSessioncsrf_tokenPrevent cross-site request forgery24 hours

B. Performance Cookies

Cookie NameProviderPurpose_gaGoogle AnalyticsDistinguish unique users_gidGoogle AnalyticsTrack user sessions

C. Targeting Cookies

(Only activated with consent)

Cookie NameProviderPurpose_fbpFacebook PixelAd targeting across platforms

D. Cookie Management

• Browser settings: Adjust via Chrome/Firefox/Safari preferences

• Consent management: Use our cookie banner to modify preferences

• Opt-out tools:

  • Google Analytics: https://tools.google.com/dlpage/gaoptout

  • Digital Advertising Alliance: http://optout.aboutads.info

6. Data Security Measures

Technical Safeguards

• Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest

• Access controls: Role-based permissions, multi-factor authentication

• Network security: Web Application Firewall (WAF), DDoS protection

Organizational Measures

• Staff training: Annual GDPR compliance training

• Data minimization: Regular reviews of data retention needs

• Breach response: 72-hour notification procedure for eligible breaches

7. Data Retention Schedule

Data TypeRetention PeriodReasonBooking records7 years from transactionHMRC tax complianceAccount information2 years after last activityService continuityMarketing consents3 years from last interactionConsent validity periodServer logs12 monthsSecurity monitoring

8. Your Legal Rights (UK GDPR)

A. Access & Portability

Request a copy of your data in machine-readable format (JSON/CSV).

B. Rectification

Update inaccurate information via your account dashboard.

C. Erasure ("Right to be Forgotten")

Request deletion where no legal basis for retention exists.

D. Restriction & Objection

Limit processing during disputes or object to direct marketing.

E. Automated Decision-Making

Request human review of significant automated decisions.

Response Time: We fulfill requests within 30 days (extendable for complex cases).

9. Children's Privacy

• Minimum Age: 18 years to use our services

• Parental Controls: We do not knowingly collect data from minors

• Verification: May request age confirmation for suspicious accounts

10. Policy Updates & Version Control

• Change notifications: Email alerts for material changes

• Archive: Previous versions available upon request

• Effective date: Clearly displayed at policy header