Privacy Policy

1. Introduction

1.1 Elizabeth Lytton Ltd. and Can Marcer de la Penya CB (our Companies) take your information privacy very seriously. This policy explains how we use the information collected about you via our websites ( and ), via any advertising portals we may use, or any other way we receive your contact details and other information. Please read this privacy policy.

1.2 If you have questions about this policy, please contact us at

1.3 This policy concerns personal data provided to our Companies by our users. These include Homeowners, Guests staying at a Homeowner’s property or other potential Homeowners and Guests. In this policy “you” refers to any individual whose personal data we hold or process (other than our employees or suppliers).

1.4 Our Companies use for our website and email hosting, a third party company Fasthosts, as our hosted server supplier. They protect their servers with software firewalls, locate their storage facilities in secure locations, encrypt data with industry standard encryption methods – to see Fasthost’s privacy notice please click here

1.5 Our Companies use for our banking services and for storing your billing information either Lloyds Bank whose privacy notice can be found at or for Spanish payments our company uses Banc Sabadell whose privacy policy can be found at

1.6 Our Companies sometimes use for payments and refundable security deposits the third party company PayPal whose privacy policy can be found at

1.7 Our Companies use MailChimp as our marketing automation platform. The marketing information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

1.8 Our Companies use G-Suite(Gmail, Calendar, Documents, Sheets) for communication, storage of documents, files, agreements. This includes contracts and agreements, offers, work documents, e-mail, name, phone and other contact information, in accordance with Google’s Privacy Policy

1.9 Our Companies use SageOne on the cloud for our bookkeeping. Some of the information you provide, such as billing information will be held here in accordance with Sage’s Privacy Policy

1.10 Our Companies websites are created using WordPress. Forms used on these websites and on our Facebook page often ask for personal information like name, e-mail, company information and phone numbers. This information is sent to us via emails where the information is used as set out in Section 2 below.

1.11 Our Companies use WPESignature, an online WordPress plugin for contracts and agreements. WPESignature stores personal information like names, signatures, e-mail addresses, phone numbers, company information and address information and contract details.
The service is encrypted and hosted on Fasthosts. To access WPESignature’s privacy policy please clieck here

2. Personal information collected

2.1 While providing our legitimate service, we may collect the following personal information from you:

2.1.1 Certain information requested for the potential booking of a Homeowner’s property e.g: first and last name, your address, passport details and names and age ranges of guests (“Registration Information”);

2.1.2 If you are a Homeowner, information about your property and contact and personal information such as proof of ownership that we need in order to assist with and manage bookings on your behalf (“Property Information”);

2.1.3 Details of any bookings you make or receive through our Companies (either through us or via a third party portal or agent who use our Companies as a potential booking means) (“Booking Information”);

2.1.4 Billing information such as your invoice details and if used your credit card number and expiry date, and your PayPal payment email address (“Billing Information”);

2.1.5 A record and details of correspondence or communication between you and us, typically via email. We do not record telephone calls. (“Communication Information”);

2.1.6 Information we may hold for marketing purposes such as full name, email addresses, home addresses and telephone numbers. (“Marketing Information”).

2.2 We use the following principles in managing your information.

2.2.1 Transparency: You are welcome to ask and see any information that we keep on you.

2.2.2 Legitimacy: We collect and process your personal data only for our legitimate business purposes as described in this policy.

2.2.3 Relevance and accuracy: We will only collect personal data that is necessary for our legitimate business. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.

2.2.4 Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.

2.2.5 Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. This is done by sending an email to or you can access and edit your marketing information directly on MailChimp.

2.2.6 Confidentiality and security: We will ensure reasonable technical and organisational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorised use, disclosure or access.

2.2.7 Sharing and international transfer: We may share your personal data with the established third party companies/platforms mentioned in the introduction of this policy. This is done purely for help in the managing of our legitimate business activities. We will take appropriate measures to guarantee security when sharing or transferring such data. We have chosen respected third parties who all state that they are GDPR compliant. However, as these third companies are not under our direct control we recommend that you read their own privacy policies.

2.3 Basis on which we process personal data

2.3.1 Personal data we hold about you will be processed because the processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security; or because you have consented to the processing for the specific purposes described in this policy; or because the processing is necessary in order for us to comply with our obligations under a contract between you and us.

2.4 Use of this information

2.4.1 The “Registration”, “Property”, “Booking”, “Billing” and “Communication” and “Marketing” information are all necessary for us to pursue our ‘legitimate interest’ of providing a service to both Guests and Homeowners in the renting of properties. We accept that this valid interest is not overidden by your interests in data privacy and security.

2.5 Sharing this information

2.5.1 Where payments for Accommodation fees are handled directly by our Companies, we request that you make bank transfers, or pay via PayPal by your own means and we receive or retain information about your bank details.

2.5.2 When refundable security deposits are handled directly by our Companies, we request that you payments be made by bank transfers or pay via PayPal by your own means. In returning you refundable security deposits via PayPal we only need to know and retain your PayPal email address. For returning to your bank account we will request your bank details and these will be held only in your correspondence emails and on our Companies’ banks records. Unless you ask us to remove this information.

2.5.3 In order for payments to be processed you may need to provide some necessary details to our payment agent. We tell you about this at the point we collect that information.

2.5.4 We may share customer information with third parties to perform services on our behalf in order to improve our services and you hereby consent to us sharing such customer information.

2.5.5 Other than as set out above, we will not disclose any of your personal information without your permission unless we are required by law to do so (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).

2.6 Information automatically collected from your computer

2.6.1 Log files/IP addresses. When you visit the Site our web host’s server automatically records your IP address. This IP address is not linked to any of your personal information. Our Web Host company may also gather other non-personal information from which they cannot identify you such as the type of your internet browser which you use so they can provide you and us with a more effective service.

2.6.2 When you visit our websites, at present our Companies do not intentionally use cookies or store or use any information gathered from cookies. However as we use WordPress to create our websites, WordPress may use cookies on our website for their own use. A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on websites and emails. WordPress uses cookies and other technologies like pixel tags to help them identify and track visitors, usage, and access preferences for their Services. For details of WordPress use of cookies please see Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Passwords and credit card numbers are not stored in cookies. A cookie helps you get the best out of the Site. If our Companies decide to use cookies in the future we will change our policy. The purpose of it would be to help us in the future to provide you with a more customised service. We may use cookies for the following purposes: Storing details about your site preferences; Enabling our web server to track your session between pages of the site. You can block or erase cookies from your computer if you want to. If you have any other concerns, please contact us.

3. Security

3.1 We will take reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage.

3.2 We will ensure that our employees or contractors are aware of their privacy and data security obligations.

3.3 This policy and our procedures will be reviewed as necessary.

3.4 The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use the strict procedures and security features referred to in this clause to try to prevent unauthorised access.

4. Your privacy rights

4.1 The GDPR gives you the following rights in respect of personal data we hold about you. You have the right to:

4.1.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

4.1.2 Ask us to correct any information that we hold about you which is incorrect, incomplete or inaccurate.

4.1.3 Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.

4.1.4 Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.

4.1.5 Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.

4.1.6 Ask us to transfer your personal information to another person or organisation.

4.2 If you have given your consent to us processing your personal information you have the right to withdraw your consent at any time. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely (although we may in some circumstances need to continue to process your data, if so then we will confirm the reasons for this).

5. Retention

5.1 For any category of personal data not specifically defined in this policy, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data.

5.2 The retention periods stated in this policy can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an ongoing investigation into the data).

5.3 We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.

5.4 If you wish to request that data we hold about you is amended or deleted, please refer to the Your Privacy Rights section above, which explains your privacy rights.

6. Other Sites & Platforms

6.1 We cannot be responsible for the privacy policies and practices of other sites or platforms even if you access them using links from our Companies’ websites and recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

6.2 In addition, if you linked to our Companies’ websites from a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

7. Transferring your information outside of Europe

7.1 As part of the services offered to you by our Companies, the information you provide to us may be transferred to countries outside of the European Union (“EU”). By way of example, this may happen if any of our third party’s Host’s servers are from time to time located in a country outside of the EU or one of our service providers is located in a country outside of the EU.

7.2 If you use our Companies’ services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

8. Further questions

8.1 If at any time you would like to contact us with your views about our privacy practices or if you would like to exercise any of your rights, or with any enquiry relating to your personal information, you can do so by emailing us at

8.2 If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting for further assistance.