Privacy policy | Fresh Escapes

Who We Are

Fresh Escapes (“we”, “us”, or “our”) is a UK-based vacation rental company offering holiday home rentals in Devon, Cornwall, and beyond. We are committed to protecting your privacy and handling your personal information securely . This Privacy Policy explains what information we collect, how we use it, and your rights in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws . For the purposes of data protection law, Fresh Escapes (Fresh Escapes Ltd) is the “data controller” of your personal data (the organization responsible for deciding how and why your data is processed) .

Information We Collect

We believe in transparency about what data we collect . We collect personal information both directly from you and from certain third parties, as detailed below:

Contact and Identity Details: Information such as your name, email address, phone number, and postal address. For example, we collect these when you make a booking or fill out forms on our website (e.g., our contact or booking forms) . If you contact us by email or phone, we will collect the information you provide during those communications.
Booking Information: Details related to your vacation rental booking, such as the property you’ve booked, your travel dates, number of guests, and any special requests or preferences you communicate to us. If you book a stay through third-party platforms like Airbnb or Vrbo, those platforms will send us relevant personal information to process your booking (such as your name, contact details, and booking specifics) .
Payment Information: Information needed to process your payments. This may include billing address and payment card details. We use trusted third-party payment processors to handle payment transactions securely; we do not store your full card details on our own systems for security reasons.
Marketing Preferences: If you sign up for our newsletter or promotions, we collect your email address and record your consent and preferences for receiving marketing messages.
Website Usage Data: When you visit fresh-escapes.com, we automatically collect data about your device and browsing activities through cookies and similar technologies. This can include your IP address, browser type, device identifiers, pages viewed, and how you interact with our site . We use tools like Google Analytics to gather this usage information , which helps us understand website traffic and improve user experience (see Cookies and Analytics below for more details).
Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your interactions with our website (e.g. which pages you visit). Some cookies are necessary for the site to function, and others (with your consent) help us with analytics or remembering your preferences. For more details, see Cookies and Analytics below and our separate Cookies Policy.

We do not collect any sensitive personal data (such as race, religion, health or biometric data) about you in the ordinary course of business. Our services are intended for adults and we do not knowingly collect personal information from children under 16. If you are under 16, please obtain permission from a parent or guardian before providing any personal data.

How We Use Your Information

We only use your personal information for specific purposes and in a lawful manner . The main purposes for which Fresh Escapes uses your data are:

To Facilitate Bookings and Provide Services: We use your information to process and confirm your vacation rental bookings, provide the services you have requested, and ensure your stay goes smoothly. This includes communicating with you about your reservation, check-in instructions, and responding to your inquiries or requests .
Customer Service and Communication: We may use your contact details to provide customer support and important updates. For example, we’ll email or call you to answer questions, send booking confirmations, notify you of any changes, or provide information about the property and local area.
Payment Processing and Finance: Your payment and billing details are used to collect rental payments or security deposits and to handle refunds when necessary. This may involve sharing your details with our payment processor (see “Third-Party Service Providers” below) to charge your card or account. We also maintain transaction records for accounting, auditing, and tax purposes.
Marketing (Opt-In): If you have opted in to receive marketing communications (for example, by subscribing to our newsletter on our website or ticking the consent box for updates and offers), we will use your name and email to send you news about Fresh Escapes, special offers, or promotions we think may interest you. You can unsubscribe from these emails at any time by clicking the unsubscribe link in the message or contacting us. We do not share your data with third parties for their own marketing or advertising purposes – any marketing we send is about our own services, and only if you agree to it.
Personalisation and User Experience: We use data about your interactions with our website to personalise your experience. For instance, we might remember your preferred currency or the properties you viewed, and use this information to tailor the content you see on future visits. We may also use browsing data to show you relevant content or (with appropriate consent) interest-based advertisements for our services. (Note: We do not bombard you with ads, but we may highlight properties or offers that align with your interests.)
Analytics and Improvements: We analyse usage data (via cookies and Google Analytics) to understand how our website is used and to improve our services . This helps us fix technical issues, optimize our website design, and learn what our customers are looking for. Google Analytics may provide us aggregated statistics (for example, site traffic or popular pages) which we use for making business decisions. (Google may process some data as a separate controller – see Cookies and Analytics below.)
Legal and Security Purposes: We may process your information as necessary to comply with legal obligations and to ensure the safety and integrity of our services. This includes using and retaining certain data for tax and financial reporting, fraud prevention, security monitoring, and to meet requirements imposed by law or authorities. For example, we keep records of transactions for legally required periods and may use personal data to verify identity when responding to data subject requests or detecting misuse of our website . If required, we may also use or disclose information to enforce our Terms and Conditions, to establish or defend legal claims, or to investigate and prevent fraud or other unlawful activities.

We will not use your personal data for any purpose that is incompatible with the purposes outlined above. If we need to use your information for a new purpose, we will update this Privacy Policy and, if required, seek your consent or provide you with an appropriate notice.

Legal Bases for Processing

Under the UK GDPR (and similar data protection laws), we must have a valid legal basis to process your personal information . Depending on the specific context, we rely on one or more of the following legal bases:

Performance of a Contract: Most of our data processing is to fulfill our contract with you. When you make a booking or request our services, we must process your personal data to provide the rental and related services (e.g. using your information to reserve the property, process payment, and communicate with you about your stay). This is necessary in order to deliver what you have asked for.
Legitimate Interests: We may process your data as needed for our legitimate business interests, provided that those interests are not overridden by your own rights and interests . For example, it is in our legitimate interest to use cookies for analytics to improve our website, to send you updates about your booking or similar services, to prevent fraud, and to secure our website. When we rely on legitimate interests, we always consider your rights and will ensure we don’t use your data in ways that you would not reasonably expect or that would unfairly impact you. Direct Marketing to Existing Customers: If you have previously used our services, we may send you occasional marketing messages about similar services based on our legitimate interest in developing our business, but only as permitted by law and with a clear option to opt out at any time.
Consent: We will rely on your consent in certain cases, for example: when you subscribe to our email newsletter or agree to receive promotional communications, and for non-essential cookies or similar technologies that are used on our website (like analytics or advertising cookies, which we will not activate without your consent) . Where we process personal data based on your consent, you have the right to withdraw that consent at any time (see Your Rights below). Withdrawing consent will not affect the lawfulness of any processing we already carried out but will stop the future use of your data for that purpose.
Legal Obligation: Some data processing is necessary for us to comply with our legal obligations. For instance, we keep financial records to fulfill tax and accounting laws, and we may need to disclose information if required by a lawful request from government authorities or to comply with court orders . If you exercise your data rights, we will process personal data to respond as required by law.
Vital Interests: In an unlikely emergency situation, we could use or share information if it’s essential to protect someone’s life or safety. (For example, providing your information to emergency services if a serious incident occurs during a stay.) This is known as the “vital interests” basis.
Public Interest: We do not generally process data on this basis, as it typically applies to official authorities or tasks in the public interest which are not applicable to our private business.

We will always ensure we have a valid legal basis for processing your data and will document our decisions in line with GDPR requirements . If you have questions about the specific legal basis for any particular processing of your data, please contact us.

Cookies and Analytics

Cookies are small text files placed on your device when you visit a website. We use cookies and similar tracking technologies on our website to provide necessary site functionality and to enhance your user experience . Here’s how we use them:

Essential Cookies: These cookies are necessary for our website to function properly. They enable core features such as secure login, shopping cart functionality (if applicable), and load balancing. Without these cookies, the services you’ve asked for (like making a booking) can’t be provided. Because they are necessary, we use these cookies without requiring your consent.
Preference and Functional Cookies: These help remember your preferences (like language or currency selection) and enhance the functionality of the site. They ensure a more personalized experience, for example by remembering your previously viewed properties.
Analytics Cookies: With your consent, we use analytics tools (Google Analytics) that set cookies to collect information about how visitors use our site . This includes data like which pages are visited, how long you stay, and which links you click. The information is aggregated and anonymized, meaning it does not directly identify you. We use this data to understand website performance, visitor preferences, and to improve our website’s design and services . Google Analytics may collect your IP address and device information; however, we have configured it to anonymize IP addresses where possible. Google acts as an independent data controller for some of this data (for more details, see Google’s own Privacy Policy). We do not allow Google to use or share our analytics data for their own purposes like advertising.
Advertising and Marketing Cookies: Fresh Escapes does not host third-party ads on our site, but if we ever use advertising or re-marketing cookies (for example, to show you Fresh Escapes promotions on other platforms), we will do so only with your explicit consent. These cookies would collect information about your browsing to tailor marketing messages to your interests. As of now, any such activity is minimal or none – and rest assured, we never share personally identifiable information to ad networks for targeting. If in future we engage in interest-based advertising, we will update this policy and ask for consent via the cookie banner.

When you first visit our website, you will see a cookie banner requesting your preferences. Non-essential cookies (analytics, etc.) will only be set if you choose to “Accept” them. You can always change your mind later: use our website’s cookie settings tool (accessible via the footer or “Cookies Policy” link) to adjust which cookies are active, or delete cookies via your browser settings. Keep in mind, disabling certain cookies may affect the functionality of our site (for example, some interactive features might not work).

For more detailed information on the cookies we use, you can review our dedicated [Cookies Policy] (linked on our website) . That policy includes a list of the specific cookies and their purposes, as well as instructions on managing cookies.

Google Analytics Disclosure: As required by Google’s terms, we want to clarify that Google Analytics uses cookies and other means to collect data about visitors, and Google may process this data (e.g., by storing it on servers outside your country) . We have taken steps to comply with privacy laws – for instance, we’ve accepted Google’s Data Processing Addendum and enabled features like IP anonymization. Google is certified under international data transfer frameworks and uses Standard Contractual Clauses to protect data transfers (see International Data Transfers below for more on how we safeguard global data flows) . You can opt out of Google Analytics on our site by refusing analytics cookies, and Google also offers a Browser Opt-Out plugin if you wish to prevent data collection on all websites.

Third-Party Service Providers (How We Share Your Information)

Your privacy is important to us. We do not sell, trade, or rent your personal information to unrelated third parties for their marketing purposes . However, in the normal course of running our vacation rental business, we do share certain data with trusted third parties who provide services on our behalf. We only share the minimum information necessary and ensure that these third parties are bound to protect your data and use it only for the agreed purpose . The key categories of recipients include:

Property Owners and Managers: Fresh Escapes manages properties on behalf of owners. If you book a stay, we may need to share some details with the property owner or on-site property manager (for example, your first name, check-in date and time, and any special requests) so they can prepare for your arrival or assist during your stay. These parties are not allowed to use your information for any purpose other than facilitating your rental and are bound by confidentiality.
Cleaning and Maintenance Providers: We might share your booking schedule or last name with third-party housekeeping services or maintenance companies that service the property before, during, or after your stay. This helps ensure the property is clean, stocked, and any issues are resolved. These providers are only given information as needed (typically, booking dates and property name; they usually do not need your contact details).
Payment Processors: We use reputable payment processing companies (such as credit card payment gateways or banking services) to handle your transactions securely. These processors will receive your payment data to process payments or refunds. They are PCI-DSS compliant and authorized to use your data only for payment-related services. For example, if you pay by credit card on our website, your card details are transmitted directly to our payment processor (over an encrypted connection) and are not stored by us.
Online Travel Agencies (OTAs) and Booking Platforms: If you originally book through a third-party platform like Airbnb, Vrbo, Booking.com, etc., those platforms will send us your details so we can fulfill your booking. We may also send back certain information to them as required (for instance, confirmation that you checked in, or compliance information). These platforms have their own privacy policies governing the initial collection of your data; once we receive your data from them, we handle it per this Privacy Policy. We recommend reviewing the privacy policy of the platform you used for their practices.
Website Hosting and IT Providers: Our website is hosted on servers provided by third-party hosting companies. This means that any data you enter on our site (including personal information in forms) will be processed through and stored on their servers. Our hosting provider may incidentally process data for technical support, security monitoring, or data storage, but they are not allowed to access or use your data for other purposes. We also use IT service providers for things like data backup, cybersecurity, and software development, who might have access to data in the course of their services. All such providers are bound by confidentiality and data protection agreements.
Analytics and Performance Tools: As noted, we use Google Analytics for website traffic analysis. Google acts as a third-party analytics provider that processes usage data on our behalf to give us insights (though for some data, Google is also a controller). We have covered details in Cookies and Analytics. Aside from Google, we do not share your identifiable personal info with analytics or advertising networks. Any usage data shared is pseudonymous or aggregated.
Email Marketing Services: We use an email service provider (currently Mailchimp) to send out our newsletters and marketing emails. If you subscribe to our updates, your name and email address will be stored in Mailchimp’s system so we can create and manage our mailing lists and campaigns. Mailchimp acts as a “data processor” on our behalf for this purpose . They are not permitted to use your information except to send emails as we direct. Mailchimp is a US-based company, but it complies with GDPR requirements for data transfers (participating in the relevant data transfer frameworks and using Standard Contractual Clauses to protect data – see International Data Transfers below) . Every marketing email you receive from us via Mailchimp will include an easy unsubscribe link.
Service Professionals and Partners: In some cases, we may refer you to or coordinate with third-party service professionals to enhance your stay (for example, local tour guides, private chefs, or transportation services), but we would only share your information with such parties at your request or with your consent. By default, we do not send your personal data to any such third party unless it’s necessary and you’ve agreed (for instance, if you ask us to arrange an airport pickup, we’d share your name and arrival details with the taxi service).
Law Enforcement and Legal Requirements: If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, valid government request, or to enforce our Booking Terms & Conditions, we may do so. This includes exchanging information with law enforcement or regulatory authorities when required by law, or disclosing information as necessary to exercise, establish, or defend legal claims. For example, if we suspect fraudulent activity or a crime, we may share data with the appropriate authorities . We will ensure any such disclosure is lawful and limited to what is necessary.

We ensure that all third-party service providers who handle personal data on our behalf (our “data processors”) are contractually obligated to safeguard your information in line with data protection laws. They must act only on our instructions and cannot use your data for their own purposes . We conduct due diligence and take steps to ensure these providers implement adequate security measures.

Aside from the parties above, your data will not be accessible to any other third parties unless you request it or give us permission. If in the future we have any new types of third parties that will receive your data (for example, a new software integration or partner), we will update this Privacy Policy accordingly .

Lastly, our website may contain links to external websites or services (for example, a link to an activity provider’s site, our social media pages, or a third-party booking engine). Please note that if you click those links, you will leave our site and go to a site not controlled by us. We cannot be responsible for the privacy practices of other websites. We encourage you to read the privacy policies of any external sites you visit, as this Privacy Policy applies only to Fresh Escapes’ own website and services .

International Data Transfers

Fresh Escapes is based in the United Kingdom. However, the personal information we collect may be stored and processed in other countries, especially since we use certain third-party services that operate globally. Whenever we transfer or store your data outside of the UK (or the European Economic Area (EEA)), we take steps to ensure your information remains protected with a similar level of security and legal safeguard as it has at home.

Data transfers within the EEA: The UK is considered a “third country” by the EU since Brexit. However, the EU has granted the UK an adequacy decision, which means personal data can freely flow from the EEA to the UK as the UK is deemed to offer adequate data protection. So if you are an EU/EEA resident and book with us, know that your data will be processed in the UK under equivalent protections.

Data transfers outside UK/EEA: If we (or our service providers) transfer your personal data to countries outside the UK and EEA that are not deemed to have adequate data protection laws (for example, to the United States where some of our service providers like Mailchimp or Google are based), we will ensure at least one of the following safeguards is in place:

Standard Contractual Clauses (SCCs): We will use the European Commission’s or UK’s approved standard data protection clauses in our contracts with the non-UK/EEA recipient . These clauses legally require the recipient to protect your data to GDPR standards. For instance, our agreements with Mailchimp and Google incorporate SCCs to cover any EU/UK data that might be processed in the U.S. .
Data Privacy Frameworks: We will rely on recognized data transfer frameworks where available. As of the latest update, the United States has established the EU-U.S. Data Privacy Framework and a UK extension (UK-US Data Bridge) is in progress. Service providers who are certified under these frameworks commit to protect personal data to high standards. Mailchimp, for example, is certified under the applicable Data Privacy Framework for UK and Swiss data, and maintains SCCs as a backup . We anticipate similar compliance from other providers we use.
Adequacy Decisions: If the country has an adequacy decision from the UK government (or European Commission, as applicable), meaning it’s recognized as providing adequate protection, we will rely on that. (For example, if we transfer data to a service in Canada or Japan, those countries currently benefit from adequacy decisions).
Your Explicit Consent or Other Lawful Exceptions: In rare cases, we may transfer data based on your explicit consent (after informing you of possible risks), or if the transfer is necessary for our contract performance (e.g., booking a stay outside the UK and we need to send your data to a foreign hotel or host), or other specific legal exceptions under Article 49 UK GDPR.

We will always ensure any international transfer of your personal data is lawful and secure. If you would like more information about the specific mechanism used for any given transfer of your data, please contact us (see Contact Us below).

Please note that data stored outside of your home country may be subject to lawful access by courts, law enforcement, or other authorities in those jurisdictions. However, our agreements with service providers will include obligations for them to notify us if they receive government requests for personal data, and to challenge unlawful or overbroad requests.

By using our services or submitting your information to us, you acknowledge that your personal data may be transferred to and processed in countries outside your own. Rest assured, we take your privacy seriously regardless of location, and we implement the safeguards described to protect your information wherever it is processed.

Data Retention

We keep your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements . In other words, we do not keep your data forever – we retain it for the shortest duration that we need to, then we securely delete or anonymize it.

The exact retention period will depend on the type of information and the reason we have it:

Booking and Transaction Data: We generally retain records of bookings, payments, and invoices for 6 years after the end of the tax year in which they took place (or longer if required by UK tax law). This is to comply with tax and financial regulations, and to have records in case of any legal claims (the standard limitation period for contract claims in the UK can be up to 6 years).
Customer Communication: Emails or correspondence with you may be kept for up to 2 years after your last interaction with us (unless they contain information that needs to be kept longer for legal reasons). This helps us have context for any follow-up communications and improves our customer service (for example, if you return to us for another booking).
Marketing Data: If you have consented to receive marketing emails, we will retain the personal data needed for that (e.g. your name and email) until you unsubscribe or ask us to delete your information. If you unsubscribe, we may keep your contact details on a suppression list to ensure we honor your no-contact request in the future.
Website Analytics Data: Data collected via Google Analytics is retained for a period of time determined by our Google Analytics settings (typically 26 months by default, though this may be adjusted). After that period, Google may automatically delete the older analytics data. We only see aggregated analytics reports, not personal identifiers, and over time these reports contain no personal data.
Legal Requirements and Disputes: If we are dealing with a legal dispute or we are required by law to retain data longer (for example, due to a litigation hold or an investigation), we will retain the data as necessary until the issue is resolved or the law permits deletion. Similarly, information that is needed to enforce our agreements or to protect our legal rights may be kept as long as is needed for those purposes.

After the retention period has elapsed for a given category of data, we will either delete the personal information securely or anonymize it (so it can no longer be associated with you) for statistical purposes. For example, we might convert your booking history into anonymized statistics (like “number of guests per year”) that contain no personal identifiers.

If we anonymize data, we may use that information indefinitely without further notice, since it no longer identifies any individual.

Retention Example: To illustrate, if you stayed with us in 2025, we would keep the booking details and payment records at least until 2031 to meet financial record-keeping rules . However, your inquiry emails about the booking might be deleted by 2027 if no longer needed. If you signed up for the newsletter in 2025 but then unsubscribed in 2026, we’d remove you from the mailing list in 2026 but keep a note not to email you again.

We periodically review the data we hold and erase or anonymize data that is no longer needed. If you believe we are holding your data longer than we should, or you want us to delete certain information, you have the right to request erasure (see Your Rights next). We will always consider such requests in line with our legal obligations.

Your Rights

As our customer or website user, you have a number of important data protection rights regarding your personal information. We want you to be aware of your rights and we provide ways for you to exercise them . Under the UK GDPR (and similar laws like the EU GDPR), you have the following rights:

Right to be Informed: You have the right to clear and transparent information about how we collect and use your personal data . This Privacy Policy is part of fulfilling that right. We aim to provide all required details here, but if you have any questions about our data practices, please feel free to contact us.
Right of Access: You have the right to access the personal data we hold about you . This means you can ask us to confirm if we’re processing your data and request a copy of that data (commonly known as a “Data Subject Access Request”). We will provide you with a copy of the information in a commonly used format, usually within one month of verifying your identity (we may extend this deadline for complex requests, but we will inform you if that’s the case). Access is free of charge in most cases.
Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to have it corrected or updated . For example, if you notice we have misspelled your name or have an outdated email address, please let us know and we will fix it.
Right to Erasure: This is also known as the “right to be forgotten.” You can ask us to delete or remove your personal data in certain circumstances . For instance, if we no longer need your information for the purpose it was collected, or if you withdraw consent and we have no other legal basis to keep it, or if you object to processing and we have no overriding legitimate interest to continue, you can request erasure. Note that this right is not absolute – sometimes we need to retain data despite a deletion request (for example, we may retain certain records to comply with legal obligations). If that is the case, we will inform you of the reason we cannot delete the data.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain scenarios . This could apply if you contest the accuracy of the data (until we verify it), or if you have objected to processing (pending our verification of overriding grounds), or if processing is unlawful but you prefer restriction over deletion, or if we no longer need the data but you need us to keep it for a legal claim. When processing is restricted, we can still store the data but not use it further until the restriction is lifted (unless it’s to establish or defend legal claims, or to protect another’s rights).
Right to Data Portability: For data you provided to us and which we process by automated means based on your consent or for a contract, you have the right to get that data from us in a structured, commonly used, machine-readable format and/or request that we transmit it to another service provider where technically feasible . In plain terms, this allows you to reuse your information across different services. This right likely won’t apply to most of what we do (since our processing is not typically based on consent or automated in a way that yields such data sets, except perhaps your account info or booking history), but we will accommodate any valid requests.
Right to Object: You have the absolute right to object to direct marketing at any time – if you object, we will stop using your data for marketing purposes . You also have the right to object to other types of processing in certain circumstances. For example, if we are processing your data based on legitimate interests, you can object if you feel it impacts your rights and freedoms. We will then review your objection and unless we have a compelling legitimate reason to continue processing (or the processing is needed for legal claims), we will likely cease the processing in question. Where your objection is to marketing, we will always honor it – no questions asked.
Rights Related to Automated Decision-Making and Profiling: We do not currently make any decisions about you that are purely automated with no human involvement, nor do we profile you in a way that produces legal or similarly significant effects. If that changes in the future, you would have rights to not be subject to a purely automated decision that significantly affects you, and to request human intervention or to contest the decision . Profiling (automated analysis of personal data to evaluate certain aspects, like preferences or behavior) is something we might do on a mild scale for marketing (e.g., to segment our customer list by region or past booking history), but this does not have substantial effects on you and is only done with consent or legitimate interests. Should we ever engage in more impactful automated profiling, we will inform you and protect your rights.
Right to Withdraw Consent: If we are relying on your consent to process any of your personal data (for example, for sending newsletters or for using certain cookies), you have the right to withdraw that consent at any time . Withdrawing consent will not affect the lawfulness of processing we conducted prior to your withdrawal. If you withdraw consent for marketing emails, we will stop sending them. If you withdraw consent for cookies, we will disable those non-essential cookies going forward. There are easy ways to withdraw consent: use the “unsubscribe” link in emails, adjust cookie settings on our site, or contact us directly.

How to Exercise Your Rights: You can exercise any of your rights by contacting us using the details in Contact Us below. Typically, you will not have to pay a fee to exercise these rights, but we may ask you to verify your identity (to ensure we don’t disclose data to the wrong person) . We will respond to your requests as soon as possible, usually within one month. If your request is complex or you’ve made multiple requests, we may extend the deadline by an additional two months, but we will inform you of this. If for some reason we cannot fulfill your request (e.g., deletion when we have a legal obligation to keep data), we will explain our reasoning.

Right to Complain: We hope to resolve any query or concern you raise about our use of your information. Please let us know if you have any issues by contacting us directly – we will do our best to address them. However, if you believe we have not complied with your data protection rights or our obligations, you have the right to lodge a complaint with the supervisory authority in the place you live or work, or where the issue occurred. For the UK, this is the Information Commissioner’s Office (ICO).

This was updated on 13th January 2026.