Reset Password

Submit Property
  1. Home
  2. Terms and Conditions
Your search results

Terms and Conditions

Privacy Policy for Coast Nest Holidays
Effective Date: 18 June 2025

1. Introduction
Coast Nest Holidays (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website https://coastnest.co.uk (the “Site”) or use our services, in accordance with the UK Data Protection Act 2018 and UK GDPR.

By accessing or using our Site and services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.

2. Data Controller

  • Entity Name: Coast Nest Limited (trading as Coast Nest Holidays)

  • Company Number: 16465346

  • Registered Address: 17 Collingtree Court Olton Solihull, England

  • Email for Privacy Queries: admin@coastnest.co.uk

  • Data Protection Officer or Contact: admin@coastnest.co.uk

Coast Nest Limited is the data controller responsible for determining purposes and means of processing personal data collected via the Site.

3. What Personal Data We Collect
We only collect personal data you voluntarily provide or that is necessary for our services. Categories include:

  1. Account & Profile Data

    • Name, email address, telephone number, postal address (optional unless required for booking), password (securely hashed), profile preferences.

    • If you sign up via Facebook Login (Meta Login), we receive only the data you consent to share (e.g., name, email, profile picture URL, Meta user ID), strictly for account creation/authentication or personalization.

  2. Booking Information

    • Guest names, contact details, stay dates, property selected, special requests, any additional information required to fulfill the booking.

    • Payment-related data: we do not store full payment card details on our servers; payments are processed via third-party gateways (e.g., PayPal, Stripe). We may retain transaction identifiers or receipts as required for records.

  3. Communications Data

    • Messages you send via contact forms, email, WhatsApp Business, or support channels. This includes any files/screenshots you provide to troubleshoot.

    • Marketing preferences if you opt in to newsletters or promotional communications.

  4. Usage & Technical Data

    • IP address, browser type/version, device type, operating system, referring URLs, pages visited, time and date stamps, clickstream data, error logs, and similar analytics data collected via cookies or server logs.

  5. Optional Data

    • If you participate in promotions or surveys, we may collect additional information you provide (e.g., feedback, survey responses).

We do not knowingly collect data from children under 18. If we learn we have inadvertently done so, we will promptly delete it.

4. Lawful Bases for Processing
Under UK GDPR, we rely on one or more of the following lawful bases:

  • Contractual Necessity: Processing is necessary to perform the booking contract you enter into (e.g., to confirm and manage your reservation).

  • Legal Obligation: To comply with legal or regulatory requirements (e.g., record-keeping for tax, responding to lawful requests).

  • Legitimate Interests: For purposes such as improving our services, fraud prevention, analytics, IT security, provided these interests are not overridden by your rights. We assess legitimate interests carefully.

  • Consent: Where we ask for your consent (e.g., marketing emails, cookies beyond strictly necessary). You may withdraw consent at any time.

  • Vital Interests: Unlikely for our context, except in exceptional circumstances (e.g., health/safety emergencies).

  • Performance of a Public Task: Not typically applicable.

We will inform you where processing relies on consent (e.g., email newsletters or non-essential cookies) and allow you to opt in or out.

5. How We Use Your Personal Data
We use your data for the following purposes:

  • Account Creation & Authentication: To set up your user account, allow you to log in (including via Facebook Login), and secure your access.

  • Booking Management: To process your reservation requests, send confirmations, reminders, and any information needed for your stay (e.g., check-in instructions, discounted ferry details shared within 24 hours).

  • Payments: To facilitate payment processing via third-party gateways. We pass only required payment data to those processors; we do not store full card details ourselves.

  • Customer Service & Support: To respond to your inquiries, handle issues, provide assistance before, during, or after your stay.

  • Marketing & Promotions: If you opt in, to send newsletters, promotional offers, and updates about Coast Nest Holidays. You may unsubscribe at any time via the link in emails or by contacting us.

  • Personalisation & Recommendations: To tailor suggestions (e.g., local attractions, special offers) based on your profile or past stays, where you have consented or where legitimate interest applies.

  • Analytics & Site Improvement: To analyse how users interact with our Site, detect usage patterns, improve functionality, and plan new features. We use aggregated or anonymized data whenever possible.

  • Legal Compliance & Fraud Prevention: To comply with legal obligations (e.g., maintaining records for statutory periods), detect and prevent fraudulent or malicious activity.

  • Discounted Ferry Coordination: When offering discounted ferry bookings, we collect just the necessary booking information and share it with ferry partners to arrange tickets; this occurs after your booking confirmation, within 24 hours.

We do not use your data for purposes beyond those above without notifying you or obtaining additional consent where required.

6. Cookies and Tracking Technologies
We use cookies and similar technologies to enable Site functionality and analytics:

  • Essential Cookies: Required for core features (e.g., login sessions, booking flow). Cannot be disabled if you wish to use those features.

  • Analytics Cookies: To measure Site performance (e.g., Google Analytics or similar). Collected under legitimate interests; you may opt out via cookie banner or browser settings.

  • Functional Cookies: To remember preferences (e.g., language, display settings).

  • Third-Party Cookies: May arise from embedded content (e.g., social media widgets, Facebook Pixel used solely for login analytics). We document these in our Cookie Notice/banner and allow you to accept/decline non-essential cookies.

You can manage or block cookies via your browser settings, but some Site features may not work correctly if essential cookies are blocked.

7. Sharing and Disclosure of Personal Data
We share personal data only as necessary and with appropriate safeguards:

  • Service Providers / Data Processors:

    • Hosting & Infrastructure: e.g., Hostinger or other cloud providers for Site hosting and backups.

    • Platform & Plugins: WordPress, WP Rentals theme, booking plugins, analytics tools.

    • Payment Gateways: PayPal, Stripe, or similar; we share limited transaction data for payment processing.

    • Email/Marketing Services: Mailchimp, Constant Contact, or similar for sending newsletters/transactional emails.

    • Support Tools: WhatsApp Business API, helpdesk software for customer support.

    • Analytics Providers: Google Analytics or equivalent for usage insights.

    • Ferry Partners: To arrange discounted ferry bookings, we share only the information strictly necessary (e.g., passenger names, dates) per your consent/agreement.

    • Developers/Agencies: Any contracted parties performing maintenance or development; they access data only as needed under confidentiality obligations.

  • Legal and Regulatory Authorities: If required by law (e.g., court order, lawful request), we may disclose personal data. We review such requests for legality and, where permitted, seek to minimize data disclosed.

  • Business Transfers: If we reorganize, merge, or sell our business or assets, user data may be transferred as part of that transaction, subject to confidentiality and data protection obligations.

  • Aggregated/Anonymized Data: We may share aggregated statistics (not personally identifiable) with partners or publicly for marketing or improvement purposes.

We do not sell or rent your personal data to third parties for marketing.

8. International Data Transfers
Your data may be processed or stored in the UK/EU or transferred to service providers outside the UK/EU (e.g., cloud servers). Where transfers occur, we ensure appropriate safeguards, such as:

  • UK adequacy decisions or EU adequacy mechanisms, or

  • Standard Contractual Clauses approved for data transfers, or other legally recognized mechanisms.
    We limit transfers to what is necessary for the services we provide.

9. Data Retention
We retain personal data only as long as necessary for the purposes set out, considering:

  • Booking & Financial Records: Retained for at least the period required by UK tax and accounting laws (typically up to 6 years).

  • Account Information: Retained while your account is active. If you delete your account, we may retain minimal data (e.g., anonymized booking history) for legal compliance, fraud prevention, or legitimate interests.

  • Marketing Data: Retained until you unsubscribe or withdraw consent; we keep consent records for compliance.

  • Support Records: Retained as needed to resolve support issues or for future reference, subject to periodic review.

  • Cookie/Analytics Data: Retention periods as per our analytics provider settings; aggregated data may be kept longer in anonymized form.

After retention periods expire, we securely delete or anonymize personal data.

10. Your Rights
Under UK GDPR, you have rights as a data subject. To exercise these rights, contact privacy@coastnest.co.uk. We aim to respond within one month unless a complex request requires extension (we will notify you). Your rights include:

  • Right of Access: Request a copy of personal data we hold about you.

  • Right to Rectification: Correct inaccurate or incomplete data.

  • Right to Erasure (“Right to be Forgotten”): Delete your personal data where no legal requirement prevents it.

  • Right to Restrict Processing: Ask us to suspend processing in certain circumstances (e.g., while accuracy is contested).

  • Right to Data Portability: Receive your data in a structured, machine-readable format for transfer to another controller, where applicable.

  • Right to Object: Object to processing based on legitimate interests or direct marketing.

  • Right to Withdraw Consent: Withdraw consent for processing where consent is the basis (e.g., marketing, cookies). This does not affect processing done prior to withdrawal.

  • Right to Lodge Complaint: If you believe we have infringed your rights, you may complain to the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/.

11. Security Measures
We implement appropriate technical and organizational measures to protect personal data, such as:

  • HTTPS/TLS encryption for data in transit.

  • Secure hosting environments with firewalls, access controls, regular patches.

  • Access management for admin interfaces (strong passwords, limited privileges).

  • Encryption or tokenization for sensitive data where applicable.

  • Regular backups, secure disposal of data when no longer needed.

  • Vendor assessments to ensure third-party processors maintain adequate security.

Despite these measures, no system is 100% secure. In case of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO as required by law.

12. Cookies and Similar Technologies
See our separate Cookie Notice or banner for details on cookies used, purposes, and how to manage preferences. Broadly:

  • We use essential cookies for core site functionality.

  • We use analytics and functional cookies with your consent or under legitimate interests.

  • You can control cookies via browser settings or our cookie banner.

13. Third-Party Links
Our Site may link to third-party websites or services (e.g., social media pages, affiliate links). This Privacy Policy does not cover those external sites. We encourage you to review their privacy policies before providing personal data.

14. Children’s Privacy
Our services are intended for adults (18+). We do not knowingly collect data from minors. If you believe we have inadvertently collected data from someone under 18, please contact us at privacy@coastnest.co.uk; we will promptly delete it.

15. Changes to This Privacy Policy
We may update this policy to reflect changes in our practices or legal requirements. We will revise the “Effective Date” at the top. We encourage you to review this page periodically. Continued use of the Site after changes indicates acceptance of the updated policy.

16. How to Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact:

17. Disclaimer
This Privacy Policy is based on publicly available guidance as of the Effective Date and is provided for informational purposes. It does not constitute legal advice. While drafted to align with UK GDPR and related laws, you assume responsibility for ensuring ongoing compliance. If your operations change significantly, or laws update, you should review and adjust this policy accordingly.