Privacy Policy

Your privacy matters. Trust is the only metric that compounds.

Introduction

Keystone Rental Advisory ("we", "our", "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share information when you interact with our website or services. It applies to all users of our consulting services for short-term rental automation, guest check-in technologies, and compliance advisory.

We operate in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy is designed in plain sight to ensure transparency. Our registered office is located in the United Kingdom. If you have questions about this policy or how we handle your data, contact us using the details at the end of this document.

What Personal Data We Collect

We collect information necessary to provide consultancy, communicate with you, and improve our services. The types of data we collect include:

  • Identity data: your name, business name, job title.
  • Contact data: email address, phone number, postal address.
  • Technical data: IP address, browser type, device information, operating system, time zone settings, and browsing patterns on our website.
  • Usage data: how you navigate our site, which pages you visit, time spent on pages, referral sources.
  • Marketing and communications data: your preferences for receiving updates, newsletters, or promotional content.
  • Professional data: information you share during consultancy engagements, such as property portfolio details, business objectives, technology requirements, and compliance challenges.

We do not collect special categories of personal data (such as health, biometric, or genetic information) unless explicitly required and consented to for specific consultancy scenarios. We do not knowingly collect data from individuals under the age of 16.

How We Collect Your Data

Data is collected through multiple channels:

  • Direct interactions: when you fill out forms on our website, request a consultation, subscribe to our newsletter, or communicate via email or phone.
  • Automated technologies: cookies, server logs, and analytics tools track your activity on our site. See the Cookies section below for full details.
  • Third parties: occasionally, we receive data from partners, referral networks, or public business directories when you are introduced to us or when publicly available professional information is shared.

How We Use Your Personal Data

We process your data only when we have a lawful basis. The primary legal grounds for processing include:

  • Contractual necessity: to deliver consulting services you have requested or to fulfill a contract we have entered with you.
  • Legitimate interests: to improve our services, understand market trends, protect our business, and maintain the security of our systems.
  • Consent: when you have explicitly agreed to marketing communications or specific uses of your data.
  • Legal obligation: to comply with tax, accounting, or regulatory requirements.

Specific purposes include:

  1. Providing consultancy and advisory services tailored to short-term rental automation, compliance, and guest screening technologies.
  2. Communicating updates, responding to inquiries, and managing client relationships.
  3. Conducting market research, analyzing website performance, and improving user experience.
  4. Sending marketing materials about relevant services, case studies, or industry developments (only where consent has been obtained or legitimate interest applies).
  5. Ensuring the security and integrity of our IT systems and preventing fraud or misuse.

Done is better than dazzling — we focus on clear, purposeful data use rather than collecting information we do not need.

Cookies and Tracking Technologies

Our website uses cookies to enhance functionality and gather analytics. Cookies are small text files stored on your device. We use the following types:

  • Strictly necessary cookies: essential for the website to function (e.g., session management, security features). These cannot be disabled.
  • Performance cookies: collect anonymous data about how visitors use our site, helping us improve layout and content.
  • Functionality cookies: remember your preferences and settings.
  • Marketing cookies: track your activity across websites to deliver relevant advertising (used only with your consent).

When you first visit our site, you are presented with a cookie banner. By clicking "Accept", you consent to the use of all cookie categories. You can withdraw consent at any time by clearing your browser cookies or contacting us. Most browsers allow you to refuse cookies via settings; however, this may limit website functionality.

Third-Party Services and Data Sharing

We share your data with carefully selected third parties only when necessary. These include:

  • Analytics providers: Google Analytics (configured to anonymize IP addresses) helps us understand site traffic and user behavior.
  • Hosting and IT infrastructure: our website and client data are hosted on secure servers operated by trusted providers in the UK and EU.
  • Communication tools: email marketing platforms, CRM systems, and customer support software store contact details and interaction history.
  • Professional advisors: legal, accounting, and insurance consultants may access data where required to provide services to our business.
  • Regulatory authorities: we may disclose data if legally obligated (e.g., tax authorities, law enforcement, or data protection regulators).

All third-party processors are bound by data processing agreements and must comply with GDPR standards. We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

International Data Transfers

We primarily process data within the UK and European Economic Area (EEA). If data is transferred outside these regions (for example, to cloud service providers with global infrastructure), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalency decisions. You have the right to request details of these safeguards by contacting us.

Your Data Protection Rights

Under GDPR and UK data protection law, you have the following rights:

  • Right to access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete information.
  • Right to erasure: request deletion of your data (subject to legal and contractual obligations).
  • Right to restrict processing: limit how we use your data in certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used format, or request transfer to another controller.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time (this does not affect the lawfulness of prior processing).

To exercise any of these rights, contact us via the details below. We will respond within one month. No fee applies unless your request is clearly unfounded or excessive. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have mishandled your data.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy. Retention periods depend on the nature of the data and legal requirements:

  • Consultancy records: retained for six years after the end of a client engagement to comply with accounting and contractual obligations.
  • Marketing data: retained until you unsubscribe or request deletion, or after two years of inactivity.
  • Website analytics: anonymized and retained for up to 26 months.
  • Legal compliance records: kept for the duration required by statute (e.g., tax records for seven years).

Once retention periods expire, data is securely deleted or anonymized.

Data Security

We implement technical and organizational measures to protect your data from unauthorized access, loss, alteration, or disclosure. These include:

  • Encryption of data in transit (using SSL/TLS certificates) and at rest.
  • Access controls ensuring only authorized personnel can view or process data.
  • Regular security audits and vulnerability assessments.
  • Secure backup systems with geographically distributed redundancy.
  • Staff training on data protection and confidentiality obligations.

While we take every reasonable precaution, no internet-based system is completely secure. We cannot guarantee absolute security but commit to promptly addressing any breach and notifying affected individuals as required by law.

Children's Privacy

Our services are directed at business professionals and property managers. We do not knowingly collect data from anyone under the age of 16. If we become aware that we have inadvertently collected such data, we will delete it immediately. Parents or guardians who believe we hold information about a minor should contact us.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. The "last updated" date will appear at the top of this page. Significant changes will be communicated via email or a prominent notice on our website. Continued use of our site or services after updates constitutes acceptance of the revised policy.

Contact Us

If you have questions, concerns, or wish to exercise your data protection rights, please contact us:

Keystone Rental Advisory
42 Gresham Street
London, EC2V 7BN
United Kingdom
Email: hello@keystonerentaladvisory.co.uk
Phone: +44 20 4512 8763

For complaints or escalations, you may also contact the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.