Luxury Hotels Group Ltd (“we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform at luxuryhotels.group (the “Platform”). Please read this policy carefully. If you have any questions, contact us at privacy@luxuryhotels.group.
1. Who We Are
The data controller responsible for your personal data is Luxury Hotels Group Ltd, a company registered in England & Wales. We operate a global marketplace for luxury hotels and ultra-prime real estate, present in 89 countries, and have done so for over 17 years.
We process personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and — where applicable to individuals located in the European Economic Area — the EU General Data Protection Regulation (“EU GDPR”). For EEA-resident data subjects, we act as a data controller and have implemented appropriate safeguards for cross-border data transfers.
2. What Data We Collect
Account Data
When you register, we collect your name, email address, phone number, and professional role (e.g., property owner, estate agent, hotel operator). This information is necessary to create and manage your account and to deliver the services you have requested.
Listing Data
When you submit a property or hotel listing, we collect the details you provide, including descriptions, pricing information, photography, location data, and any other materials uploaded to the Platform. Where you submit content on behalf of a business or third party, you confirm you are authorised to do so.
Payment Data
Subscription payments are processed by Stripe, Inc., our third-party payment processor. We do not store your full card number, CVV, or bank account details — these are handled exclusively by Stripe in accordance with PCI-DSS requirements. We retain only a payment reference, transaction ID, and billing information (name and postcode) for accounting and fraud prevention purposes.
Usage Data
We automatically collect certain technical information when you use the Platform, including your IP address, browser type and version, operating system, pages visited, time spent on pages, referral sources, and device identifiers. We use this information to improve Platform performance, diagnose technical issues, and understand how users engage with our content.
Communications
If you contact us via the contact form, email, or through an enquiry, we retain a record of your correspondence, including your name, email address, and the content of your message, in order to respond to your enquiry and maintain a communication history.
3. How We Use Your Data
We use your personal data for the following purposes:
- —Service delivery: creating and managing your account, publishing your listings, processing payments, and facilitating connections between buyers and listers.
- —Service communications: sending transactional emails such as account confirmations, listing approvals, payment receipts, and security alerts.
- —Marketing: with your prior consent, sending you editorial newsletters, curated property highlights, and information about our services. You may withdraw consent at any time.
- —Platform improvement: analysing aggregated usage data to improve features, performance, and user experience.
- —Legal compliance & fraud prevention: complying with applicable laws and regulations, preventing fraudulent activity, and enforcing our Terms of Service.
4. Legal Basis for Processing (UK GDPR Article 6)
We process your personal data under the following legal bases:
Contract Performance
Processing your account data and listing data is necessary to perform the contract between us — i.e., providing you with access to and functionality of the Platform in accordance with our Terms of Service. Without this processing, we cannot deliver the services you have requested.
Legitimate Interests
We process usage data and communication records on the basis of our legitimate interests in operating and improving the Platform, preventing fraud and abuse, and maintaining the security of our systems. We have balanced these interests against your rights and determined that our legitimate interests are not overridden by your interests or fundamental rights in these cases.
Consent
Where we send you marketing communications or place non-essential cookies on your device, we do so only on the basis of your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time by clicking “unsubscribe” in any marketing email or by contacting us at privacy@luxuryhotels.group.
Legal Obligation
We process certain data to comply with our legal obligations, including tax and accounting requirements, anti-money laundering regulations, and obligations to respond to lawful requests from competent authorities.
5. Data Sharing
We do not sell your personal data to third parties under any circumstances. We share your data only in the following limited circumstances:
- —Payment processing: Stripe, Inc. processes payment card data on our behalf. Stripe is PCI-DSS Level 1 certified and operates under a data processing agreement with us.
- —Analytics providers: We share anonymised, aggregated usage data with analytics service providers to understand Platform performance. No individually identifiable data is shared for this purpose.
- —Legal requirements: We may disclose your data if required to do so by law, court order, or at the request of a competent regulatory or law enforcement authority, or where necessary to protect our legal rights or the safety of others.
- —Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred as part of that transaction, subject to the incoming controller honouring the commitments in this Privacy Policy.
6. International Transfers
As a platform operating across 89 countries, some of our service providers and partners are located outside the UK and the European Economic Area (“EEA”). Where we transfer personal data to countries that have not been recognised as providing an adequate level of data protection, we ensure appropriate safeguards are in place.
These safeguards include the use of the UK International Data Transfer Agreement (“IDTA”) and, where applicable, the EU Standard Contractual Clauses (“SCCs”) approved by the European Commission. You may request details of the specific safeguards applicable to any particular transfer by contacting us at privacy@luxuryhotels.group.
7. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The following indicative retention periods apply:
| Data Type | Retention Period |
|---|---|
| Account & listing data | Duration of relationship + 7 years |
| Payment & transaction records | 7 years (statutory accounting requirement) |
| Enquiry & contact form data | 3 years from last contact |
| Analytics data | 26 months (aggregated thereafter) |
| Marketing consent records | Until withdrawal of consent + 3 years |
Upon expiry of the relevant retention period, we will securely delete or anonymise your personal data in accordance with our data disposal procedures.
8. Your Rights
Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at privacy@luxuryhotels.group. We will respond to all verified requests within one month.
- —Right of access: You have the right to obtain a copy of the personal data we hold about you, together with supplementary information about how we process it.
- —Right to rectification: You have the right to require us to correct any inaccurate personal data we hold about you without undue delay.
- —Right to erasure: In certain circumstances, you have the right to require us to delete your personal data (“the right to be forgotten”), for example where it is no longer necessary for the purpose for which it was collected.
- —Right to restriction of processing: In certain circumstances, you have the right to require us to restrict our processing of your personal data, for example while the accuracy of that data is contested.
- —Right to data portability: Where processing is based on your consent or the performance of a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
- —Right to object: You have the right to object at any time to our processing of your personal data where that processing is based on our legitimate interests, including profiling for direct marketing purposes.
- —Right to withdraw consent: Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) at ico.org.uk if you consider that our processing of your data infringes the UK GDPR. EEA residents may also lodge a complaint with their local supervisory authority.
10. Children
The Platform is not directed at or intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you believe that your child has provided us with personal data without your consent, please contact us immediately at privacy@luxuryhotels.group and we will take steps to delete that data promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the nature of our services. Where we make material changes — for example, changes to the categories of data we collect, the purposes for which we use it, or the parties with whom we share it — we will notify you by email (using the address associated with your account) and by posting a prominent notice on the Platform at least 30 days before the changes take effect. We encourage you to review this policy periodically. The “last updated” date at the top of this page indicates when it was most recently revised.
12. Contact & Data Protection Officer
If you have any questions about this Privacy Policy, wish to exercise any of your data protection rights, or have concerns about how we handle your personal data, please contact us at:
For data protection queries specifically — including subject access requests, erasure requests, or complaints — please mark your correspondence for the attention of our Data Protection Officer (“DPO”) at the same email address. Our DPO is responsible for overseeing our compliance with UK GDPR and will respond to your request within the statutory timeframe.
© 2026Luxury Hotels Group Ltd. All rights reserved. Registered in England & Wales. This Privacy Policy was last updated in January 2026. For our Terms of Service, visit luxuryhotels.group/terms.
