Features Pricing About Contact
Log in Start Free

Legal

Privacy Policy

Last updated: 13/04/2026

This Privacy Policy explains how Owners HQ Ltd ("we", "us", "our") collects, uses, and protects personal data when you use our platform at ownershq.com, manage.ownershq.com, and related services (the "Platform").

We are committed to protecting your personal data and handling it in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR).

1. Who We Are

Owners HQ Ltd is a company registered in England and Wales under company number 08450204, with its registered office at 3 Melton Park, Redcliff Road, Melton, East Yorkshire, England, HU14 3RS.

For any privacy-related questions or requests, you can contact us at info@ownershq.com.

2. Our Role: Controller and Processor

The Platform is used by property owners ("Owners") to manage bookings from their guests ("Guests"). Our role under data protection law depends on whose data we are processing and for what purpose:

2.1 When We Are the Controller

We are the data controller for:

  • Owner account data: information you provide when you register and use the Platform as an Owner;
  • Website visitor data: information collected from visitors to our marketing site, including via cookies and analytics;
  • Operational data: data we process for our own business purposes, including billing, fraud prevention, security, and service improvement;
  • Guest data processed for our own purposes: for example, where we need to retain transactional records to meet our legal obligations, or to provide Guests with support relating to their use of the Platform.

This Privacy Policy describes how we handle data where we are the controller.

2.2 When We Are a Processor

When an Owner uses the Platform to manage their bookings, we process Guest personal data (such as name, email, booking details, and payment information) on behalf of the Owner. In this context:

  • The Owner is the data controller of that Guest data;
  • We act as the Owner’s data processor, processing the data only in accordance with their instructions and our agreement with them;
  • Guests should refer to the Owner’s own privacy notice to understand how their data is used in connection with their booking.

If you are a Guest with questions about how your data is being used for your booking, you should contact the Owner directly in the first instance. We will of course still respond to rights requests where required by law.

3. Personal Data We Collect

3.1 Owner Data

When you register and use the Platform as an Owner, we collect:

  • Identity and contact data: name, email address, phone number, business name (where applicable);
  • Account data: login credentials, account settings, preferences;
  • Property data: property details, photos, and content you upload;
  • Booking data: booking records, payment schedules, Guest contact details you enter, rental agreements you upload;
  • Financial data: billing address, VAT number (if applicable), and information relating to Stripe Connect onboarding. Full payment credentials (card numbers, bank details) are handled by Stripe and are not stored by us;
  • Communications data: messages, support queries, and other correspondence with us;
  • Usage data: how you interact with the Platform, including log data, IP address, browser type, and device information.

3.2 Guest Data (Where We Are Controller)

Where we process Guest data for our own purposes — for example, to send transactional emails, retain records for legal compliance, or provide support — we collect:

  • Name and email address;
  • Booking details (property, dates, payment amounts);
  • Payment transaction records;
  • Audit information relating to rental agreement signing (timestamp, IP address);
  • Communications with our support team.

3.3 Website Visitor Data

When you visit our marketing site, we may collect:

  • IP address, browser type, device, and operating system;
  • Pages viewed, referring site, and session information;
  • Information provided via contact forms or sign-up pages.

See our Cookie Policy for details of cookies and similar technologies used.

4. How We Use Personal Data and Our Legal Bases

We only process personal data where we have a lawful basis to do so. The main bases we rely on are:

Purpose Lawful basis
Providing the Platform to Owners (account management, booking management, payment processing) Contract
Sending transactional emails (confirmations, receipts, reminders) on behalf of Owners Contract (with Owner); legitimate interests in operating the service
Billing Owners and collecting fees Contract
Complying with legal, tax, and accounting obligations Legal obligation
Preventing fraud, abuse, and securing the Platform Legitimate interests
Improving the Platform and developing new features Legitimate interests
Sending marketing communications to Owners about our services Legitimate interests or consent, depending on context
Responding to support queries Contract; legitimate interests
Responding to legal claims or regulatory requests Legal obligation; legitimate interests

Where we rely on legitimate interests, we balance those interests against your rights and only proceed where we consider the processing is proportionate and does not override your interests.

You can object to processing based on legitimate interests (see Section 9).

5. Sharing Personal Data

We do not sell personal data. We share it only with:

  • Stripe, our payment processor, to process payments and manage Stripe Connect accounts. Stripe is a separate data controller for the data it processes for its own purposes. See stripe.com/privacy;
  • Hosting, infrastructure, and software providers that help us run the Platform (for example, cloud hosting, email delivery, analytics, customer support tools). These providers act as processors under contracts that require appropriate data protection safeguards;
  • Professional advisers such as accountants, auditors, and legal advisers where necessary;
  • Regulatory and law enforcement authorities where we are legally required to disclose information;
  • A buyer or successor in the event of a merger, sale, or reorganisation of our business;
  • Owners and Guests as necessary to operate the service (for example, a Guest receives data about their own booking; an Owner sees data about their Guests’ bookings).

A list of our current key sub-processors is available on request.

6. International Transfers

Some of our service providers are based outside the UK or EEA. Where personal data is transferred internationally, we rely on appropriate safeguards, which may include:

  • The UK and/or EU adequacy decisions for the recipient country;
  • Standard Contractual Clauses approved by the UK Information Commissioner’s Office or the European Commission, together with the UK International Data Transfer Addendum where applicable;
  • Other lawful transfer mechanisms permitted under applicable law.

You can request further information about the safeguards we use by contacting us.

7. How Long We Keep Data

We keep personal data only for as long as necessary for the purposes it was collected, including to meet legal, tax, accounting, and regulatory requirements.

Typical retention periods:

  • Owner account data: for the duration of the account, and for up to 7 years after closure to meet legal and tax obligations;
  • Booking and payment records: up to 7 years after the booking, in line with UK tax record-keeping rules;
  • Support communications: up to 3 years after the last contact;
  • Website analytics data: typically up to 26 months;
  • Marketing data: until you unsubscribe or we conclude the data is no longer needed.

Where we are a processor for Guest data, retention is determined by our instructions from the Owner, subject to our own overriding legal obligations.

8. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encryption in transit, access controls, secure hosting infrastructure, and regular review of our security practices. Payment card data is handled by Stripe under PCI-DSS standards and is not stored on our systems.

No system is entirely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify the Information Commissioner’s Office and, where required, affected individuals.

9. Your Rights

Under data protection law, you have the following rights in respect of personal data we hold about you as a controller:

  • Access: request a copy of the data we hold about you;
  • Rectification: request correction of inaccurate or incomplete data;
  • Erasure: request deletion of your data, subject to certain exceptions;
  • Restriction: request that we restrict processing in certain circumstances;
  • Portability: request a copy of data you provided to us in a structured, machine-readable format;
  • Objection: object to processing based on legitimate interests, or to direct marketing at any time;
  • Withdraw consent: where processing is based on consent, withdraw it at any time (this does not affect the lawfulness of processing before withdrawal);
  • Complain: lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, contact us at info@ownershq.com. We will respond within one month, although complex requests may take longer (we will let you know if so).

If you are a Guest and your request relates to how an Owner is using your data for your booking, we will forward the request to the Owner where appropriate, or respond directly where we are legally required to.

10. Marketing

We may send marketing communications to Owners about our services. You can opt out at any time by using the unsubscribe link in any marketing email or by contacting us.

We do not send marketing communications to Guests. Transactional emails (such as booking confirmations, payment reminders, and receipts) are not marketing and are necessary for the service to operate.

11. Cookies

We use cookies and similar technologies on our website. Full details are in our Cookie Policy.

12. Children

The Platform is not intended for children and we do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top shows when it was most recently revised. Where changes are material, we will notify you by email or via the Platform.

14. Contact Us

Questions, concerns, or requests relating to this Privacy Policy should be sent to:

Owners HQ Ltd
3 Melton Park, Redcliff Road, Melton, East Yorkshire, England, HU14 3RS
Email: info@ownershq.com

You can also contact the UK Information Commissioner’s Office at ico.org.uk or on 0303 123 1113.