Nor67 Ltd Privacy Policy

Effective Date: [14/09/2025]
Last Updated: [14/09/2025]

Nor67 Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website, make a booking, or otherwise interact with us.

We are the data controller in relation to the personal data you provide to us and we operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

We may collect and process the following personal data:

a) Information you provide directly:

  • Full name

  • Email address

  • Phone number

  • Postal address

  • Booking details (dates, accommodation type, special requests)

  • Payment information (processed securely via third-party providers like Stripe or Inn Style)

  • Communication preferences or feedback

b) Information we collect automatically:

  • IP address

  • Browser type and device information

  • Website usage data (pages visited, time on site, referral source)

  • Cookies and similar tracking technologies (see our Cookies Policy)

2. How We Use Your Personal Data

We use your data for the following purposes:

  • To manage and confirm your booking

  • To communicate with you about your reservation

  • To respond to enquiries or customer service requests

  • To process payments and security deposits

  • To send you relevant service information before, during, or after your stay

  • To improve our website and services

  • To comply with legal obligations

We will only use your personal data where we have a legal basis to do so, including:

  • Contractual necessity – to fulfil a booking or pre-contractual request

  • Legal obligation – where required to comply with laws

  • Legitimate interests – for internal analysis, fraud prevention, and customer service

  • Consent – where you have explicitly agreed (e.g. for marketing communications)

3. Sharing Your Personal Data

We may share your data with the following:

  • Service providers (e.g. booking systems, payment processors, email marketing platforms) who help us run our business

  • Legal authorities if required by law or to protect our legal rights

  • Third-party contractors who perform services on our behalf, or whom you’ve requested we share your data with, under strict confidentiality agreements

We never sell or rent your personal data to third parties.

4. Data Storage and Security

We take appropriate technical and organisational measures to protect your personal data. This includes:

  • Encrypted payment processing via secure third-party platforms (e.g. Stripe)

  • Limited access to your data by authorised staff only

  • Secure server infrastructure and up-to-date software

Despite our efforts, no method of transmission or storage is 100% secure. We encourage you to take reasonable precautions when sharing data online.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Fulfilling your booking and legal/accounting obligations

  • Responding to queries or potential disputes

  • Complying with record-keeping requirements (typically up to 6 years)

Once data is no longer needed, it will be securely deleted or anonymised.

6. Your Data Protection Rights

Under UK data protection laws, you have the right to:

  • Access – request a copy of the personal data we hold about you

  • Rectification – request corrections to any inaccurate or incomplete data

  • Erasure – request that we delete your data (subject to legal requirements)

  • Restrict processing – request limits on how your data is used

  • Data portability – request that we transfer your data to another provider

  • Object – to the use of your data for direct marketing or certain other purposes

  • Withdraw consent – where processing is based on your consent

To exercise your rights, please contact us at: hello@nor67.com