Privacy Policy

Privacy Policy

Last updated: April 2026

This policy applies to globalstay.co.uk and all services operated by Ya-Fatahoo Solutions Limited trading as Global Stay.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). For users in the European Union, this policy also references GDPR (EU) 2016/679 where applicable. For users in the United States of America, please note that we are a UK-registered company and UK data protection law governs how we handle your data.

1. Who We Are and How to Contact Us

Global Stay is a trading name of Ya-Fatahoo Solutions Limited, a company registered in England and Wales (Company No: 16175087) and VAT registered (VAT No: 486839425). Our registered address is 249 Barnsley Road, Sheffield, S4 7AD, England.

For the purposes of UK GDPR, Ya-Fatahoo Solutions Limited is the data controller for all personal information collected through the website globalstay.co.uk and through our hotel booking and enquiry services.

Data Controller Contact Details:

  • Email: info@globalstay.co.uk
  • Phone: +44 7481 153593
  • Post: Ya-Fatahoo Solutions Limited, 249 Barnsley Road, Sheffield, S4 7AD, England

2. What Personal Information We Collect

We collect personal information that you provide to us directly when you:

  • Submit a hotel quote request or enquiry through our website forms
  • Contact us by email, phone, or WhatsApp
  • Register interest in our services
  • Correspond with us by any means

The personal information we may collect includes:

  • Full name
  • Email address
  • Phone number and WhatsApp number
  • Country of residence
  • Travel details, including destination, dates, group size, and budget preferences
  • Any additional information you choose to provide in correspondence

We also automatically collect certain technical information when you visit our website, including your IP address, browser type, operating system, pages visited, time spent on pages, and referring URL. This is collected through cookies and website analytics tools, including Google Analytics.

3. How We Use Your Personal Information

We use the personal information we collect to:

  • Respond to your hotel enquiries and provide personalised hotel sourcing quotes
  • Source and arrange hotel bookings with third-party suppliers on your behalf
  • Communicate with you about your enquiry or booking
  • Send you relevant information about our services where you have consented or where we have a legitimate interest
  • Improve our website and services
  • Comply with our legal obligations under UK law
  • Protect against fraud and misuse of our services

4. Legal Basis for Processing Under UK GDPR

We process your personal data on the following legal bases under UK GDPR:

  • Contract (Article 6(1)(b)): Processing is necessary to respond to your hotel enquiry and fulfil any resulting hotel booking service
  • Legitimate interests (Article 6(1)(f)): To improve our services, communicate with you about relevant offers, and protect our business interests — where these do not override your fundamental rights
  • Consent (Article 6(1)(a)): Where you have explicitly agreed to receive marketing communications
  • Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with UK law, including tax, accounting, and anti-money laundering obligations

5. How We Share Your Information

We do not sell your personal information to third parties under any circumstances. We may share your information with:

  • Hotel suppliers and B2B partners: To source and confirm your hotel booking. Suppliers may be located in the UK, Saudi Arabia, Japan, or other countries. Where data is shared internationally, we ensure appropriate safeguards are in place
  • IT and hosting service providers: Including Hostinger (website hosting, servers located in the United Kingdom and European Union) and IONOS (email services)
  • Google Analytics: For website analytics using anonymised and aggregated data
  • WPForms: Our website enquiry form processor, which stores form submissions on our server
  • Travelpayouts: Our affiliate marketing platform. Where affiliate links are clicked, Travelpayouts may collect anonymised click and conversion data, subject to their own privacy policy
  • Legal and regulatory authorities: Where required by law, court order, or regulatory requirement

All third parties we engage are required to handle your data securely and in accordance with UK data protection law or equivalent international standards.

6. International Data Transfers

Some of our hotel suppliers and partners are based outside the UK and European Economic Area (EEA), including in Saudi Arabia, Japan, and the United States of America. Where we transfer personal data internationally, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements — including standard contractual clauses or adequacy decisions where applicable. If you would like information about the specific safeguards we use for international transfers, please contact us at info@globalstay.co.uk.

7. How Long We Keep Your Information

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Hotel enquiry data — up to 2 years from your last contact, after which data is securely deleted unless you have made a booking
  • Booking records — up to 7 years for tax, accounting, and legal compliance purposes under UK law
  • Marketing consent records — until you withdraw consent, after which we will suppress your data rather than delete it to ensure we honour your preference
  • Website analytics data — in accordance with Google Analytics’ own retention settings, typically 26 months

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data. To exercise any of these rights, contact us at info@globalstay.co.uk. We will respond within 30 days:

  • Right of access (Article 15): You can request a copy of the personal data we hold about you
  • Right to rectification (Article 16): You can ask us to correct inaccurate or incomplete data
  • Right to erasure (Article 17): You can ask us to delete your data in certain circumstances, subject to our legal retention obligations
  • Right to restrict processing (Article 18): You can ask us to limit how we use your data in certain circumstances
  • Right to data portability (Article 20): You can request your data in a portable, machine-readable format where technically feasible
  • Right to object (Article 21): You can object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal
  • Rights related to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects

9. Cookies and Tracking Technologies

Our website uses cookies to improve your experience and analyse website performance. Cookies are small text files stored on your device when you visit our website.

We use the following types of cookies:

  • Essential cookies: Required for the website to function properly, including WordPress session cookies and security cookies. These cannot be disabled without affecting website functionality
  • Analytics cookies: Google Analytics cookies to understand how visitors use our website. Data is anonymised and aggregated. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout
  • Performance cookies: LiteSpeed Cache cookies to improve website loading speed
  • Affiliate tracking cookies: Travelpayouts affiliate programme cookies that track clicks on affiliate links. These are activated only when you click an affiliate link on our website

You can control and manage cookies through your browser settings. Disabling certain cookies may affect website functionality. For more information about managing cookies, visit allaboutcookies.org.

10. Affiliate Disclosure

Global Stay participates in affiliate marketing programmes including Travelpayouts, the Commission Junction (CJ) Affiliate network, and the Booking.com Affiliate Programme. This means that certain links on our website and in our content may be affiliate links — if you click a link and make a purchase or booking, we may earn a commission from the relevant company at no additional cost to you.

Affiliate relationships do not influence our editorial content, recommendations, or hotel sourcing advice. We only recommend services we believe may be genuinely useful to our clients.

This disclosure is made in compliance with the UK Advertising Standards Authority (ASA) guidelines, the Competition and Markets Authority (CMA) guidelines on online reviews and endorsements, and the United States Federal Trade Commission (FTC) disclosure requirements for affiliate marketing.

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect your information against unauthorised access, loss, alteration, or disclosure. Our security measures include:

  • SSL encryption (HTTPS) across the entire globalstay.co.uk website
  • Website hosting on Hostinger’s UK and EU servers with LiteSpeed Cache security
  • Secure business email via IONOS with DKIM and SPF authentication
  • Password-protected WordPress administration access
  • Regular software updates and security patches

Despite these measures, no internet transmission is completely secure. If you have concerns about the security of your data, please contact us at info@globalstay.co.uk.

12. Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16 without verifiable parental consent. If you believe we have inadvertently collected information from a child under 16, please contact us immediately at info@globalstay.co.uk and we will take steps to delete the relevant data.

13. Third-Party Websites

Our website may contain links to third-party websites including hotel supplier websites, booking platforms, and affiliate partners. This Privacy Policy applies only to globalstay.co.uk. We are not responsible for the privacy practices of third-party websites and recommend you review their privacy policies before providing any personal information.

14. Your Right to Complain

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) — the UK’s independent data protection regulator:

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns directly before you contact the ICO — please email us first at info@globalstay.co.uk and we will respond within 30 days.

If you are located in the European Union, you also have the right to complain to your local EU data protection supervisory authority.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any material changes will be posted on this page with an updated date. We encourage you to review this policy periodically. Where changes are significant, we will take reasonable steps to notify you — for example by displaying a notice on our website.

16. How to Contact Us

For any questions about this Privacy Policy, to exercise your data rights, or to raise a concern about how we handle your personal information:

  • Email: info@globalstay.co.uk
  • Phone: +44 7481 153593
  • Post: Data Protection, Ya-Fatahoo Solutions Limited, 249 Barnsley Road, Sheffield, S4 7AD, England
Legal basis: This Privacy Policy has been prepared in compliance with the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and relevant guidance from the Information Commissioner’s Office (ICO). For users in the European Union, we also reference GDPR (EU) 2016/679. For users in the United States, this policy addresses FTC affiliate disclosure requirements. Nothing in this Privacy Policy constitutes legal advice — if you require legal advice about data protection matters, please consult a qualified solicitor.