My-Apartments Privacy Policy

This privacy policy sets out how we use and protect any information given to us by you directly or by an agent acting on your behalf.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified you can be assured that it will only be used in accordance with this privacy policy.

What we collect

We collect the following information:

  • Name 

We take the name of a ‘lead’ guest for identification.

  • Home/ billing address  

For the purposes of processing payment and returning lost property.

  • Telephone number 

So that we can contact you to discuss your stay with us, such as your arrival time.

  • Email address 

To provide you with confirmation of your reservation, a 7-day reminder prior to your arrival and any communication pertinent to your reservation.

  • Credit/ debit card number, expiry date and card verification code (CVC)

To process payment for your stay and any additional services provided to you.

What we do with the information we gather

We need to collect, hold and process information about you to meet our business requirements and provide you with our services. This includes the following.

  • Creating your reservation on our in-house reservation management system. 
  • Processing payment for your reservation. 
  • Communicating with you by phone, mail and email.

What we won’t do 

  • We will not sell, distribute or lease your personal information to anyone.

Who we share your information with

We do not share your personal information with anyone outside of My-Apartments except in circumstances where it may be required by a third party to deliver their service to you. For example, in arranging transportation on your behalf we may need to share your name, contact telephone number and destination. 

Legal basis

Our intended purpose for processing your personal data is to meet our business requirements and provide you with our services. The legal basis for which is contractual, we need to process personal data to fulfill our contractual obligations with that individual.


We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. 

Retention period

We retain personal data for a period of up to 12 months at which point it is destroyed.

Your rights

  1. The right to be informed – Individuals have the right to be informed about the collection and use of their personal data.
  2. The right of access – Individuals have the right to access their personal data.
  3. The right to rectification – Individuals have the right to have inaccurate personal data rectified or completed if it is incomplete. 
  4. The right to erasure – Individuals have the right to have personal data erased. 
  5. The right to restrict processing – Individuals have the right to request the restriction or suppression of their personal data.
  6. The right to data portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
  7. The right to object – Individuals have the right to object to the processing of their personal data in certain circumstances.
  8. Rights in relation to automated decision making and profiling. – The GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.” [Article 22(1)]

You also have the right to lodge a complaint with a supervisory authority if you consider the processing of your personal data infringes the General Data Protection Regulation. In the UK the supervisory authority is the Information Commissioners Office. 

Changes to our privacy policy

We may change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.