Privacy notice

Deluxe London is a trading name of Dormus Design Collective, a sole trader based at Flat 4, Kennington Park House, London, SE11 4JT. We are the data controller for the personal data we collect through this website and through your booking. You can reach us by email at hello@deluxelondon.com.

When you send a booking request through this website we collect your name, your email address, your phone number where you choose to give it, your country, the dates you want to stay, the number of guests and any message you send us. If you reply to us through your booking page we also store the messages you send. We collect the standard technical information that any website creates, such as the time of your visit and the pages you looked at.

As part of confirming a booking we run a short identity check. We will ask you to confirm your identity, either by sharing links to your profiles on other hosting sites such as Airbnb, or by completing a short document and selfie check through our verification provider. The verification provider captures the document and the selfie directly, and they only tell us whether the check passed or failed and an internal reference. We do not see or store your identity document or your selfie ourselves.

We use your data to take and manage your booking, to talk to you before and during your stay, to send you the arrival details, to confirm your identity for the safety of our homes and our neighbours, to keep proper records of the bookings we have taken, and to meet our legal and tax obligations as a small business in the United Kingdom.

For most of the data we hold we rely on the lawful basis of performance of a contract, because we need that data to take your booking and host your stay. For identity verification we rely on our legitimate interest in protecting our homes, our neighbours and our other guests from harm or misuse, which we have balanced against your right to privacy. For some records, such as financial records, we rely on a legal obligation that requires us to keep them.

We use a small number of trusted service providers to run the website and the booking process. Each of them only sees the data they need to do their job for us, under a written agreement that keeps your data safe.

• Supabase hosts our database, our admin login and the photos that appear on the property pages. Your booking information, your messages and your verification status are stored here. Supabase processes this data in the London region of Amazon Web Services in the United Kingdom.
• Resend sends the booking confirmation email, the recovery email and any other transactional emails we send you. They see your name, your email address and the content of the email.
• Stripe Identity handles the document and selfie part of the identity check, when we ask you to complete one. They capture your identity document and your selfie directly through their own secure flow. They tell us only whether you passed, and a short reference that lets us find the check again if we need to.
• Porkbun hosts our email forwarding for inbound messages sent to our domain. They process the email envelope to route the message to us.
• Netlify hosts the website itself. They keep standard server logs of requests, including IP addresses, for a short period to keep the site secure and available.

We do not sell your personal data and we do not pass it to anyone else for marketing.

Your booking data is stored in the United Kingdom. Some of our service providers, such as Stripe Identity, may process your data in the United States or the European Union under their standard contractual safeguards. We only use providers who commit to a level of protection equivalent to that required by United Kingdom data protection law.

We keep your booking record and the related messages for as long as we need them to run the booking, deal with any after stay questions, and to meet our legal record keeping obligations. For tax and accounting purposes that period is six years from the end of the tax year of your stay. We then delete or anonymise your record. The identity verification result and reference are kept for the same period so that we can answer any later questions about a particular booking. We do not keep your identity document, because we never had it in the first place.

Under United Kingdom data protection law you have the right to ask us what data we hold about you, to ask us to correct anything that is wrong, to ask us to delete your data where we no longer need it, to ask us to restrict how we use it and to object to certain uses. You can exercise any of these rights by emailing us at hello@deluxelondon.com. We will reply within one calendar month.

If we have asked you to give consent for a particular use, you can withdraw that consent at any time without affecting any use we made of the data before you withdrew it.

This website does not set advertising or analytics cookies. We only set the minimum technical cookies that the site needs to work, such as keeping you signed in when you use the admin area. We will tell you on this page if that ever changes.

Our website and our booking flow are aimed at adults. The lead guest on every booking must be at least 21 years old. We do not knowingly collect personal data about children, beyond the number of children and infants travelling with the lead guest, which the lead guest enters when they book.

If you are not happy with how we have handled your personal data, please tell us first by emailing hello@deluxelondon.com so we have the chance to put it right. You also have the right to complain to the United Kingdom data protection regulator, the Information Commissioner's Office, at ico.org.uk or by calling 0303 123 1113.

We may update this notice from time to time, for example when we add a new tool or change how we use an existing one. The version that applies to you is the one published on this page on the day you interact with us. The date below shows when we last updated this page.