Properties Offers Services About Journal The Circle Enquire
Legal

Privacy
Policy

Privacy Policy Terms & Conditions Cookie Policy

Last updated: 6 May 2025 · Drift Collective (sole trader) · Sandbanks, Poole, Dorset

This policy explains how Drift Collective collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully. By using our website or services, you acknowledge this policy.

1. Who We Are

Drift Collective is a sole trader business operating as a luxury holiday property management and concierge service based in Sandbanks, Poole, Dorset.

Data Controller: Drift Collective
Address: Sandbanks, Poole, Dorset
Email: hello@driftcollective.co.uk

As the data controller, Drift Collective determines how and why your personal data is processed. If you have any questions about this policy or your data, please contact us at the email above.

2. What Data We Collect

We collect personal data in the following ways:

Data you provide directly

  • Name, email address, telephone number when you submit an enquiry form
  • Preferred dates, group size, and property preferences when making a booking enquiry
  • Payment information when completing a booking (processed securely via third-party payment providers — we do not store card details)
  • Property address and details if you enquire about owner management services
  • Membership information if you join The Drift Circle
  • Any additional information you choose to provide in correspondence

Data collected automatically

  • IP address and browser type via standard web server logs
  • Pages visited, time on site, and referral source via analytics cookies (where you have consented)
  • Device type and operating system

Data from third parties

  • We may receive data about you from booking platforms (e.g. Airbnb, Booking.com) if you contact us through those services

3. How We Use Your Data

We use your personal data only for the purposes for which it was collected or for compatible purposes. Specifically:

To fulfil a contract or take pre-contractual steps

  • Processing booking enquiries and confirming reservations
  • Managing your stay, including check-in arrangements and concierge services
  • Administering owner management agreements
  • Managing Drift Circle membership

For our legitimate interests

  • Responding to enquiries and communications
  • Improving our website and services based on usage patterns
  • Fraud prevention and security
  • Maintaining internal business records

With your consent

  • Sending marketing emails or newsletters (you may withdraw consent at any time)
  • Placing non-essential cookies on your device

To comply with legal obligations

  • HMRC and tax record-keeping requirements
  • Responding to lawful requests from authorities

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract (Article 6(1)(b)): Processing necessary to perform a contract with you or take steps at your request before entering a contract
  • Legitimate interests (Article 6(1)(f)): Where we have a genuine business reason that does not override your rights
  • Consent (Article 6(1)(a)): Where you have given clear consent, such as for marketing communications or analytics cookies
  • Legal obligation (Article 6(1)(c)): Where processing is required by law

5. Data Sharing

We do not sell your personal data. We share it only in the following circumstances:

  • Service providers: Third parties who help us deliver our services (e.g. payment processors, email delivery services, booking platforms). These parties process data only on our instructions and are bound by data processing agreements.
  • Property owners: Where necessary to manage a booking, we may share relevant booking details (name, arrival date, group size) with the property owner. We do not share financial information.
  • Legal requirements: Where required by law, regulation, or court order.
  • Business transfer: If Drift Collective is sold or transferred, customer data may form part of that transfer. We will notify you if this occurs.

All third-party processors we use are either based in the UK, the EEA, or in countries with an adequacy decision from the UK ICO.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following:

  • Booking records: 7 years from the date of the booking (HMRC requirement)
  • Enquiry records (no booking made): 12 months from last contact
  • Marketing consent records: Until you withdraw consent, plus 12 months
  • Membership records: Duration of membership plus 3 years
  • Website analytics data: Up to 26 months (Google Analytics default, where applicable)

After these periods, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Ask us to correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data where there is no legitimate reason for us to continue processing it
  • Right to restrict processing: Ask us to limit how we use your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Rights relating to automated decision-making: We do not use automated decision-making or profiling

To exercise any of these rights, contact us at hello@driftcollective.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk or call 0303 123 1113.

8. Cookies

We use cookies on this website. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include:

  • HTTPS encryption on all web pages
  • Secure third-party payment processing (we never store card numbers)
  • Access controls limiting who can access personal data internally
  • Regular review of our data handling practices

No method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email where we hold your contact details, or by posting a prominent notice on our website. The date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact:

Drift Collective
Sandbanks, Poole, Dorset
hello@driftcollective.co.uk