Privacy Policy

Boyd’s Hotel Reviews (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website, apply to be a mystery guest, or engage with our services.

We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

1. Who We Are

Boyd’s Hotel Reviews provides mystery guest services for hotels. We operate as a data controller when collecting and processing personal data.

If you have questions about this Privacy Policy or how your data is handled, please contact us via the contact form on our website.

2. What Data We Collect

We may collect and process the following types of personal data:

Identity Data: Name, date of birth, gender.

Contact Data: Email address, phone number, postal address.

Application Data (Mystery Guests): Work/education history (if relevant), writing samples, preferences, availability.

Hotel Client Data: Business name, job title, billing information.

Usage Data: Information on how you use our website (cookies, analytics, IP address).

Financial Data: Bank details for payments (mystery guests), billing details (clients).

We do not knowingly collect personal data from children under 18.

3. How We Use Your Data

We use your personal data to:

Provide services to hotel clients.

Process and evaluate mystery guest applications.

Arrange bookings and assignments for mystery guests.

Communicate with clients and guests about assignments, reports, or enquiries.

Process payments for services and assignments.

Improve our website, services, and user experience.

Comply with legal obligations.

We will only process your personal data where we have a lawful basis under data protection law (e.g., performance of a contract, legitimate interests, consent, legal obligation).

4. Sharing Your Data

We only share personal data when necessary and with appropriate safeguards. This may include:

Hotels: Limited mystery guest details may be shared for booking purposes (e.g., name for reservation).

Service Providers: IT, payment processing, and administrative support services under contract.

Legal Authorities: If required to comply with the law or enforce our rights.

We do not sell or rent personal data to third parties.

5. International Transfers

If we transfer data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or UK adequacy regulations).

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal requirements.

Mystery guest applications: retained for up to 2 years if not selected.

Reports and assignments: retained for 6 years for record-keeping.

Client data: retained as long as the contract is active and up to 6 years thereafter.

7. Your Rights

Under UK and EU GDPR, you have the following rights:

Right to access your personal data.

Right to rectify inaccurate or incomplete data.

Right to erase data (“right to be forgotten”).

Right to restrict processing.

Right to data portability.

Right to object to processing (including marketing).

Right to withdraw consent (where applicable).

To exercise these rights, contact us using the contact form on our website.

8. Cookies and Tracking

We use cookies and similar technologies to improve site performance and analyse usage. You can control cookies through your browser settings.

9. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

10. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.