CASA FRESA ACCOMMODATION LTD
PRIVACY POLICY
Effective Date: 30 June 2026
1. Introduction
Casa Fresa Accommodation Ltd (“Casa Fresa”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy and handling your personal information in a transparent and secure manner.
This Privacy Policy explains how we collect, use, store, share and protect your personal data when you:
Visit our website at https://casafresa.com;
Make an enquiry or booking with us;
Stay in one of our properties;
Contact us by email, telephone, social media or other communication channels; or
Use any services provided by Casa Fresa.
Casa Fresa Accommodation Ltd acts as the Data Controller of your personal information for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
⸻
2. Data Controller Information
Company Name: Casa Fresa Accommodation Ltd
Registered Office Address: 65 Monifieth Road, Broughty Ferry, Dundee, DD5 2RW, United Kingdom
Company Registration Number: SC518791
Email: contact@casafresa.com
Telephone: 01382 699779
If you have any questions regarding this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.
⸻
3. Personal Information We Collect
The types of personal information we may collect include:
Identity Information
Full name
Date of birth (where required)
Passport or identification information
Government-issued identification documents where required for verification purposes
Contact Information
Email address
Telephone number
Residential address
Emergency contact details
Booking Information
Booking dates
Number of guests
Property booked
Booking preferences
Previous booking history
Special requests and communications
Financial Information
Payment details
Transaction history
Billing information
Security deposit information
Please note that payment card information may be processed directly by our third-party payment providers and may not be stored by Casa Fresa.
Technical Information
IP address
Browser type and version
Device information
Operating system
Time zone settings
Website usage information
Cookie identifiers
Communications Information
Emails
Telephone recordings (where applicable)
Online chat messages
Customer service correspondence
Reviews and feedback
Property Protection Information
CCTV footage where installed
Incident reports
Damage claims information
Fraud prevention information
Chargeback dispute information
Security and verification records
⸻
4. How We Collect Your Information
We collect information:
Directly from you when you make a booking or enquiry.
When you use our website.
Through booking platforms and travel agencies.
From payment providers.
From identity verification providers.
From fraud prevention agencies.
Through cookies and analytics technologies.
Through our property management systems and guest communication systems.
⸻
5. Lawful Bases for Processing
Under UK GDPR, we rely on the following lawful bases:
Performance of a Contract
To:
Manage bookings;
Provide accommodation services;
Process payments;
Communicate regarding your stay.
Legitimate Interests
To:
Improve our services;
Prevent fraud;
Protect our properties;
Recover debts;
Defend legal claims;
Maintain website security;
Analyse website usage.
Legal Obligations
To:
Comply with tax obligations;
Meet regulatory requirements;
Respond to lawful requests from authorities;
Prevent crime and protect public safety.
Consent
To:
Send marketing communications;
Use non-essential cookies;
Process certain optional information.
You may withdraw consent at any time.
⸻
6. How We Use Your Information
We use your information to:
Process and manage bookings.
Confirm reservations.
Facilitate check-in and check-out.
Verify identity.
Communicate with guests.
Process payments and refunds.
Manage customer service requests.
Improve our website and services.
Prevent fraud and unauthorised activity.
Protect our staff, guests and properties.
Enforce our Terms and Conditions.
Handle complaints, disputes and chargebacks.
Meet legal and regulatory obligations.
Send marketing communications where permitted.
⸻
7. Sharing Your Information
We may share your personal information with carefully selected third parties where necessary to provide our services and operate our business effectively.
Booking Platforms
We may receive and share booking information with online travel agencies and booking platforms, including:
Airbnb
Booking.com
Other online travel agencies and booking partners used by Casa Fresa from time to time.
Payment Processing Providers
We use secure third-party payment processors, including:
Stripe.
Payment information submitted through our website or booking systems may be processed directly by these providers. Casa Fresa does not store full payment card details.
Guest Management and Communication Platforms
We use third-party systems to manage reservations, guest communications, digital check-in procedures and identity verification, including:
DUVE.
Information may include guest contact details, booking information, identification information and communications relating to your stay.
Website Analytics and Marketing Providers
We use third-party analytics and advertising services, including:
Google Analytics and other Google services,
to understand how visitors use our website, improve performance and enhance the user experience.
Professional Service Providers
We may also share information with:
IT and cloud hosting providers;
Accountants and auditors;
Professional advisers;
Maintenance contractors;
Insurance providers;
Fraud prevention and security providers.
Legal and Regulatory Authorities
We may disclose information where required by law, court order, regulatory request or where necessary to establish, exercise or defend legal claims.
Business Transfers
If Casa Fresa is sold, merged or reorganised, personal information may be transferred to the new owner.
We require all third parties to respect the security of your personal data and process it in accordance with applicable data protection laws.
⸻
8. International Transfers
Some of the third-party providers we use, including Airbnb, Booking.com, Stripe, DUVE and Google, may process personal information outside the United Kingdom.
Where personal information is transferred internationally, we take appropriate measures to ensure your information remains protected, including:
Reliance on countries that have been recognised as providing an adequate level of protection for personal data;
Entering into International Data Transfer Agreements or approved contractual clauses;
Implementing additional safeguards where required under UK data protection law.
You may contact us if you would like further information regarding the safeguards used when transferring your personal information internationally.
⸻
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies provided by us and third parties, including Google Analytics, to:
Ensure the website functions correctly;
Remember your preferences;
Understand how visitors use our website;
Improve website performance and functionality;
Measure the effectiveness of our marketing activities.
Where required by law, we will obtain your consent before placing non-essential cookies on your device.
You can manage your cookie preferences through our cookie banner or through your browser settings. Disabling certain cookies may affect the functionality of our website.
Further information can be found in our separate Cookie Policy.
⸻
10. Marketing Communications
Where permitted by law, we may send you information about:
Offers;
Discounts;
New properties;
Services that may interest you.
You may opt out of marketing communications at any time by:
Clicking the unsubscribe link in emails; or
Contacting us directly.
Opting out of marketing communications will not affect service-related communications.
⸻
11. Data Security
We implement appropriate technical and organisational measures to protect your information, including:
Secure servers;
Encryption technologies;
Restricted access controls;
Password protection;
Secure payment processing systems;
Staff confidentiality obligations.
Although we take reasonable steps to safeguard your information, no method of transmission over the internet can be guaranteed to be completely secure.
⸻
12. Data Retention
We retain personal information only for as long as necessary.
Typical retention periods may include:
Booking records: six years.
Financial records: six years.
Customer communications: six years.
Marketing records: until consent is withdrawn.
CCTV footage: up to 30 days unless required for an investigation.
Identity verification information: for as long as necessary to comply with legal obligations, prevent fraud, resolve disputes and protect our legitimate business interests.
We may retain information for longer where required by law or for the establishment, exercise or defence of legal claims.
⸻
13. Your Rights
Under UK GDPR, you have the right to:
Request access to your personal information.
Request correction of inaccurate information.
Request deletion of your information.
Request restriction of processing.
Object to processing.
Request data portability.
Withdraw consent where processing is based on consent.
Object to direct marketing.
To exercise your rights, please contact us at:
Email: contact@casafresa.com
Telephone: 01382 699779
⸻
14. Complaints
If you are unhappy with how we handle your personal information, we would appreciate the opportunity to address your concerns first.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Website: https://ico.org.uk
Telephone: 0303 123 1113
⸻
15. Children’s Privacy
Our services are not directed towards individuals under the age of 18.
We do not knowingly collect personal information from children. If we become aware that personal information has been collected from a child without appropriate consent, we will take steps to delete such information.
⸻
16. Third-Party Websites
Our website may contain links to third-party websites.
We are not responsible for the privacy practices or content of external websites. We encourage you to review the privacy policies of those websites before providing any personal information.
⸻
17. Data Breaches
In the event of a personal data breach, we will take appropriate action to contain and investigate the incident and, where required by law, notify the Information Commissioner’s Office and affected individuals.
⸻
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
Any changes will be published on our website and the updated version will take effect immediately upon posting.
We encourage you to review this Policy periodically to stay informed about how we protect your information.
⸻
19. Contact Us
Casa Fresa Accommodation Ltd
65 Monifieth Road
Broughty Ferry
Dundee
DD5 2RW
United Kingdom
Company Registration Number: SC518791
Email: contact@casafresa.com
Telephone: 01382 699779
By using our website and services, you acknowledge that you have read and understood this Privacy Policy.