Privacy Policy

Privacy Policy – CorePro Living Ltd

Effective Date: April 2026
Last Reviewed: April 2026
Website: www.coreproliving.co.uk

1. Who We Are

CorePro Living Ltd (“we”, “us”, “our”) is a property management and serviced accommodation provider operating in the United Kingdom.

CorePro Living Ltd is the primary data controller for personal data processed in connection with its services.

CorePro Living Ltd operates as part of the wider CorePro group of companies, which may include CorePro Ltd and other associated entities involved in property management, development, and related services.

Where personal data is processed by or shared with other CorePro group entities, each entity will act as a data controller or processor as appropriate, depending on the nature of the service provided.

All CorePro group entities process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Company Details:

CorePro Living Ltd
Registered in England and Wales
Company Number: 17080803

Email: info@coreproliving.co.uk
Privacy Contact: privacy@coreproliving.co.uk
Website: www.coreproliving.co.uk

ICO Registration Number: [Insert ZB/Z number — check or register at ico.org.uk/registration]

For all data protection queries and rights requests, please use: privacy@coreproliving.co.uk

2. What Personal Data We Collect

We may collect and process the following categories of personal data depending on your relationship with us:

a) Landlords and Property Owners

Full name and contact details (email, phone number, address)
Property details and documentation
Financial and payment information (bank details, invoices)
Communication records and correspondence

b) Guests and Booking Clients

Full name and contact details
Booking details, stay dates, and number of guests
Government-issued identification (passport or driving licence — see Section 5)
Payment details (processed securely via third-party providers — we do not store card data)

c) Website Users

IP address and approximate location
Device and browser information
Website usage data collected via cookies and analytics tools (see Section 11)

d) Enquirers and Contacts

Name, email address, and any personal data included in your message to us

3. How We Use Your Data

We use your personal data for the following purposes:

Managing landlord and property owner agreements
Handling and administering guest bookings and stays
Guest identity verification and security checks
Communicating with you about your enquiry, booking, or service
Processing payments and issuing invoices and receipts
Complying with legal, regulatory, tax, and insurance obligations
Preventing fraud, unauthorised access, and misuse of properties
Protecting our properties, landlords, guests, and neighbours
Improving our website, services, and customer experience
Sending marketing communications (where you have consented)
This may include sharing relevant information within the CorePro group where required to deliver services efficiently and effectively.

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR Article 6:

Lawful Basis	When We Rely on It
Contractual Necessity (Art. 6(1)(b))	To deliver our property management and booking services to landlords and guests
Legal Obligation (Art. 6(1)(c))	To comply with tax, anti-money laundering, insurance, and regulatory requirements
Legitimate Interests (Art. 6(1)(f))	To operate and secure our business, prevent fraud, protect properties, and improve our services
Consent (Art. 6(1)(a))	For marketing communications and certain cookies — you may withdraw consent at any time (see Section 10 and 11)

Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may request a copy of our Legitimate Interests Assessment by contacting privacy@coreproliving.co.uk.

Where personal data is collected via third-party booking platforms, those platforms may also act as independent data controllers for certain processing activities.

Our legitimate interests include protecting properties from damage, preventing fraudulent bookings, and ensuring the safety of guests, landlords, and neighbours.

5. Guest Verification and Identification

To protect our properties, landlords, neighbours, and other guests, we require guests to provide identification prior to or at check-in.

What we may collect:

Government-issued photographic ID (passport or driving licence)
Booking confirmation and contact verification details

Why we collect it:

To verify the identity of guests making bookings
To prevent fraud and unauthorised or subletting use of properties
To comply with our insurance requirements
To ensure the safety and responsible use of our properties

How we store it:

Stored securely with restricted access on a need-to-know basis
Not shared beyond what is necessary for the above purposes
We do not use identification data for automated decision-making or profiling

How long we keep it:

Scenario	Retention Period
Standard completed stay (no dispute)	3 months after checkout
Where a dispute, damage claim, or legal matter arises	For the duration of the matter plus 6 years
Where required by insurance or regulatory obligation	As specified by the relevant obligation

Identification data is securely deleted or anonymised at the end of the applicable retention period.

6. Sharing Your Data

We do not sell, rent, or trade your personal data. We may share it only where necessary with the following categories of recipients:

Booking platforms — such as Airbnb and Booking.com, where bookings are made through those platforms. Please note these platforms operate as independent data controllers and have their own privacy policies governing data they collect directly.
Payment processors — such as Stripe or similar providers, who process payments on our behalf as data processors under contract.
Professional advisers — including solicitors, accountants, and insurers, under confidentiality obligations.
Maintenance and service contractors — only where access to your data is necessary to deliver the service (e.g. coordinating a repair during your stay).
Regulatory authorities and law enforcement — where we are legally required or permitted to disclose information.
We may share personal data within the CorePro group of companies where necessary for operational, administrative, or service delivery purposes, in accordance with applicable data protection laws.

All third-party processors are required to process your data only on our instructions and in accordance with applicable data protection law. We are not responsible for how third-party platforms process personal data collected directly through their systems.

7. International Data Transfers

Some of our third-party platforms and service providers may store or process data outside the United Kingdom. For example:

Airbnb — headquartered in the USA; transfers covered by UK adequacy or Standard Contractual Clauses
Booking.com — headquartered in the Netherlands (EEA); transfers subject to equivalent protections
Google (Analytics/Workspace) — USA-based; transfers covered by UK-US data bridge or Standard Contractual Clauses

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

UK-approved Standard Contractual Clauses (SCCs)
Transfers to countries with UK adequacy decisions
Participation in the UK-US Data Bridge (where applicable)

You may request further information about international transfer safeguards by contacting privacy@coreproliving.co.uk.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

Encrypted storage and secure systems
Restricted access controls on a need-to-know basis
Use of reputable, security-certified third-party platforms
Two-factor authentication on business accounts
Regular review of our security practices

However, no method of transmission over the internet is completely secure. While we take all reasonable precautions, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours where required and affected individuals without undue delay, in accordance with applicable law.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

Data Type	Retention Period
Booking and financial records	6 years from the date of the booking/transaction (legal and tax obligations)
Landlord agreement data	Duration of the agreement plus 6 years
Guest identification documents	3 months post-stay (or longer if a dispute or legal matter is active — see Section 5)
Marketing consent records	Until consent is withdrawn, plus 1 year
General correspondence and enquiries	2 years from last contact
Website analytics data	As configured in our analytics platform (typically 26 months)

At the end of the applicable retention period, data is securely deleted or anonymised.

10. Marketing Communications

We may contact you with relevant updates, service information, or promotional content where you have given your consent, or where we have a legitimate interest in doing so (e.g. existing customers receiving relevant service updates).

Your choices:

You may opt out at any time by clicking “unsubscribe” in any marketing email
You may contact us directly at privacy@coreproliving.co.uk to opt out
Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal
Opting out of marketing will not affect your ability to receive transactional or service-related communications

We do not send marketing communications to individuals who have not consented, in accordance with the Privacy and Electronic Communications Regulations (PECR).

11. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device that help us operate and improve our website.

We use the following types of cookies:

Cookie Type	Purpose	Basis
Strictly necessary	Essential for the website to function (e.g. session management)	No consent required
Analytics/performance	Understanding how visitors use our site (e.g. Google Analytics)	Consent
Functional	Remembering your preferences	Consent
Marketing/targeting	Delivering relevant advertising (if applicable)	Consent

When you first visit our website, a cookie consent banner will ask for your preferences. You can change your cookie settings at any time through our cookie preference centre or your browser settings.

For a full list of cookies we use, their purpose, and their duration, please see our Cookie Policy at [www.coreproliving.co.uk/cookies].

12. Children’s Data

Our services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from children.

If you believe that a child under 18 has provided us with personal data without appropriate consent, please contact us at privacy@coreproliving.co.uk and we will promptly investigate and delete the data where confirmed.

13. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right	What It Means
Right of Access	Request a copy of the personal data we hold about you (Subject Access Request)
Right to Rectification	Ask us to correct inaccurate or incomplete data
Right to Erasure	Ask us to delete your data, subject to certain legal conditions
Right to Restrict Processing	Ask us to pause or limit how we use your data
Right to Data Portability	Receive your data in a structured, machine-readable format (where applicable)
Right to Object	Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent	Withdraw any consent you have given at any time, without affecting prior processing
Rights re. Automated Decisions	Not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact:

Email: privacy@coreproliving.co.uk
Post: 54 Cicero Crescent, Milton keynes, Mk11 4AU

We will respond to all valid requests within one calendar month. This period may be extended by a further two months for complex or multiple requests, in which case we will notify you. We will not charge a fee for reasonable requests. We may ask you to verify your identity before processing your request.

14. Automated Decision-Making and Profiling

We do not use your personal data for solely automated decision-making or profiling that produces legal or similarly significant effects on you.

15. Third-Party Links

Our website may contain links to third-party websites, booking platforms, or services. We are not responsible for the privacy practices, content, or security of those third-party sites. We encourage you to read their privacy policies before providing any personal data.

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we do:

The updated version will be published on our website with a new effective date and version number
For significant changes, we will notify affected individuals by email where appropriate

The current version of this policy is always available at www.coreproliving.co.uk/privacy-policy.

17. Complaints

If you have a concern about how we handle your personal data, we ask that you contact us in the first instance so we can try to resolve the matter:

Email: privacy@coreproliving.co.uk

If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
Report a concern: ico.org.uk/make-a-complaint

CorePro Living Ltd— April 2026
Registered in England and Wales

This policy is reviewed regularly to ensure ongoing compliance with applicable data protection laws and industry best practices.