1. Introduction
Welcome to hovista.co.uk ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, hovista.co.uk, or use our services.
Hovista Hospitality Advisory, registered in England and Wales, is the data controller responsible for your personal data.
2. Information We Collect
We may collect and process the following types of personal data about you:
- Identity Data: First name, last name, username, or similar identifier.
- Contact Data: Billing address, delivery address, email address, and telephone numbers.
- Financial Data: Payment card details (processed securely via our third-party payment gateways; we do not store full card details).
- Transaction Data: Details about payments to and from you and other details of products or services you have purchased from us.
- Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: Information about how you use our website, products, and services.
- Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.
3. How We Collect Your Data
We use different methods to collect data from and about you, including through:
- Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or corresponding with us by post, phone, email, or otherwise — for example, when you create an account, request a consultation, subscribe to a newsletter, or engage our services.
- Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns using cookies, server logs, and other similar technologies.
- Third Parties: We may receive personal data about you from analytics providers, advertising networks, and search information providers.
4. How We Use Your Information (and Our Legal Basis)
Under UK GDPR, we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
| Purpose / Activity | Type of Data | Lawful Basis |
|---|---|---|
| To register you as a new client | Identity, Contact | Performance of a contract with you |
| To process and deliver our services, manage payments, and collect money owed | Identity, Contact, Financial, Transaction | Performance of a contract; Legitimate interests (to recover debts) |
| To manage our relationship with you, including notifying you about changes to our terms or privacy policy | Identity, Contact, Marketing | Performance of a contract; Legal obligation |
| To administer and protect our business and website, including troubleshooting, data analysis, and hosting | Identity, Contact, Technical | Legitimate interests (running our business, network security); Legal obligation |
| To deliver relevant website content, marketing communications, and service information | Identity, Contact, Usage, Technical | Consent; Legitimate interests (to develop our services and grow our business) |
| To provide consultancy services involving client property data, staff records, and operational information | Identity, Contact, Transaction, and client-specific operational data | Performance of a contract; Legitimate interests (to deliver contracted services) |
5. Sharing Your Data
We may share your personal data with the following third parties for the purposes set out in Section 4:
- Service Providers: IT and system administration services, payment processors, email marketing platforms, and cloud hosting providers.
- Professional Advisers: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
- AI and Technology Platforms: In the course of delivering our consultancy services, we may use AI-powered tools to assist with analysis, reporting, and recommendations. Any client data processed through these tools is handled in accordance with this Privacy Policy and our contractual obligations. We do not share identifiable client data with AI platforms for their own training purposes.
- HM Revenue & Customs, regulators, and other authorities based in the UK who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. International Transfers
Some of our external service providers (such as cloud hosting and AI platforms) may be based outside the United Kingdom. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (International Data Transfer Agreements or Addendums).
7. Data Security and Retention
Security: We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Retention: We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. By law, we are required to keep basic information about our clients (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being clients for tax purposes.
Client Engagement Data: Operational data generated during consultancy engagements — including property assessments, financial analyses, staff records, and technology audit reports — is retained for the duration of the engagement plus 12 months, unless a longer retention period is agreed in the engagement contract. Upon expiry of the retention period, all client-specific data is securely deleted or anonymised.
8. Your Data Protection Rights
Under UK data protection laws, you have rights relating to your personal data, including the right to:
- Request access to your personal data (commonly known as a "data subject access request").
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data.
- Object to processing of your personal data where we are relying on a legitimate interest.
- Request restriction of processing of your personal data.
- Request the transfer of your personal data to you or a third party (Data Portability).
- Withdraw consent at any time where we are relying on consent to process your personal data.
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you wish to exercise any of the rights set out above, please contact us using the details in Section 10.
9. Cookies
Our website uses cookies and similar tracking technologies to distinguish you from other users. This helps us provide you with a good experience when you browse our website and also allows us to improve our site.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
We use the following types of cookies:
- Strictly Necessary Cookies: These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas.
- Analytical or Performance Cookies: These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us improve the way our website works.
- Functionality Cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences.
10. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
- Business Name: Hovista Hospitality Advisory
- Email: privacy@hovista.co.uk
- Website: www.hovista.co.uk
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.