Privacy Policy

Terms & Conditions
Privacy Policy
Cookie Policy
 
 

Privacy Policy

Effective date: 01 April 2026

1. Introduction

Place Apart Limited (operating as The Gate London City) is committed to protecting your privacy. This privacy policy explains how we collect, use, store and protect your personal data when you visit our website, make a booking, stay with us, receive marketing from us, or otherwise interact with us.

We may update this policy from time to time. The most current version will always be available on our website.

2. Who We Are

Place Apart Limited
(Trading as The Gate London City)
Registered Office: 13–14 Welbeck Street, London, W1G 9XU
Company Number: 12627316
Email: hello@stayatthegate.com

Place Apart Limited is the data controller responsible for your personal data.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters (www.ico.org.uk). We would, however, welcome the opportunity to address your concerns first, so please contact us in the first instance.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity and contact information (name, title, email address, telephone number, postal address)

  • Booking and reservation details (dates of stay, room type, rate, special requests)

  • Payment and billing information (payment card details, billing address, transaction history)

  • Passport or identification details where required by law

  • Health or dietary information, where voluntarily provided, to meet your needs during your stay

  • Preferences and information relating to your stay (room preferences, interests, feedback)

  • Technical and usage data (IP address, browser type, device information, operating system, time zone, website interactions, referring URLs)

  • Marketing and communication preferences (your choices about receiving marketing and your interaction with our marketing communications)

We only collect personal data that is relevant and necessary for the purposes set out in this policy.

4. How We Collect Personal Data

We collect personal data when you:

  • Make a booking or enquiry via our website, by email, by telephone, in person, or through thirdparty booking platforms (such as online travel agents and corporate booking tools)

  • Check in, stay with us or use our services (for example, front desk, housekeeping, bar or restaurant, concierge)

  • Contact us by email, telephone, social media or in person

  • Subscribe to our newsletter or other marketing communications

  • Take part in a survey, promotion or competition

  • Browse our website (including through cookies and similar technologies)

We may also receive personal data about you from third parties, such as booking platforms, travel agents, corporate clients, or marketing partners.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To manage reservations, payments and guest accounts

  • To deliver our accommodation and hospitality services and to manage your stay

  • To respond to enquiries, requests, complaints and provide customer support

  • To tailor and improve your guest experience, including remembering your preferences for future stays

  • To send you marketing communications (such as news, offers and updates) by email, SMS or online where permitted by law and in line with your preferences

  • To create and manage custom and lookalike audiences on advertising platforms (for example Google and Meta) so that we can show ads to guests and to people with similar interests

  • To analyse website usage and improve our website, services and digital experience

  • To measure and improve the effectiveness of our marketing and advertising

  • To prevent and detect fraud and other unlawful activities

  • To comply with our legal and regulatory obligations (including guest registration, financial and tax rules, and health and safety requirements)

We do not sell your personal data.

If you do not provide certain information that we need to fulfil a contract with you or to comply with a legal obligation (for example basic contact details, ID where required by law, or payment information), we may not be able to accept or fulfil your booking or provide the services you have requested.

6. Legal Basis for Processing

We process personal data under the following lawful bases:

Performance of a contract

Where processing is necessary to manage your booking, take payment, provide accommodation and related services, and otherwise perform our contract with you.

Legal obligation

Where we are required to process data to comply with applicable laws (including guest registration, financial and tax regulations, and health and safety obligations).

Legitimate interests

Where processing is necessary for our legitimate interests in operating and improving our business, delivering and enhancing guest services, ensuring network and information security, preventing fraud and abuse, and measuring and improving our marketing performance, provided that such processing does not override your rights and freedoms. We have carried out legitimate interests assessments for these activities where required.

Examples include:

  • Using your stay history and preferences to enhance future stays

  • Analysing how our website and services are used

  • Using data (in a limited and proportionate way) to support online advertising, analytics and audience targeting, including building custom and lookalike audiences on advertising platforms

You can object to processing based on legitimate interests in certain circumstances (see “Your Rights” below).

Consent

We rely on your consent where required by law, including:

  • Certain types of direct marketing communications

  • The use of nonessential cookies and similar technologies (for example, for analytics and advertising)

  • Processing health or dietary information that you voluntarily provide so we can accommodate your needs

Where we rely on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing before your withdrawal.

Direct marketing – lawful basis detail

  • For email or SMS marketing to individuals, we rely on your consent where this is required by law.

  • In some cases we may rely on the “soft optin” under the Privacy and Electronic Communications Regulations (PECR), for example where you have booked with us, we obtained your contact details in the course of that booking, we are marketing our own similar services, and you were given a clear opportunity to opt out at the time and in every subsequent marketing message.

You can opt out of direct marketing at any time by using the “unsubscribe” link in our emails or by contacting us.

Online advertising, profiling and audiences

For online advertising, analytics and audiencebuilding activities (including the creation of custom and lookalike audiences), we rely on our legitimate interests to promote and grow our business, provided that this is proportionate and respects your rights. Where platform tracking technologies or cookies are used for these purposes, we only place nonessential cookies with your consent, which you can manage through our cookie tools.

7. Marketing, Advertising and Lookalike Audiences

Direct Marketing

We will only send you marketing communications (such as email newsletters, promotions or updates) where:

  • You have opted in to receive them; or

  • We are permitted to do so under the “soft optin” rules (for example, you are an existing customer and we are marketing similar services, and you were given a clear opportunity to opt out when we collected your details).

You can unsubscribe at any time using the link provided in our emails or by contacting us. If you opt out of marketing, we may still send you servicerelated messages (for example booking confirmations, important information about your stay, or changes to our terms).

Advertising and Audience Targeting

We may use limited personal data (such as your email address, phone number or device identifiers) to support digital advertising activities, including:

  • Creating “custom audiences” so that we can show ads to our guests or website visitors on thirdparty platforms (for example Google and Meta); and

  • Creating “lookalike” or “similar” audiences so that we can reach other people on those platforms who share similar characteristics or interests.

To do this, we may upload your details in hashed form to these platforms so they can match you to their users and find other people who share similar characteristics. These platforms use the data in accordance with their own privacy policies and user settings. We do not receive personal data back from these platforms, but we may see aggregated reports about the performance of our ads.

Lawful Basis

  • Direct marketing communications rely on consent where required by law, or on “soft optin” where permitted for existing customers.

  • Online advertising, analytics and audience targeting activities (including lookalike audiences) rely on our legitimate interests, provided such processing is proportionate, transparent and balanced against your rights. We have carried out a legitimate interests assessment for these activities. Where cookies or similar technologies are used for these purposes, we will only use them with your consent.

Your Right to Object

You can object at any time to the use of your personal data for direct marketing, including any profiling related to such marketing (for example, building custom or lookalike audiences). If you do so, we will stop using your data for these marketing purposes.

We do not make decisions about you that are solely based on automated processing (including profiling) which produce legal effects concerning you or similarly significantly affect you.

8. Data Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

Access to personal data is restricted to employees, contractors and service providers who require it for legitimate business purposes and who are subject to confidentiality obligations.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting or reporting requirements.

In particular:

  • Booking, invoicing and accounting records are generally retained for up to 7 years to meet tax and accounting requirements.

  • Guest registration records are retained for the periods required by hospitality regulations or local laws.

  • Marketing data (for example your email address and preferences) is retained until you withdraw your consent, object to processing, or we consider it no longer necessary for the purpose collected.

  • Technical and website usage data is retained for periods consistent with our Cookie Policy and the settings of the analytics tools we use.

Where no specific legal retention period applies, we determine the appropriate retention period by considering the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes of processing and whether we can achieve those purposes through other means.

When data is no longer needed, we will securely delete or anonymise it.

10. Sharing Personal Data

We may share personal data with trusted third parties who process data on our behalf (data processors), including providers of:

  • Booking and reservation systems and channel managers

  • Guest communication and CRM platforms

  • Payment processing and fraud prevention services

  • IT, hosting, website and maintenance services

  • Analytics, marketing and advertising tools (for example Google Analytics, Google Ads, Meta platforms) which help us measure and deliver our marketing and advertising

These providers are contractually required to:

  • Process personal data only on our documented instructions

  • Implement appropriate security measures

  • Assist us in meeting our data protection obligations where relevant

In some cases (for example with large advertising platforms), we and the platform may each act as separate or joint controllers for parts of the processing, and you should also read their privacy information.

We may also share data with:

  • Professional advisers (such as lawyers, bankers, auditors and insurers)

  • Law enforcement agencies, courts, regulators or other authorities where required or permitted by law

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or assets, in which case the new owners may use your personal data in the same way as set out in this policy.

We do not allow our thirdparty service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes and in accordance with our instructions.

11. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • The UK International Data Transfer Agreement (IDTA);

  • The UK Addendum to the EU Standard Contractual Clauses; or

  • An adequacy decision by the UK government in respect of the destination country.

You can contact us if you would like more information about the specific safeguards in place for data transfers, or to request a copy where appropriate.

12. Cookies

Our website uses cookies and similar technologies to:

  • Make the site work and enable basic functions

  • Remember your preferences

  • Analyse how our website is used

  • Support advertising and marketing activities

Nonessential cookies (including those used for analytics and advertising, and for building custom or lookalike audiences) are only used with your consent. You can manage your cookie preferences via your browser settings or our cookie management tools, and you can withdraw your consent at any time.

Further information, including a description of the cookies we use and their purposes, is available in our Cookie Policy.

13. Your Rights

Under UK data protection law, you have the right to:

  • Access your personal data and receive a copy

  • Request correction of inaccurate or incomplete data

  • Request erasure of your personal data, where there is no good reason for us to continue processing it (subject to legal obligations)

  • Request restriction of processing of your personal data in certain circumstances

  • Object to processing based on our legitimate interests, where you feel it impacts your fundamental rights and freedoms

  • Request the transfer of your personal data to you or a third party (data portability), where this is technically feasible and the processing is based on consent or contract and carried out by automated means

  • Withdraw consent at any time where we are relying on consent to process your personal data

You always have the right to object at any time to the processing of your personal data for direct marketing, including any profiling related to direct marketing (such as creating custom or lookalike audiences). If you object, we will stop processing your personal data for these purposes.

To exercise any of your rights, please contact us at: hello@stayatthegate.com

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Some rights are subject to legal limitations or may not apply in certain circumstances. We will explain any such limitations in our response to your request.

14. ThirdParty Links

Our website may contain links to thirdparty websites, plugins or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the privacy practices or the content of thirdparty websites. We encourage you to read the privacy policies of every website you visit.

15. Changes to This Policy

This policy is effective from 01 April 2026.

We may update this policy from time to time, for example to reflect changes in our practices or legal requirements. Any updates will be published on this page, and where appropriate we will notify you by email or by a notice on our website.