Data Protection Notice

Welcome to London Homestays, a division of Home from Home Student Services Ltd, which also includes UK Student Residences and London Study English. We are dedicated to responsibly managing the personal data of our hosts and students in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

We commit to the following principles to ensure the integrity and security of your personal data:

1. Lawful, Fair, and Transparent Processing: We process personal data lawfully, with fairness, and transparency. We clearly inform our hosts and students about the use of their personal data through detailed explanations in our Privacy Policy.

2. Purpose Limitation: Data is collected for well-defined, explicit, and legitimate purposes as stated in our interactions with you, and not further processed in a manner incompatible with those purposes. We retain the flexibility to use this data for archiving in the public interest, or for scientific, historical research, or statistical purposes, where it is necessary and appropriate.

3. Data Minimisation: We ensure that the data collected is adequate, relevant, and limited to what is necessary for the purposes for which it is processed, providing the flexibility to adapt data collection to evolving business needs while ensuring data privacy.

4. Accuracy: Every reasonable step is taken to ensure that personal data is accurate, complete, and kept up-to-date. Inaccurate data is amended or deleted promptly.

5. Storage Limitation: Data is kept in an identifiable form only as long as is necessary for the processing purposes. We provide clear guidelines on data retention periods based on legal and operational requirements and include provisions for extended storage under specific, regulated circumstances.

6. Integrity and Confidentiality: Personal data is processed securely using the most effective technical and organisational measures available, protecting it against unauthorised access, illegal processing, and loss, destruction, or damage.

We uphold the following rights for all individuals under the GDPR:

1. Right to Be Informed: Individuals have the right to clear, accessible information about how we use their personal data.

2. Right of Access: Individuals can access their personal data to verify the lawfulness of the processing.

3. Right to Rectification: Individuals can have inaccurate personal data corrected or completed if it is incomplete.

4. Right to Erasure: Also known as the ‘right to be forgotten,’ individuals can request the deletion or removal of personal data where there is no compelling reason for its continued processing.

5. Right to Restrict Processing: Individuals can ‘block’ or suppress processing of personal data, providing control over how their data is used.

6. Right to Data Portability: Individuals can obtain and reuse their personal data across different services.

7. Right to Object: Individuals have the right to object to processing based on legitimate interests, direct marketing, and processing for research or statistical purposes.

8. Rights in Relation to Automated Decision Making and Profiling: Individuals have protection against decisions based solely on automated processing, including profiling, that has legal or similarly significant effects on them.

We process personal data based on legitimate interests including, but not limited to, operational efficiencies, service enhancement, and security measures. We balance our business interests against your data protection rights ensuring the least impact on your privacy.

Consent is an integral part of how we manage personal data at London Homestays. When hosts apply to join our service, they provide their consent by ticking a box that confirms they have read, understood, and agree to adhere to this Data Protection Notice and our Privacy Policy. This action is a clear affirmative act establishing freely given, specific, informed, and unambiguous consent to process their personal data in line with the stated purposes.

Individuals have the right to withdraw their consent at any time, which they can do by contacting our Data Protection Officer or following the instructions provided in our communications. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. We ensure that the process for withdrawing consent is as straightforward as the process for giving it, maintaining control and ease for our hosts regarding their personal data.

Our Data Controller is responsible for overseeing data protection strategies and implementation to ensure compliance with GDPR requirements. Concerns or questions regarding personal data should be directed to our Data Protection Officer, Steve Horrigan, at s dot horrigan@londonhomestays.com.

This Data Protection Notice is reviewed annually to reflect changes in regulations and internal practices.