Privacy Policy

Last updated: Feb 2 2026

At Beyond Stay, accessible via our booking engine hosted at https://vacation.beyondstay.eu/, one of our main priorities is the privacy of our visitors and guests. This Privacy Policy document outlines the types of information that are collected and recorded through our booking engine and explains how we use and protect that information.

This Privacy Policy applies only to online activities and is valid for visitors and guests using our booking engine. It does not apply to information collected offline or through channels other than this website.

1. Consent

By using our booking engine and services, you hereby consent to this Privacy Policy and agree to its terms.

2. Who We Are

Beyond Stay is a vacation rental management company based in Malta, providing short-term accommodation services and guest support.

All bookings, payments, guest communications, and reservation management are processed through Hostaway, a professional vacation rental management software platform used globally.

3. Information We Collect

The personal information you are asked to provide, and the reasons for requesting it, will be made clear at the point of collection.

Information we may collect includes:

  • Full name
  • Email address
  • Phone number
  • Billing and payment information
  • Reservation details (dates, property, number of guests)
  • Government-issued identification where legally required
  • Communication history related to your booking
  • Technical data such as IP address, browser type, and device information

If you contact us directly, we may receive additional information such as the contents of your message, attachments, or other information you choose to provide.

4. How We Use Your Information

We use the information we collect in the following ways:

  • To process and manage reservations
  • To provide guest services and customer support
  • To communicate booking confirmations, updates, and important service messages
  • To comply with legal, regulatory, and tax obligations
  • To prevent fraud and ensure booking security
  • To improve and optimize our booking experience and services
  • To send transactional or service-related emails

We do not sell personal data.

5. Third-Party Processing (Hostaway)

All booking, payment processing, guest messaging, and reservation data are handled securely through Hostaway, a world-class vacation rental management platform.

Hostaway acts as a data processor on our behalf and complies with applicable data protection laws, including GDPR. Your data may be stored or processed on secure servers located within or outside the European Economic Area, with appropriate safeguards in place.

For more information, you may also review Hostaway’s own privacy practices.

6. Log Files

Our booking engine follows a standard procedure of using log files. These files log visitors when they access the website. The information collected may include:

  • Internet Protocol (IP) addresses
  • Browser type
  • Internet Service Provider (ISP)
  • Date and time stamps
  • Referring/exit pages
  • Click activity

These data are not linked to personally identifiable information and are used solely for analytics, security, and website administration.

7. Cookies and Web Beacons

Like many websites, our booking engine uses cookies to store visitor preferences and optimize user experience.

Cookies may be used to:

  • Remember booking selections
  • Improve website functionality
  • Analyze usage patterns

You can choose to disable cookies through your individual browser options.

8. GDPR Data Protection Rights (EU/EEA)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Request erasure of your personal data (under certain conditions)
  • Restrict or object to data processing
  • Request data portability

We will respond to all GDPR-compliant requests within one month.

9. CCPA Privacy Rights (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

  • Request disclosure of the personal data collected
  • Request deletion of personal data
  • Request that personal data not be sold
  • We do not sell personal information. Requests will be responded to within one month.

10. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill booking and contractual obligations
  • Meet legal and regulatory requirements
  • Resolve disputes and enforce agreements

11. Children’s Information

Protecting children’s privacy is important to us. Our services are not intended for children under the age of 13.

We do not knowingly collect personal identifiable information from children under 13. If you believe your child has provided such information, please contact us immediately and we will promptly remove it.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Beyond Stay

📧 Email: info@beyondstay.eu