Back

Privacy policy

1. Introduction

Kepler Hotel Group Limited ("Kepler Hotel Group", "we" or "us") is committed to protecting your privacy and handling your personal data responsibly. This notice explains what personal data we collect when you visit staykepler.com, why we collect it, and what we do with it.
It applies to anyone who visits our website, signs up to receive updates, or requests information about investment opportunities, including access to the investor portal. It does not form part of any contract and may be updated from time to time.

2. Who can I contact?

We are Kepler Hotel Group Limited (company number (14649409), an integrated hospitality platform. Responsible for this website:
Kepler Hotel Group Limited
9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN
info@staykepler.com
You can reach our data protection contact via the details above. Please contact us any time if you have questions about your personal data, its deletion, or your rights. You also have the right to lodge a complaint with the Information
Commissioner’s Office (ICO) at www.ico.org.uk. We would appreciate the opportunity to address your concerns first.

3. What are my rights?

You can contact us at any time to exercise any of the following rights:

  • Right to withdraw consent (Art. 7 GDPR) — e.g. if you wish to cancel a newsletter subscription you previously agreed to
  • Right of access (Art. 15 GDPR) — to find out what personal data we hold about you
  • Right to rectification (Art. 16 GDPR) — e.g. if your email address has changed and we should update our records
  • Right to erasure (Art. 17 GDPR) — to ask us to delete data we hold about you
  • Right to restriction of processing (Art. 18 GDPR) — e.g. to ask us not to delete your email but to limit how we use it
  • Right to data portability (Art. 20 GDPR) — to receive your data in a structured, machine-readable format
  • Right to object (Art. 21 GDPR) — e.g. if you do not agree with any analytics or marketing procedures described in this notice
  • Right to complain to the supervisory authority (Art. 77 GDPR) — you may contact the ICO directly at www.ico.org.uk

4. Deletion of data and retention periods

Unless stated otherwise, we delete your data as soon as it is no longer needed, for example, your email address when you unsubscribe from our newsletter.
Data will also be blocked or deleted when a legally required retention period expires, unless continued storage is necessary for a contractual obligation. Some data may need to be retained for longer periods under applicable law. You may request information about stored data at any time.

  • Newsletter subscribers: until you unsubscribe or withdraw consent
  • Investor portal enquiries: for the duration of the relationship, plus up to 6 years (in line with applicable financial regulation and limitation periods)
  • Contact form submissions: up to 2 years from the date of enquiry
  • Technical server logs: anonymised or deleted within 7 days of collection

5. Visiting our website

If you simply browse our website without signing up or submitting a form, we do not collect any personal data, with the exception of the data your browser automatically transmits to enable the connection. This may include:

  • IP address
  • Approximate location based on IP range (e.g. “London, UK”)
  • Internet provider
  • Browser type and version (e.g. Chrome or Safari)
  • Operating system (e.g. macOS)
  • Date and time of visit
  • Previously visited website (referral source)

This data is required to display the website correctly and to identify and resolve any technical errors. As a safeguard, we anonymise or delete your IP address after your visit. The remaining technical data can no longer be traced back to you and is used only for anonymous, statistical purposes to improve our website. The legal basis is legitimate interest under Art. 6(1)(f) GDPR.

6. Cookies

This website uses only the cookies it needs to work. They handle nothing more than basic session security and form functionality. No tracking, no advertising, no consent required.

7. Website analytics

We use a cookieless, privacy-first analytics tool to understand how visitors use our website. This tool collects only aggregate, anonymous data, including:

  • Country or region of visitor (derived from anonymised IP, not stored)
  • Referral source (e.g. search engine, direct link, social media)
  • Time spent on the page
  • Number of visits over time

No personal data is collected. No cookies are set. No consent banner is required. Your IP address is never stored. The data cannot be traced back to you as an individual.
The analytics provider is EU-based and processes data in accordance with GDPR. The legal basis is legitimate interest under Art. 6(1)(f) GDPR, as the data is anonymous and no personal data is involved.

8. Newsletter sign-up

If you sign up to receive updates from Kepler Hotel Group, we will store your email address and use it to send you news and information about our activities.
We will store your email address until you unsubscribe. Every newsletter email we send includes an unsubscribe link. You may also withdraw consent at any time by contacting us directly.

9. Investor portal access requests

If you request access to our password-protected investor area, we will use your details solely to assess that request and, where appropriate, to issue access credentials. Your information will not be used for any other purpose without your explicit consent.
We may ask for confirmation of your professional or investor status as part of this process. Any information you provide will be handled in accordance with this notice. The legal basis is legitimate interest under Art. 6(1)(f) GDPR.

10. Who we share your data with

We do not sell your personal data. We share it only in the following circumstances:

  • Service providers: we use trusted third-party providers (website hosting, newsletter delivery, cookieless analytics). These providers act as data processors under written agreements and may not use your data for their own purposes.
  • Legal compliance: where required by law, regulatory authority or court order.
  • Business transfer: in the event of a merger, acquisition or sale of assets, your data may be transferred subject to appropriate confidentiality arrangements.

11. International data transfers

Kepler Hotel Group is a UK-based entity. Where any service provider is based outside the UK/EEA, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements or Standard Contractual Clauses.

12. Security of processing

We implement state-of-the-art security standards to protect information both during transmission and after receipt. This includes:

  • Encrypted transmission (HTTPS/TLS) across all website pages
  • Access controls restricting data access on a need-to-know basis
  • Use of reputable, security-vetted third-party processors

No method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security, but all information you provide is stored on secure servers and handled with appropriate care.

13. Third-party links

Our website may contain links to third-party sites. We are not responsible for their privacy practices and encourage you to read their privacy notices separately.

14. Changes to this notice

We may update this notice from time to time. The date at the top reflects the most recent revision. Where changes are material, we will take reasonable steps to notify you, for example, via a notice on our website or by email to subscribers.