Privacy Policy

KDH Group Ltd respects your privacy and is committed to protecting the personal information you share with us. This policy explains how we collect, use, store and protect your data when you engage with our concierge services or visit this website.

Who we are

This website is operated by KDH Group Ltd, a private limited company registered in England and Wales under company number 16538248, with its registered office at 85 Great Portland Street, First Floor, London W1W 7LT, United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) and the Data Protection Act 2018, KDH Group Ltd is the "data controller" of the personal data we hold about you.

What information we collect

We collect personal information that is necessary to deliver our concierge services and to operate our business. Depending on how you interact with us, this may include:

Information you provide to us directly

• Identity details such as your full name, date of birth, nationality and passport information (where required for travel bookings)
• Contact details including postal address, email address, telephone and WhatsApp numbers
• Payment and billing information including card details, bank details and billing address
• Travel and lifestyle preferences such as dietary requirements, preferred airlines and seating, accommodation preferences, and special requests
• Names, ages and relevant details of family members or guests travelling with you, where you choose to provide them
• Correspondence with our team, including by email, phone, WhatsApp, and through any forms on this website

Information we collect automatically

• Technical information such as IP address, device type, browser version, and operating system
• Usage information about how you navigate our website, including pages visited and time spent
• Cookie and similar technology data, as detailed in our Cookie Policy

Information from third parties

• Information from our partner suppliers (hotels, airlines, villa owners, yacht operators) confirming the status of your bookings
• Publicly available information used for verification, fraud prevention, or to provide tailored recommendations
• Referrals from existing clients, where they have shared your contact details with your knowledge

How we use your information

We process your personal data only where we have a lawful basis to do so under UK and EU data protection law. The bases on which we rely include:

• Contractual necessity — to enter into and perform the services you have requested, including booking villas, yachts, jets, hotels, restaurants, event access and related arrangements
• Legitimate interests — to operate, improve and market our business, to communicate with you about your bookings, to maintain the security of our systems, and to keep our concierge service quality at the standard our clients expect
• Legal obligation — to comply with UK and international laws applicable to our business, including anti-money-laundering, tax, accounting, and counter-fraud requirements
• Consent — where you have explicitly agreed, for example to receive marketing communications, or where you provide us with special category data (such as health information relevant to a booking)

Who we share your information with

To deliver the services you request, we need to share certain information with carefully selected partners and suppliers. We share only what is strictly necessary and require all partners to maintain appropriate confidentiality and data protection standards. Recipients may include:

• Hotels, villas, yacht operators, private jet and helicopter operators, chauffeur companies and other travel suppliers fulfilling your bookings
• Event venues, ticketing partners and hospitality providers for the events you attend through us
• Restaurants, members' clubs and lifestyle partners arranging reservations or experiences on your behalf
• Payment processors and banks for the secure handling of payments
• Professional advisers including accountants, auditors, insurers and lawyers
• Technology providers who host our systems, manage our communications and provide IT support, under written data-processing agreements
• Law enforcement, regulators and government authorities where required by law

International data transfers

Because our clientele and partners are located worldwide, your personal data may be transferred to, stored in, and processed in countries outside the United Kingdom and European Economic Area, including the United States, the United Arab Emirates, and various European, Caribbean and Asian destinations where our travel partners operate.

Where we transfer your data outside the UK or EEA, we ensure an appropriate level of protection by relying on one or more of the following safeguards:

• Transfers to countries that the UK government or European Commission has determined to provide an adequate level of data protection ("adequacy decisions")
• Standard Contractual Clauses approved by the UK Information Commissioner's Office or the European Commission, which contractually require recipients to protect your data to UK/EU standards
• Your explicit consent, where this is the appropriate legal basis

How long we keep your information

We retain your personal data only for as long as is necessary for the purposes for which it was collected, including to meet any legal, tax, accounting or regulatory requirements. In general:

• Active client records are retained for the duration of our relationship with you
• Records of past bookings and transactions are retained for a minimum of seven years following the end of the relevant tax year, as required by HMRC and UK accounting standards
• Marketing-related data is retained only while you remain subscribed, plus a short period thereafter to evidence consent
• Website analytics and cookie data are retained for the periods stated in our Cookie Policy

When personal data is no longer needed, we securely delete or anonymise it.

Your rights

Under UK GDPR, EU GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to ask us to correct any inaccurate or incomplete data
• Right to erasure — to ask us to delete your personal data, subject to certain legal exceptions
• Right to restrict processing — to ask us to limit how we use your data in certain circumstances
• Right to data portability — to receive a copy of your data in a structured, commonly used format
• Right to object — to object to certain types of processing, including direct marketing
• Right to withdraw consent — where we rely on your consent, you can withdraw it at any time
• Right to lodge a complaint — with the UK Information Commissioner's Office (ico.org.uk) or your local EU data protection authority

To exercise any of these rights, please contact us using the details below. We will respond within one month of receiving your request, as required by law.

How we protect your information

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures designed to protect it against unauthorised access, loss, misuse and disclosure. These include:

• Encryption of data in transit using industry-standard protocols (HTTPS / TLS)
• Restricted access to personal data on a strict need-to-know basis among our staff
• Written confidentiality and data-protection agreements with all employees, contractors and suppliers
• Regular review of our information security practices

No method of transmission over the internet is entirely secure. Where you provide us with information, you do so at your own risk; however, we will use all reasonable efforts to ensure your data is protected.

Cookies

This website uses a limited number of cookies and similar technologies to operate properly and to understand how visitors use the site. The categories of cookie we may use include:

• Strictly necessary cookies that enable the website to function
• Performance and analytics cookies that help us understand how the site is used (set only with your consent where required)
• Functionality cookies that remember your preferences

You may control or block cookies through your browser settings. Please note that blocking certain cookies may affect your experience of this website.

Marketing communications

We may, from time to time, send you communications about our services, exclusive events and lifestyle opportunities we believe will interest you. We will only do so where you have given your consent or where it is otherwise permitted by law.

You can unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us directly.

Children's data

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children. Where children are travelling with our clients, we collect only the minimum information necessary to make travel arrangements (such as names and ages for flight or hotel bookings), and we hold this information under the parent's or guardian's authority.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this page will always show when it was most recently revised. For material changes, we will provide additional notice, including by email where appropriate.