Privacy policy.
In effect from 1 May 2026. Plain-English notes alongside the legal text where it helps. The short version: we collect what we need to run a booking, we don't sell your data, and we delete it when you ask us to.
Last updated 3 May 2026
1. Introduction
Halford & Hart Limited ("we", "us", "our") is a company registered in England and Wales (company number 14829002) with its registered office at The Northern Quarter, Manchester M4 1HW. We are the data controller for personal information collected through billal.travel and our member services.
We are registered with the UK Information Commissioner's Office under registration number ZB512447. This policy explains what we do with your personal data, why we do it, and how to exercise your rights under the UK General Data Protection Regulation and the Data Protection Act 2018.
2. What we collect
We collect personal data in three categories:
- Account data: name, email address, phone number, password (hashed), tier and rewards balance, marketing preferences.
- Booking data: guest names, travel dates, special requests, accessibility needs, dietary requirements, payment method (tokenised — we never see your card number), invoicing address.
- Usage data: pages visited, search queries, device type, anonymised IP address, broad geographic location. Collected via privacy-first analytics (Plausible) and, for paid attribution measurement only, anonymised Google Analytics.
We do not collect biometric data, political views, religious beliefs, or any other special-category data. We do not buy data from third-party data brokers.
3. Why we collect it
The legal bases for our processing are:
- Performance of contract — booking data is processed to deliver the travel service you've booked.
- Legitimate interest — fraud prevention, security monitoring, and improving the product based on aggregated usage data.
- Consent — marketing communications, optional cookies, and any processing that is not strictly necessary for the service.
- Legal obligation — accounting, tax, and anti-money-laundering record-keeping required by UK law.
4. How we store it
Personal data is stored in PostgreSQL databases hosted in the UK and EU. All data in transit is encrypted with TLS 1.3, and backups are encrypted at rest with AES-256. Access to production data is restricted to a small number of named engineers under audit logging.
We do not transfer personal data outside the UK or the European Economic Area except where a sub-processor (set out below) operates under an adequacy decision or under UK-approved Standard Contractual Clauses.
5. Third parties we share data with
We share personal data only with sub-processors who help us deliver the service. Each is bound by a written data-processing agreement.
- Stripe — payment processing. PCI-DSS Level 1 certified. Located in Ireland and the United States under SCCs.
- Amadeus IT Group — hotel and flight inventory. Required to fulfil third-party bookings. Located in Spain.
- Resend — transactional email (booking confirmations, password resets). Located in the United States under SCCs.
- Customer.io — lifecycle and marketing email, where you have consented. Located in the United States under SCCs.
- ElevenLabs — voice-based concierge transcription, only when you actively use the voice concierge. Located in the United States under SCCs.
- Anthropic — Claude API for the Considered search and concierge. Queries do not include account or booking data unless you explicitly share them.
- Sentry, Better Stack — error monitoring and uptime alerting. Anonymised where possible.
6. Retention
We hold personal data for these periods:
- Account data — for as long as your account is active, plus 13 months after the last booking, then deleted unless you log in or book again.
- Booking and payment records — six years from the booking, the legal minimum for UK accounting and tax purposes.
- Marketing-consent records — for as long as you remain subscribed, plus three months after withdrawal so we can prove the consent was respected.
- Analytics data — 14 months in aggregated form. Plausible does not hold per-visitor records.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Correct anything inaccurate.
- Have it deleted, subject to our legal record-keeping obligations.
- Restrict or object to certain processing.
- Port your data to another service in a machine-readable format.
- Withdraw consent for marketing or non-essential cookies at any time.
- Lodge a complaint with the Information Commissioner's Office.
Most of these you can do yourself from inside Account → Privacy. For anything more complex — full data export, complete deletion, or formal access requests — email privacy@billal.travel and we'll respond within one calendar month.
8. Cookies
We set a small number of strictly necessary cookies (session, CSRF protection, language preference) and an optional analytics cookie. The full breakdown, including how to opt out, is in our cookie policy.
9. Changes to this policy
We update this policy when our processing changes — typically when we add or remove a sub-processor, change retention windows, or respond to changes in UK law. Material changes are notified by email at least 30 days before they take effect. The current version is always at this URL with the "last updated" date at the top.
10. Contact
Our Data Protection Officer is reachable at privacy@billal.travel. Postal correspondence should be addressed to: Data Protection Officer, Halford & Hart Limited, The Northern Quarter, Manchester M4 1HW, United Kingdom.
If you are not satisfied with our response, you may complain to the UK Information Commissioner's Office at ico.org.uk.