Book

Privacy Policy

You are safe with us online too.

This is what we do with your data.

As good hosts, privacy is important to us. Here you can read what happens with your data – honestly and understandably.

Contents

1. Who we are

Welcome to Wynfrid House. We care not only about your stay, but also about protecting your data. If you have any questions, you can reach us at:

Wynfrid House
Anthony Perera (General Manager)
20 Mulberry Street
London E1 1EH, England
Phone: +44 790 085 6024
Email: mail@wynfridhouse.com

Who is legally responsible

Wynfrid House is the guesthouse of the German-speaking Catholic parish of St. Boniface in London and belongs to the Diocese of Westminster. The controller responsible under UK GDPR is:

Westminster Roman Catholic Diocesan Trust
Charity Registration Number: 233699

Data Protection Officer

The Diocese has appointed a Data Protection Officer. You can contact him directly at any time:

Mathew D'Souza
Data Protection Officer, Roman Catholic Diocese of Westminster
Email: mathewdsouza@rcdow.org.uk

Of course, you can also simply contact us – we will forward your request.

2. Data collection on our website

How we collect your data

Your data reaches us in two ways:

  • You provide it to us yourself (e.g., via the contact form or when making a booking).
  • Our website technology automatically collects some technical information as soon as you open the page (browser, operating system, time of access).
 

Why we do this

We need some of the data to ensure the website runs smoothly. Other data helps us improve the site and our services. (Legal basis: Art. 6 para. 1 lit. f GDPR / UK GDPR – legitimate interest.)

What ends up in the server log file

  • Browser type and version
  • Operating system used
  • Referrer URL (the page you came from)
  • Hostname of the accessing computer
  • Time of server request
  • IP address (stored in shortened form)

We use this data exclusively to ensure operation and analyze errors. (Legal basis: Art. 6 para. 1 lit. f GDPR / UK GDPR – legitimate interest.)

3. Hosting

Our website runs on All-Inkl.com (KAS Webhosting), a German hosting provider. Servers and therefore your data remain within the EU. We have concluded a data processing agreement (DPA) with All-Inkl.

(Legal basis: Art. 6 para. 1 lit. f GDPR / UK GDPR – legitimate interest in secure and stable operation of the website.)

4. Cookies & Consent Management

Our website only uses a minimum of cookies – specifically, those we technically need for the site to function at all (e.g., so your open booking form isn't lost or your language choice is remembered). Such "strictly necessary" cookies are expressly permitted without consent under British law (PECR).

What we do not use:

  • No tracking or advertising cookies.
  • No classic analytics cookies – for reach measurement, we use the cookieless solution Independent Analytics (see next section).
  • No cookies that would require your explicit consent.


For precisely this reason, you will also find no cookie banner on wynfridhouse.com – there is simply nothing to consent to.

Embedded content like Google Maps or YouTube videos is a separate case: they can set their own cookies when accessed or played. We explain how we handle this in the respective sections below.

(Legal basis for technically necessary cookies: Art. 6 para. 1 lit. f GDPR / UK GDPR – legitimate interest in operating the website; PECR Reg. 6(4) for strictly necessary cookies.)

5. Website Analytics (Independent Analytics)

We want to understand which pages interest our guests and what we can improve. For this, we use Independent Analytics, a WordPress plugin that is significantly more privacy-friendly than external trackers:

  • No cookies for analytics.
  • No transmission to third parties – all data remains on our own server in Germany.
  • IP addresses are shortened and not used to identify individual persons.
  • No cross-device tracking.

We see aggregated data on which pages are accessed how often, from which country or region (approximately), and with which device type – but not who you are.

(Legal basis: Art. 6 para. 1 lit. f GDPR / UK GDPR – legitimate interest in data-minimized reach measurement. Since no cookies are set and no data is transmitted to third parties, consent is not required.)

6. Bookings & Payment

When you book a room with us, we naturally need some information from you – otherwise we cannot reserve a bed for you.

What we collect

  • First and last name
  • Contact details (email, phone)
  • Travel dates and room preference
  • Number and, if applicable, age of accompanying guests (for room allocation)
  • Optional special requests in the free text field (e.g., late arrival, gluten-free breakfast, halal)

For booking processing, we use the WordPress plugin VikBooking. The data is stored in our own database on our German host – not with an external booking service.

(Legal basis: Art. 6 para. 1 lit. b GDPR / UK GDPR – contract fulfillment.)

Special requests – a brief note

If you enter something in the special requests field that allows conclusions about your religion (e.g., "halal") or your health (e.g., "gluten-free for medical reasons"), these are special categories of personal data under Art. 9 UK GDPR.

We treat such information with particular care: It is only used to organize your stay accordingly (breakfast, room) and is not shared or otherwise evaluated. The field is voluntary – you do not have to enter anything you do not want to enter.

(Additional legal basis here: Art. 9 para. 2 lit. a GDPR / UK GDPR – explicit consent through your own entry in this optional field.)

Payment

Currently, you pay on arrival – in cash or by card at reception. No payment data is collected during the booking itself.

Once we have activated online payment via PayPal, you can also pay for your room directly when booking. Once this is active, the following applies:

  • The PayPal buttons (PayPal Smart Checkout) appear on our booking page. When you click, a window from paypal.com opens where you enter your card or PayPal details.
  • Your payment data goes directly to PayPal – we do not see or store it.
  • We only receive: transaction ID, status, amount, currency and the name and email address you have registered with PayPal.

PayPal is independently responsible for processing your payment data under data protection law and has its own privacy policy: https://www.paypal.com/uk/legalhub/privacy-full.

(Legal basis: Art. 6 para. 1 lit. b GDPR / UK GDPR – contract fulfillment.)

Retention

We keep booking and invoice data for 6 years – this is required by UK tax law (HMRC). More on this under point 13.

7. Contact Form

If you use our contact form, your data will be sent to us by email and stored in our WordPress database. (Legal basis: Art. 6 para. 1 lit. b GDPR / UK GDPR – Contract fulfillment)

8. WhatsApp Contact

If you contact us via WhatsApp, your data will be transmitted to WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

WhatsApp's privacy policy applies: https://www.whatsapp.com/legal/privacy-policy-eea.

We use WhatsApp exclusively for communication with you and do not store messages permanently.

If you do not want WhatsApp to process your data, please contact us through other channels. (Legal basis: Art. 6 para. 1 lit. a GDPR / UK GDPR – Consent)

9. Newsletter (MailChimp)

For our newsletter, we use MailChimp, a service of Intuit Inc., 2700 Coast Ave, Mountain View, CA 94043, USA. Your email address is stored on MailChimp's servers. (Legal basis: Art. 6 para. 1 lit. a GDPR / UK GDPR – Consent)

MailChimp also analyzes whether you open our newsletter or click on links (so-called web beacons). If you do not want this, you can unsubscribe at any time – a corresponding link is included in every email.

Since MailChimp is based in the USA, your data is transferred there. We have concluded a Data Processing Agreement (DPA) with MailChimp to ensure that your data is well protected. Further information: https://mailchimp.com/legal/terms/.

The storage of email addresses to prevent future mailings is based on Art. 6 para. 1 lit. f GDPR / UK GDPR (legitimate interest).

10. Google Maps

On some pages, we display an embedded Google Maps map so you can easily find us. As soon as a page with a map is loaded, your browser establishes a connection to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your IP address is transmitted to Google; Google may also process this data in the USA.

If you don't want this, that's no problem: our address, directions, and contact details can also be found in plain text on the page – you don't have to access the map.

(Legal basis: Art. 6 para. 1 lit. f GDPR / UK GDPR – legitimate interest in showing you the way to us as easily as possible.)

Google Privacy Policy

11. YouTube

On some pages, we embed YouTube videos – deliberately in enhanced privacy mode (via the domain youtube-nocookie.com). This specifically means:

  • As long as you do not start the video, no data is transferred to YouTube / Google and no cookies are set.
  • Only when you click Play does your browser establish a connection to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google may also process this data in the USA.

So you decide for yourself if and when data flows.

(Legal basis: Art. 6 para. 1 lit. f GDPR / UK GDPR – legitimate interest in embedding video content; by actively starting the video, you consent to the associated data transfer.)

Google Privacy Policy

12. Your Rights

You have the right at any time to:

  • receive information about your stored data (Art. 15 UK GDPR)
  • request rectification or erasure of your data (Art. 16, 17 UK GDPR)
  • request restriction of processing (Art. 18 UK GDPR)
  • lodge an objection to processing (Art. 21 UK GDPR)
  • request data portability (Art. 20 UK GDPR)

You can submit such requests informally to us (mail@wynfridhouse.com) or directly to the Diocese's Data Protection Officer (mathewdsouza@rcdow.org.uk). We will take care of it.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk

13. Storage Duration

We only store your data for as long as we need it or as required by law. Specifically:

  • Booking and invoice data: 6 years – this is the retention period under UK tax law (HMRC).
  • Data from the contact form and WhatsApp messages: until your request is resolved and no further queries are expected, after which they are deleted.
  • Newsletter subscription: as long as you are subscribed; after unsubscribing, the email address is removed from the active distribution list and only kept in a suppression list to prevent you from being contacted again by mistake.
  • Server log files: short-term for error analysis, then regularly deleted.
  • Independent Analytics data: aggregated and without personal reference; we keep it for long-term analysis of website usage.

(Legal basis: Art. 5 para. 1 lit. e GDPR / UK GDPR – storage limitation; Art. 6 para. 1 lit. c – legal obligation for the HMRC retention period.)

14. Data Transfer to Third Countries

If personal data is transferred to countries outside the United Kingdom or the European Economic Area (e.g., when using services like MailChimp or Google), we ensure that an adequate level of data protection is guaranteed – for example, through so-called Standard Contractual Clauses (SCCs) or adequacy decisions. (Legal basis: Art. 44 et seq. GDPR / UK GDPR)

15. Disclosure to Authorities

In individual cases, personal data may be disclosed to government agencies, supervisory authorities, or courts –
e.g., during tax audits, official inquiries, or to defend against legal claims. The legal basis for this is Art. 6 para. 1 lit. c GDPR / UK GDPR (legal obligation).

16. Changes & Updates

If anything changes, we will update this privacy policy.
As of: May 2026

Let us find your room.

Are you looking for a classic, affordable room with a shared bathroom, or do you prefer the luxury of a private bathroom with a shower in one of our ensuites?

Or is your group larger than six and looking to book an entire dorm?

Ensuites with Bathroom
Rooms without Bathroom
The Dormitories

ANY QUESTIONS?

ABOUT US

AROUND THE HOUSE