Privacy Policy
Last updated: January 2026
Who We Are
EMS ("we", "our", "us") is a trading name of Travel Global Limited (company no. 12323610), based in Cardiff, United Kingdom.
The Data We Collect
| Category | Examples | Legal Basis |
|---|---|---|
| Contact data | Name, email, phone | Contract; Legitimate interest |
| Booking data | Stay/visit dates, room numbers, spend totals | Contract |
| Transaction data | Purchases made through EMS | Contract |
| Usage data | Log-ins, page views, device type, IP address | Legitimate interest |
| Marketing prefs | Opt-in/out status, channel choices | Consent |
As defined by UK GDPR/EU GDPR and the Data Protection Act 2018.
How We Use Data
- Provide and secure the EMS platform
- Process guest orders, requests and payments
- Send pre-arrival upsell emails/SMS/WhatsApp on behalf of our business customers
- Display verified reviews
- Improve services via anonymised analytics
- Where you consent, send EMS marketing updates (you can unsubscribe anytime)
Cookies & Similar Technologies
We use functional cookies for log-in sessions and analytics cookies (e.g., Google Analytics). A cookie banner gives you control over optional cookies.
Data Sharing
- With service providers — payment processors, cloud hosting, email/SMS gateways (all bound by DPA-compliant contracts)
- With business customers — if you interact with, or leave a review for, a hotel, restaurant, venue, etc. through EMS, that business receives your relevant data
- Legal or regulatory requests when required
We never sell personal data.
International Transfers
Data may be stored or processed outside the UK/EU. Where this occurs we rely on adequacy decisions, Standard Contractual Clauses, or other permitted safeguards.
Retention
We keep data while you have an account or as needed to deliver EMS, plus up to 6 years thereafter for legal, accounting or fraud-prevention purposes.
Your Rights
You can ask to access, correct, delete, restrict, or port your data, or object to processing. Email privacy@emsgrow.com. You can also lodge a complaint with the UK ICO.
Security
We use TLS encryption, role-based access, periodic penetration testing, and ISO-27001-certified data centres.
Contact
Questions? Email privacy@emsgrow.com.