Boutique Booking Collection
Home / Privacy Policy
Data & privacy

Privacy Policy

GateLink is committed to protecting the personal information of every guest who uses our platform. This policy explains what we collect, why we collect it, and how we keep it safe.

Effective date: May 2026 Jurisdiction: State of Kuwait Last reviewed: May 2026

1. Who we are

GateLink ("we", "us", "our") is a direct property booking platform operating in Kuwait and the wider Gulf Cooperation Council (GCC) region. We own and manage a curated collection of residential and hospitality properties and provide this website to allow guests to search, reserve, and manage their stays directly.

For any privacy-related enquiries, please contact us at privacy@gatelink.com.

2. Information we collect

We collect personal information only where necessary to operate our booking service. This includes:

Information you provide directly

  • Identity: Full name as entered during checkout or account registration
  • Contact: Email address and mobile phone number, used for booking confirmation, OTP authentication, and guest communications
  • Booking details: Chosen property, check-in and check-out dates, number of guests, and any special requests
  • Payment details: Payment method selection; card or payment data is processed directly by our payment gateway and is never stored on our servers

Information collected automatically

  • Session data: Browser type, device type, IP address, and pages visited, collected to maintain a secure session and improve site performance
  • Cookies: Functional cookies required for authentication and session continuity. We do not use third-party advertising or tracking cookies
  • OTP logs: Timestamps of one-time password requests and verifications, retained for security audit purposes

3. How we use your information

We use the information we collect for the following purposes:

  • Processing and confirming your reservation
  • Authenticating your identity via one-time password (OTP) login
  • Sending booking confirmations, reminders, and post-stay communications to your registered email or mobile number
  • Generating and delivering invoices and financial documents related to your stay
  • Resolving disputes, responding to queries, and providing guest support
  • Meeting our legal and regulatory obligations under Kuwaiti law
  • Improving the functionality and performance of our platform

We do not use your personal information for unsolicited marketing without your explicit consent. If you receive a communication from us that you did not request, you may opt out at any time by contacting us directly.

4. Payment processing

All payment transactions are processed through certified third-party payment gateways. GateLink does not store, transmit, or have access to your full card number, CVV, or banking credentials.

By selecting a payment method and proceeding to checkout, you agree to the terms and privacy practices of the relevant payment processor, in addition to this policy. We recommend reviewing your chosen processor's privacy documentation before completing payment.

We retain a record of payment amounts, transaction references, and payment status for accounting, dispute resolution, and regulatory compliance purposes.

5. One-time password (OTP) authentication

GateLink uses OTP-based authentication to verify guest identity without requiring a stored password. When you log in to the guest portal, a one-time code is sent to your registered mobile number or email address.

This code expires after a short period and cannot be reused. We log the time and outcome of OTP requests to detect unusual or fraudulent access patterns. This data is stored securely and is not shared outside of our platform.

6. Cookies

Our platform uses strictly necessary cookies to maintain your session while you browse and book. These cookies are not used to track you across other websites or to serve advertising.

  • Session cookies: Temporary cookies that expire when you close your browser, used to keep you authenticated during a visit
  • Authentication cookies: Set after a successful OTP login and used to maintain your logged-in state for a defined period

You may disable cookies in your browser settings, but doing so will prevent you from accessing authenticated areas of the platform, including the guest portal and booking history.

7. Sharing your information

We do not sell, rent, or trade your personal information with any third party for commercial purposes. We may share limited information in the following circumstances:

  • Payment processors: Transaction data is shared with our payment gateway partner solely to complete your payment
  • Property management: Your name, contact details, and booking summary may be shared with the team responsible for managing your specific property to coordinate your arrival and stay
  • Legal compliance: We may disclose information to government authorities, regulators, or courts where required by applicable Kuwaiti or GCC law
  • Service providers: We engage trusted technology providers (hosting, email delivery, SMS gateway) who process data on our behalf under strict confidentiality agreements

8. Data retention

We retain your personal data for as long as is necessary to fulfil the purposes described in this policy, or as required by law. In practice:

  • Booking records and associated guest data are retained for a minimum of five years for financial and regulatory compliance purposes
  • OTP authentication logs are retained for 90 days and then deleted
  • Session cookies expire when you close your browser or after your authenticated session ends
  • If you request deletion of your account, we will remove your personal data from active systems within 30 days, subject to any legal retention obligations

9. Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include encrypted data transmission (HTTPS), access controls, secure hosting infrastructure, and regular security reviews.

No method of data transmission or storage is completely secure. While we take every reasonable precaution, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at privacy@gatelink.com.

10. Your rights

As a guest of GateLink, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Ask us to correct inaccurate or incomplete information
  • Deletion: Request that we delete your personal data, subject to legal retention obligations
  • Objection: Object to how we process your data in certain circumstances
  • Complaint: Lodge a complaint with the relevant data protection authority in your jurisdiction

To exercise any of these rights, contact us at privacy@gatelink.com. We will respond within 30 days of receiving your request.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. We will post the updated version on this page with a revised effective date. For material changes, we will notify guests by email where we hold a current address.

Continued use of the GateLink platform after an update is posted constitutes acceptance of the revised policy.

12. Contact

If you have questions, concerns, or requests relating to this Privacy Policy, please contact us:

  • Email: privacy@gatelink.com
  • Address: GateLink, Kuwait City, State of Kuwait