Luxury Concierge Services – Tailored to Your World

Savoire | Bespoke Executive Support and Lifestyle Management

Privacy Policy

Last updated: 15 December 2025

We respect your privacy and handle personal data lawfully, fairly and transparently.
This policy explains what personal information we collect, how we use it, on what legal basis, who we share it with, international transfers, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).
Related documents

This Privacy Policy sits alongside our Terms and Conditions and Client Confidentiality Policy. If there is any inconsistency:

For practical questions, you may also find our FAQ page helpful.

1. Who We Are

Savoire provides executive assistant, business concierge, luxury travel and events, and consultancy services. Savoire is the trading name of Savoire Solutions Ltd, a UK limited company. Depending on the engagement, we may act as either:
  • Data Controller
    – when we determine how and why personal data is processed; or
  • Data Processor – when we process personal data on behalf of a client (the controller), under their instructions.
In all cases, we process personal data lawfully, fairly, and transparently.

2. Controller Details and Contact

Controller: Savoire Solutions Ltd, trading as Savoire (“Savoire”).

ICO registration: ZC065325
Registered Office Address: Savoire Solutions Ltd, 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB
Privacy contact: privacy@savoire.co.uk

We are not required to appoint a Data Protection Officer. If this changes, we will update this policy.

3. Information We Collect

We only collect personal information necessary for the purposes described in this policy. This may include:
  • Identity and contact data (e.g., name, phone, email, address, job title)
  • Enquiry and correspondence data (e.g., messages, proposals, briefs)
  • Service delivery data (e.g., traveller/attendee details, preferences, itineraries, logistics)
  • Billing and transaction data (e.g., invoices, payment references)
  • Technical and usage data (e.g., basic analytics, device/browser information if enabled)
How we collect it:
  • Directly from you (web forms, email, phone, meetings)
  • From your organisation or representatives
  • From service providers we use to deliver our services (e.g., airlines, venues) where necessary
  • From publicly available sources used in a professional context (e.g., company sites, LinkedIn) where appropriate

4. Purposes and Lawful Bases

Purpose Examples Lawful basis
Respond to enquiries Contact forms, scheduling, proposals, CRM follow-up Legitimate interests
Deliver services EA support, bookings, travel/event arrangements, supplier coordination Contract
Billing and compliance Invoices, accounting, audit, fraud prevention Legal obligation
Client relationship and improvements Service quality, feedback, usage insights Legitimate interests
Marketing communications News and service updates Consent or Legitimate interests
Where we rely on legitimate interests, these relate to operating, managing and promoting our professional services in a way that individuals would reasonably expect and that does not override their rights and freedoms.
Where we rely on consent, you may withdraw it at any time.

5. Who We Share Data With

We share personal data with trusted providers acting under contract and only as necessary to deliver our services or meet legal obligations, including:
  • Hosting/CDN and website platforms
  • Email and productivity suites
  • Secure file storage and e-signature tools
  • Accounting, invoicing, and payment providers
  • Scheduling, ticketing, booking and travel vendors
  • IT support and security services
We require confidentiality, security and data protection commitments from each provider.
We do not sell personal data.

6. International Transfers

Where personal data is transferred outside the UK/EEA, we rely on:
  • UK adequacy regulations, where applicable; or
  • appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum.

7. Cookies and Website Analytics

Our website uses minimal, privacy-focused analytics to understand website usage and improve performance. These analytics do not involve profiling and are not used to identify individuals. Where cookies or similar technologies are used, they are limited to what is strictly necessary or are deployed in accordance with applicable consent requirements.

8. Data Security

We take appropriate technical and organisational measures to protect personal data, including:
  • Strong, unique passwords and password-manager use
  • Two-factor authentication or passkeys where supported
  • Full-disk encryption and automatic device locking
  • Least-privilege access controls and prompt off-boarding
  • Up-to-date security patches and reputable anti-malware
  • Secure and tested backups
Please do not send payment card details, banking credentials or passwords via email or chat. If access is essential, we will agree a secure method (e.g., password-manager share).

9. Incidents and Data Breaches

We investigate suspected incidents promptly. Where a personal data breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the ICO within 72 hours where required, and affected individuals without undue delay.

10. How Long We Keep Data

We retain personal data only for as long as necessary for the purposes set out above or to meet legal obligations:
  • Client engagement records: 6 years after the end of the engagement.
  • Proposals and enquiries (no contract): 12 months, then deleted.
  • Travel/event attendee data: up to 90 days after event completion, unless the client requires longer.
  • Marketing contacts: until you opt out or withdraw consent; we retain minimal suppression data to honour your opt-out.
  • Routine backups: 30-90 days rolling.
Where a legal claim, investigation or hold applies, relevant data is retained until resolution.

11. Your Rights

Under data protection law you have rights to:
  • Be informed about how we process your data
  • Access the personal data we hold about you
  • Request correction or erasure of your data
  • Restrict or object to processing
  • Data portability (to receive and reuse your data in a usable format)
  • Withdraw consent at any time (where relied upon)
We usually respond within one month and may request proof of identity. For complex requests, we may extend by up to two further months and will inform you.
To exercise your rights, contact privacy@savoire.co.uk. You also have the right to complain to the Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint or 0303 123 1113.

12. Marketing and PECR

We send electronic marketing communications only in accordance with PECR. We rely on consent or, where permitted, the soft opt-in for existing clients and enquiries about similar services. You may opt out at any time.

13. Indirectly Received Data

We sometimes receive personal data from clients about third parties (e.g., travellers, event attendees, household staff). This data is used solely to provide the requested services and is protected by the same safeguards.

14. When We Act as a Processor

Where we process personal data on behalf of a client, we act as a data processor under a Data Processing Agreement (DPA). The client remains responsible for providing privacy information to individuals.
Our DPA includes confidentiality, security, sub-processor controls and international transfer provisions. A copy is available on request or via our Data Processing Addendum.

15. Additional Information

Children: Our services are not directed to children and we do not knowingly collect personal data relating to children. If we become aware that we have collected children’s personal data in error, we will delete it unless we are legally required to retain it.
Special-category/criminal-offence data: We do not intentionally process special category personal data or criminal-offence data. Where such data is provided incidentally and is necessary to deliver a requested service, it is handled with appropriate safeguards and confidentiality. Any such processing is limited in scope and is not carried out on a large-scale basis.
Automated decision-making: We do not carry out automated decision-making or profiling that produces legal effects or similarly significant effects for individuals, as defined under the UK GDPR. Any tools or systems we use to support our services are used to assist human decision-making only and do not make decisions about individuals without meaningful human involvement.

16. Changes to This Policy

We may update this policy from time to time. The current version will always be available on our website with the updated date shown above.

17. Contact

If you have questions or concerns about this Privacy Policy or how we handle personal data, please contact us using the details set out in Section 2 (Controller Details and Contact) above. You may also complain to the Information Commissioner’s Office (ICO) using the details provided in Section 11 (Your Rights).