The Guide logo

Privacy Policy

This privacy policy is effective from 24th May 2018.

About Tab

Tab provides an online platform that connects customers with tourism businesses. When you visit our website, download our apps, communicate with us, or use the Tab platform as a customer or tourism business, the data controller is Tab Labs Ltd.

Tab Labs Ltd is registered in England & Wales (company number 09339113) at 6th Floor, One London Wall, London, EC2Y 5EB.

Tourism businesses who use our platform may also act as data controllers for customer data, and you should contact them directly to understand how they manage your data.

Data we collect


We collect personal data when you use our website or communicate with us.

Tourism Businesses

We collect personal data when you enquire about, set up, administer and use a Tab account. This may include information about your company’s employees, directors or beneficial owners.


We collect personal data when you enquire about, set up, administer and use a Tab account, when you initiate or complete a transaction, and when you make or have a payment collected using our services.

Use of your personal data

Using personal data to provide our services

We use personal data where it is necessary to provide the services you request.

Using personal data for our legitimate interests

We use personal data for our legitimate business interests. When we do, we make sure we understand and work to minimise its privacy impact. For example, we limit the data to what is necessary, control access to the data, and where we can, aggregate or de-identify the data.

Using personal data where required by law

We use personal data to comply with the requirements of law and as required in other exceptional circumstances.

Sharing personal data

Transferring personal data abroad

Tab’s services are offered from our headquarters in the United Kingdom. Personal data may also be stored and accessed by service providers located in other countries in the European Union. Some of our service providers are located in the United States or other countries that do not provide the same standard of data protection as the EU.

When we work with a service provider, we look for a legal mechanism that requires them to protect data to EU standards. For example, the service provider has signed on to the EU-US Privacy Shield, operates under EU-approved binding corporate rules, or is in a country the EU recognises as having adequate data protection laws. Where no other legal mechanism exists, we enact the EU-approved standard contractual data protection clauses in our contracts.

Our services are available in a number of countries around the world. If you use our services to transact with a tourism business in another country, personal data will be transferred as necessary to complete this transaction.

Your rights and choices

Most of the data we collect and the purposes we use it for are necessary for us to operate and improve our services or comply with our obligations as a service provider. We tell you in the service where you can make a choice or grant consent. When you grant consent, you may withdraw it at any time to stop any further processing. You can also ask us at any time not to send or to carry out profiling for direct marketing, or to stop using certain kinds of cookies.

You may have certain rights under data protection law. These include the right to ask Tab for a copy of your personal data, to correct, delete or restrict processing of it, and to obtain personal data in a format you can share with a new provider. You may have the right to object to processing. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.

To exercise your data protection rights, please email us at:

If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live or work, or where you believe a breach may have occurred.

Retention periods for your personal data

Tab keeps personal data for as long as necessary to provide our services to tourism businesses using our platform. We also keep personal data for other legitimate business purposes, such as complying with our legal obligations, resolving disputes, preventing fraud, and enforcing our agreements. These needs can vary for different data types used for different purposes, so retention times will also vary. Here are some of the factors we have considered to set retention times: