Privacy notice

How we handle your data.

Last updated: 28 May 2026.

Who we are.

Habibi Lads is a trading name of NADIR COLLECTIVE LTD, a private limited company registered in England and Wales. References to "we," "us," and "our" in this notice mean NADIR COLLECTIVE LTD. We are the data controller for the information described here.

For any data protection question or request, contact us at [email protected].

What data we collect.

We collect data you give us directly when you join our early-access list, book a trip, or contact us. That includes your name, email address, phone number, billing address, and, when you book, the information you provide on the guest intake form: dietary needs, accessibility requirements, photo consent preference, emergency contact, and passport information needed for the booking and any visa requirements.

We also collect basic analytics data when you visit our website: pages viewed, approximate location (country), device type, and how you reached the site. This data is anonymous and aggregated.

Special category data, and the extra care we take with it.

Because our trips are created for queer men, booking with us may reveal information about your sexual orientation. UK law treats this as special category data that needs extra protection, and that is exactly how we treat it: stored securely, access limited to the people running your trip, and never shared beyond what your trip requires.

The health and dietary information you give us on the intake form is also special category data. We collect it only so we can feed you safely and look after you on the trip, and only the chef and your trip leaders see it.

We process this special category data on the basis of your explicit consent, which you give when you complete the intake form. You can withdraw that consent at any time by emailing us, though doing so may affect our ability to run your trip safely.

Our lawful basis for using your data.

  • Consent for sending you marketing and trip updates by email. You can unsubscribe at any time.
  • Performing our contract with you to deliver a trip you have booked.
  • Explicit consent for the special category data described above.
  • Legal obligation for the booking and financial records we must keep under UK tax and company law.
  • Legitimate interests for keeping our website secure and understanding how visitors use it.

How we use it.

  • To communicate with you about Habibi Lads trips and brand updates, where you have asked us to.
  • To run trips you have booked: arranging accommodation, transport, and excursions, and providing your information to suppliers where strictly necessary.
  • To improve our website and understand how visitors use it.
  • To comply with our legal obligations as a UK company.

Who we share it with.

We use the following service providers to operate the site, take payments, and run our communications. Each is a data processor acting on our instructions under UK GDPR.

  • MailerLite (email platform) for the early-access list and trip communications.
  • Google Analytics and Google Tag Manager for anonymous website analytics.
  • Cloudflare for website hosting and security.
  • Stripe (once bookings open, 1 June 2026) to process your booking deposit. We never see or store your card number.
  • Wise to issue invoices and process the remaining balance of your trip.
  • Zapier to move your booking details securely into our private booking records.
  • A secure guest records system (Airtable) for the intake-form information, with two-factor authentication and restricted access. (In use from the point booking-confirmation flows begin.)
  • Trip suppliers (accommodation, transport, restaurants, photographer, chef): only the minimum information needed to deliver your booked trip.

We do not sell your data to anyone, ever.

Where your data is stored.

Some of our service providers are based outside the UK, including in the United States, and our team operates from Indonesia. Where your data is transferred outside the UK, we rely on recognised safeguards: providers certified under the UK extension to the Data Privacy Framework, or, where that does not apply, Standard Contractual Clauses approved for UK data transfers. Your data is protected to the same standard wherever it is handled.

Your emergency contact.

When you give us an emergency contact, you are sharing another person's details with us. Please make sure that person is happy for you to do so. We use their details only to reach them in a genuine emergency during your trip.

How long we keep it.

  • Early-access list: until you unsubscribe.
  • Passport and ID documents: deleted within 30 days after your trip ends.
  • Health, dietary, and accessibility information: deleted within 12 months after your trip.
  • Booking and payment records: six years, as required by UK tax and company law.
  • Website analytics: 14 months.

Your rights.

Under UK GDPR you have the right to access the data we hold about you, ask us to correct it, ask us to delete it, ask us to stop processing it, withdraw any consent you have given, and to take your data with you (data portability). Email [email protected] to make any of these requests.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

Cookies.

Our website uses a small number of cookies for analytics (via Google Analytics) and to make the site work, and only sets analytics cookies after you accept them. We do not use cookies for advertising and we do not allow third-party advertising trackers on the site. Full detail is in our cookie policy.

Changes to this notice.

If we change this notice in a meaningful way, we will update the date at the top and, where appropriate, email the early-access list.