Last updated: 22 September 2025
This Privacy Policy explains how REALIVO GROUP LTD (“Realivo”, “we”, “us”, “our”) collects, uses, discloses and protects personal information in connection with realivo.com (the “Site”) and our hotel & hospitality brokerage services (introductions, mandates, co-brokerage, buyer/owner representation, fee letters, deal memoranda, and related advisory).
We are committed to handling personal information lawfully, fairly and transparently under the UK GDPR and the Data Protection Act 2018.
REALIVO GROUP LTD
Company number: 16712204
Registered office: 347 Barking Road, London, England, E13 8EE
General enquiries: s@realivo.com (Director: Serhii Molodan)
Brokerage contact: taras@realivo.com (Authorised representative: Taras Ivanyna)
Contact persons (site/admin): Miles, Abakaria, Liva
(You can reach any of the above via the emails listed or the postal address.)
We do not currently appoint a statutory Data Protection Officer; if that changes, we will update this notice.
Visitors to our Site (including contact form submissions and cookies/analytics).
Prospective and existing clients, owners/sellers, buyers/investors, and co-brokers/agents we interact with in the course of hotel transactions.
Individuals connected with those organisations (e.g., representatives, UBOs, signatories).
This policy does not cover third-party websites linked on our Site.
Identity & contact: name, job title, company, email, phone, postal address.
Business context: mandate status, deal preferences, investment criteria, meeting notes, site-visit preferences, fee acknowledgements, signature blocks.
KYC/AML materials (B2B context): documents you or your advisers choose to provide (e.g., ID page, proof of address, corporate structure charts, UBO attestations).
Communications: emails, forms, messages, call/meeting summaries.
Usage data: IP address, device/browser type, pages viewed, timestamps, referrers.
Cookies and similar tech (see Cookies below).
Introductions from co-brokers/mandated agents and professional advisers.
Public/commercial sources: company registries, sanctions & PEP lists, business databases.
We do not intentionally collect children’s data.
| Purpose | Examples | Lawful basis (UK GDPR) |
|---|---|---|
| Provide and improve the Site | Load pages, security logs, analytics | Legitimate interests (running a secure, effective site) |
| Respond to enquiries | Contact forms, emails, demo/intro requests | Legitimate interests (responding to B2B enquiries) |
| Brokerage activity | Recording/confirming introductions, arranging NDAs/NCNDAs, fee letters, coordinating viewings, exchanging LOIs/term sheets, closing logistics | Legitimate interests (facilitating contemplated transactions); Contract (where we have an agreement with you) |
| Compliance & risk | KYC/AML screening (proportionate), sanctions checks, fraud prevention, conflict checks | Legal obligation (where applicable); Legitimate interests (risk management) |
| Communications & updates | Transactional notices, essential service messages | Legitimate interests (keeping parties informed) |
| Legal claims, governance | Enforcing agreements (e.g., non-circumvention), defending claims, audit trail | Legitimate interests |
Where we rely on consent (e.g., optional marketing), we’ll ask for it and you can withdraw at any time.
Parties to a contemplated deal: owners/sellers, buyers/investors, their mandates, and their professional advisers—strictly as needed to evaluate/advance an opportunity.
Co-brokers/mandated agents we collaborate with (limited to what’s necessary).
Service providers (processors): secure hosting, email, document execution/e-signature, CRM, analytics, IT security, cloud storage. We require appropriate contracts and safeguards.
Compliance partners (if used): KYC/AML screening providers, sanctions-list screening.
Authorities where required by law, regulation, court order, or to enforce legal rights.
Corporate events: in case of reorganisation, merger, or business transfer, subject to confidentiality.
We do not sell personal data.
Our operations and providers may involve transfers outside the UK. Where we do so, we rely on lawful mechanisms such as:
UK adequacy regulations, or
International Data Transfer Agreement (IDTA) / SCCs with UK Addendum, plus appropriate technical and organisational measures.
We keep personal data only as long as necessary for the purposes above, including:
Website logs/analytics: typically up to 12–24 months (shorter where feasible).
Deal files/contractual records (NDAs/NCNDAs, fee letters, introductions, correspondence): typically 6–7 years after the end of the relationship or last activity (to meet legal/claims requirements).
KYC/AML materials: retained only as long as needed for legal/compliance and audit.
We will securely delete/anonymise data when it is no longer required.
We implement appropriate technical and organisational measures: access controls, encryption in transit, role-based permissions, confidentiality obligations, and vendor due diligence. No system is 100% secure, but we work to mitigate risks and respond promptly to concerns.
Subject to conditions and applicable law, you may have the right to:
Access your data and obtain a copy.
Rectify inaccurate or incomplete data.
Erase data (right to be forgotten) in certain circumstances.
Restrict or object to certain processing (especially where based on legitimate interests).
Data portability (where processing is by consent or contract and automated).
Withdraw consent at any time (where we rely on consent).
Complain to a supervisory authority (see below).
We will respond to verified requests within one month (or explain if an extension is needed for complex requests).
We use cookies and similar technologies to operate the Site and understand usage.
Strictly necessary cookies: required for core functionality.
Analytics cookies (e.g., to understand page performance).
Preference cookies (to remember settings).
Where required, we will present a cookie banner/consent tool. You can also block cookies via your browser; some features may not work correctly without them.
We are primarily B2B. We only send marketing where permitted (legitimate interests/soft opt-in or consent). You can opt out at any time using unsubscribe links or by contacting us.
Our Site may link to third-party websites or platforms. We are not responsible for their privacy practices. Please review their policies.
Our services and Site are not directed to children. We do not knowingly collect children’s data.
We may update this Policy from time to time. The “Last updated” date at the top will be revised. Significant changes may be communicated on the Site or by email where appropriate.
If you have questions, requests, or complaints about privacy:
REALIVO GROUP LTD
Data protection contact:
Serhii Molodan (Director) — s@realivo.com
Taras Ivanyna (Authorised representative) — taras@realivo.com
Contacts (site/admin): Miles, Abakaria, Liva
Postal address: 347 Barking Road, London, England, E13 8EE
Supervisory authority (UK):
If you are in the UK, you can complain to the Information Commissioner’s Office (ICO). See ico.org.uk for contact options. We would appreciate the chance to address your concerns first.
Your request has been received. A consultant will contact you shortly.
