To ensure the highest level of security to protect your personal data and protect you from fraud we have adopted the stringent rules outlined below. While no system or procedure is 100% secure if we all work together we can keep our money and personal data out of the wrong hands.
We only accept payment by credit / debit card. We advise you to pay by credit card where possible, being the method offering the greatest level of consumer protection. Note that you should never pay for a holiday by direct bank transfer. Payment by card is provided online on staygb.com only. We do not send you to third party websites with domain names you do not recognise. We use WorldPay as our payment processor of choice. All card data is not processed by us but is sent by your browser directly to WorldPay and exchanged by a token which is then used to process the transaction. Our servers do not come into contact with your full card details.
The information sent between our web systems and your computer or mobile device is secured by encryption to prevent it being altered in transit. Please check that the padlock icon is displayed next to staygb.com in the address bar. You can check that the staygb.com site is authentic by checking the SSL certificate. Click the padlock in the address bar and confirm that the certificate is ‘Valid’ and issued to ‘STAYGB LTD’ in the certificate details. Drilling down into the certificate details will show it is registered to a business located in Norwich, GB. At the bottom of every webpage we display a Norton Secured logo. Click this image to verify with Norton that this site is safe and that it has passed its daily malware check.
Emails from us will only originate from staygb.com or if fully automated from staygb.net. Contracts or legal documents will originate from docusign.com. Any email originating elsewhere should be marked as spam and not acted upon as it did not come from us. We will never send invoices or statements containing payment details or payment links by email. If your personal email account is compromised these emails can easily be replaced by fakes or our legitimate emails can be spoofed (email designed by a fraudster to make it look if it originated from us). The goal here is for you to be conned to pay the fraudster directly by replacing genuine payment instructions. Never follow links in emails to make payments.
All legal documents such as contracts containing terms and conditions will be sent to you electronically by the well established electronic signature service DocuSign. We do not send separate invoices - invoice data is sent as part of our contracts. These documents will be emailed to you from docusign.com. Operations on these documents are fully traceable. Please note that some documents will require multi-factor authentication to open them due to the nature of their contents. The authenticity of every document (especially vital for contracts which involve payments) is verified during the payment process. Each document / contract has an ID, a randomly generated code. To make a payment you need to use a browser to navigate to staygb.com. Select Services from the dropdown menu, then select Make Payments. Enter the ID in full. You will then be redirected to a payment page showing the ID and matching the payment amount shown in your document. If this does not occur navigate to About, then select Contact and inform us by telephone immediately. The document may not be sent by us and will need to be investigated.
We will never call you requesting you make a payment over the phone or request your personal data. Due to the inherent nature of calls not being encrypted we do not take card details over the phone.
Assume they are an imposter. Do not give them any information. Request the full business name, their location, their name, department and get a reference number. If what they are saying sounds serious or requires urgent attention, stay calm. Tell them that you will call them back and disconnect the call. DO NOT PHONE THEM BACK (REDIAL) ON THE NUMBER PRESENTED ON YOUR PHONE (the caller ID) OR ANY NUMBER GIVEN TO YOU BY THE CALLER. Using a computer or mobile device (preferably not your mobile if that is the device on which the call was received) open the browser and find the company you need to speak to. Navigate to the contact page and get the phone number to dial. Phone this number and request to speak to the department and describe the call you received. If you need to make a payment to a company by phone only do this when you have initiated the call. At least then you know you are speaking to a representative of the company.
Assume the email is not legitimate. Do not click on the link. Do not open attachments. Do not telephone numbers presented in emails. If a sales email is legitimate it will state a voucher code that you can enter into the shopping cart on the companies website. Use the browser on the device and navigate to the business website using your search engine of choice (Google, Bing etc) and enter offer codes at checkout.