Web Page Banner

A) INTRODUCTION

This document serves to inform you about the processing of personal data held by us. It outlines the types of data we hold, how it is stored, used, and the reasons for its retention.

In the course of providing our services, we are required to collect and utilise personal information. We are committed to handling this information with utmost care and in compliance with applicable laws, whether it is stored physically, electronically, or by any other means.

We recognise the significance of lawfully and ethically treating personal data, which is integral to our operational success and building trust with our stakeholders. In line with this commitment, we fully endorse and adhere to the principles laid out in the General Data Protection Regulation (GDPR).

This policy encompasses the processing of personal data across manual and electronic records maintained by us. It also delineates our procedures for addressing data breaches and upholds the rights conferred upon individuals by the GDPR.

This policy extends to the personal data of our guests, employees, contractors, and other parties with whom we engage in our day-to-day operations, referred to herein as relevant individuals.

 

B) DEFINITIONS

In compliance with relevant legislation, including the General Data Protection Regulation (GDPR), the following definitions apply:

  • Personal data: Information pertaining to an identifiable individual, directly or indirectly, encompassing details such as name, identification number, location, and online identifiers. This also extends to pseudonymised data.

  • Special categories of personal data: Data concerning an individual's health, sex life, sexual orientation, race, ethnic origin, political opinions, religion, trade union membership, as well as genetic and biometric data used for identification purposes.

  • Criminal offence data: Information concerning an individual's criminal convictions and offences.

  • Data processing: Any action or series of actions performed on personal data, whether automated or not. This includes but is not limited to collection, recording, organisation, storage, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.

These definitions serve as the framework for our data processing activities and ensure compliance with data protection laws.

 

C) DATA PROTECTION PRINCIPLES

Under the General Data Protection Regulation (GDPR), we are committed to upholding a set of core principles when processing personal data. In line with these principles, we guarantee:

  1. Fair, Lawful, and Transparent Processing: We ensure that all data processing is conducted fairly, lawfully, and transparently, with due consideration to individual rights and privacy.

  2. Specific, Explicit, and Legitimate Purposes: Personal data is collected for specific, explicit, and legitimate purposes, and will not be further processed in a manner incompatible with those purposes.

  3. Adequate, Relevant, and Limited Data: We collect only the data necessary for the purposes of processing, ensuring that it is adequate, relevant, and limited to what is essential.

  4. Accuracy and Timeliness: We maintain accurate and up-to-date personal data. Any inaccuracies will be rectified or erased promptly upon discovery.

  5. Data Retention: Personal data is retained only for as long as necessary for the purposes for which it was collected. Once the purpose has been fulfilled, data will be securely deleted or anonymised.

  6. Security Measures: We implement appropriate technical and organisational measures to ensure the security of personal data, protecting it against unauthorised or unlawful processing, accidental loss, destruction, or damage.

  7. Compliance with GDPR Procedures: We adhere to the relevant GDPR procedures for the international transfer of personal data, ensuring that all transfers are conducted lawfully and with appropriate safeguards in place.

These principles form the cornerstone of our approach to data protection, guiding our actions to safeguard the rights and privacy of individuals. We are committed to upholding these principles in all aspects of our data processing activities.

 

D) TYPES OF DATA HELD

At our establishment, we gather personal information through various channels, including when you make a booking, request our services, or interact with us online. This encompasses hotel visits, website or app usage, and communication with our team. Additionally, we may receive personal data from external sources, which includes:

  1. Personal Identifiers: This category includes details such as your title, name, marital status, postal and email addresses, postcode, IP addresses, and contact telephone numbers. For group bookings, we may also collect the names of individuals and the ages of children to ensure we meet your requirements and address any room restrictions.

  2. Business-to-Business Information: For corporate clients and business leads, we may gather job titles, business addresses, and business email addresses.

  3. Transaction Information: This encompasses payment details, reservation specifics, and booking information.

  4. Customer Special Requests and Feedback: Feedback, including complaints, provided via call centres, emails, or online forms, are also stored to ensure we address any concerns promptly and enhance our services.

In addition to information collected directly from you, we may also receive personal data from third parties, including but not limited to:

  1. Travel agents, booking agents, and tour operators.
  2. Corporate entities and public information sources such as Companies House.
  3. Comparison and review platforms.
  4. Social media networks.
  5. Market research agencies.
  6. Marketing service providers and advertising technology firms.
  7. Government bodies and law enforcement agencies.
  8. Other licensed entities as per our operational requirements.

We handle all personal data received in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), to ensure the security and confidentiality of your information.

 

E) YOUR RIGHTS

You have the following rights concerning the personal data we hold on you:

  • Right to Information: You have the right to be informed about the data we hold on you and how we use it.
  • Right of Access: You have the right to access the data we hold on you. Further details on this can be found in the "Access to Data" section below and in our separate Subject Access Requests policy.
  • Right to Rectification: If you discover any inaccuracies in the data we hold on you, you have the right to have it corrected (also known as 'rectification').
  • Right to Erasure: In certain circumstances, you have the right to have your data deleted (also known as 'erasure').
  • Right to Restrict Processing: You have the right to restrict the processing of your data.
  • Right to Data Portability: You have the right to transfer the data we hold on you to another party (also known as 'portability').
  • Right to Object: You have the right to object to the inclusion of any information.
  • Right to Regulate Automated Decision-Making: You have the right to regulate any automated decision-making and profiling of personal data.

 

F) RESPONSIBILITIES

At our organisation, safeguarding the personal data of individuals is paramount. To ensure this, all employees who handle data as part of their role are fully briefed on our stringent data protection policies. By equipping our team with the necessary knowledge and understanding, we uphold our commitment to compliance with data protection laws, including GDPR, and foster a culture of responsibility towards data handling within our organisation.

 

G) LAWFUL BASES OF PROCESSING

We recognise that data processing must only occur when a lawful basis exists, and we have identified the appropriate basis for each processing activity.

In instances where no other lawful basis is applicable, we may rely on obtaining consent from the individuals involved to process their data. However, we are fully aware of the stringent requirements associated with obtaining and using consent.

We understand that consent must be given freely, with clear and specific information provided to individuals about how their data will be processed. When seeking consent, we will do so on a personalised basis, ensuring that individuals are fully informed and understand the implications of providing consent.

 

H) ACCESS TO DATA

At our organisation, we recognise your right to access the personal data we hold about you. To exercise this right, individuals should submit a Subject Access Request. We are committed to promptly responding to such requests, typically within one month. However, in certain circumstances, we may require additional time as permitted by legislation, and we will keep you informed throughout the process.

We do not levy any charges for fulfilling access requests, except in cases where requests are manifestly unfounded, excessive, or repetitive. Additionally, charges may apply if duplicate copies are requested for parties other than the individual making the request. Any such charges will be reasonable and clearly communicated beforehand.

For further guidance on submitting a subject access request, please refer to our dedicated Subject Access Request policy. We are here to assist you every step of the way in accessing your personal data in a transparent and efficient manner.

 

I) DATA DISCLOSURES

In certain circumstances, the Company may need to disclose specific data or information to third parties. Such disclosures may arise to assist law enforcement or relevant authorities in preventing or detecting crime, prosecuting offenders, or assessing and collecting debts, taxes, or duties. These disclosures will be made only when strictly necessary for the intended purpose, ensuring compliance with legal obligations and upholding the highest standards of data protection.

 

J) DATA SECURITY

At our organisation, safeguarding personal information is of paramount importance. To ensure the security and confidentiality of data, we have implemented stringent measures:

  • Physical Security: All hard copy personal information is stored in locked filing cabinets, drawers, or safes, accessible only to authorised personnel.

  • Employee Awareness: Our employees are well-versed in their roles and responsibilities regarding data processing. They undergo regular training to ensure they understand the importance of data security and their obligations in maintaining confidentiality.

  • Confidential Information Handling: Employees are instructed to handle files and written information of a confidential nature with utmost care. Such information is stored securely, ensuring access is restricted to individuals with legitimate need.

  • Device Security: We enforce the use of screen locks on all PCs, laptops, and other devices to prevent unauthorized access when unattended. No confidential files or information are left exposed where they could be accessed by unauthorised individuals.

  • Data Encryption: For computerised data, we utilise encryption techniques to protect data stored on local hard drives and network drives. This ensures that even if accessed, the data remains unreadable without proper authorization.

  • Backup Procedures: Regular backups of computerised data are performed to prevent data loss. Any removable storage media containing backed-up data is securely stored in locked cabinets, drawers, or safes to prevent unauthorised access.

By implementing these comprehensive security measures, we strive to maintain the integrity and confidentiality of personal data in accordance with GDPR and other relevant regulations.

 

K) THIRD PARTY DATA PROCESSING

When we enlist third parties to handle data on our behalf, we undertake to establish a data processing agreement with them to ensure they uphold our commitment to data protection. This agreement mandates that third parties implement appropriate measures to safeguard data in accordance with our standards and legal obligations under GDPR and European data protection laws. We believe in transparency and accountability in all data processing activities, and we take proactive steps to safeguard the privacy and security of personal information entrusted to us.

 

L) INTERNATIONAL DATA TRANSFERS

At this time, we confirm that no transfer of personal data to recipients outside of the European Economic Area (EEA) occurs. We adhere strictly to the regulations outlined by the General Data Protection Regulation (GDPR) and other relevant European laws to ensure the protection and privacy of your personal information. Should there be any future necessity for such transfers, we will ensure compliance with applicable laws and regulations, including implementing appropriate safeguards and obtaining necessary permissions or approvals. Your trust and confidence in our commitment to data protection are paramount, and we remain dedicated to upholding the highest standards of privacy and security.

 

M) TRAINING

At our organisation, we take data protection seriously and ensure that all employees receive comprehensive training to uphold confidentiality and data security standards.

Our training programme covers fundamental aspects of confidentiality and data protection, empowering employees to recognise and respond effectively to potential data breaches.

Employees who require access to our computer systems undergo specialised training to safeguard individuals' private data and maintain robust data security measures. This includes understanding the implications of lapses or breaches and adhering to our company policies and procedures.

We believe that well-informed employees are essential in maintaining the integrity of our data protection practices, and we remain committed to providing ongoing training and support in this crucial area.