DATA PROTECTION POLICY
For the purpose of applicable data protection legislation, the data controller of your personal data is:
“The Hotel”: CWH (LA) Ltd, The Old Workshop, 12b Kennerleys Lane, Wilmslow, SK9 5EQ
“The Operator”: Countrywide Hotels Ltd, Kelmscott, Hattingley Road, Medstead, Alton, GU34 5NQ
This Privacy Statement applies to the processing by The Hotel or The Operator as relevant of your (our guests) personal data. We (i.e. The Hotel and The Operator), both take your privacy very seriously and treat all your personal data with great care, acting in accordance with the applicable data protection legislation at all times.
When you visit this website (or subdomains) (the “Website”), make a reservation, contact us, purchase products from us or visit one of our properties, we collect information from and about you. Some of the information we collect may be classed as personal data under data protection legislation, that is, “any information relating to an identified or identifiable natural person”. It may be collected any time you submit it to us, whatever the reason may be.
This Privacy Statement describes which personal data is collected and for which purposes this personal data is processed by The Hotel and The Operator. It also states which rights you have under applicable data protection legislation.
The Hotel and The Operator collect information about you in the following ways.
Information you give to us. This includes personal data collected:
o Through our Website when you register, login, commence or complete an online transaction to use our products and services.
o When you contact our reservations team to make a booking or use the facilities at any of our properties. Facilities include, but are not limited to, meeting rooms, Spa, bar and/or restaurant, function rooms, and guest Wi-Fi.
o When you have provided your consent, in order to:
o sign up to any of our loyalty programmes,
o subscribe to any of our marketing communications, complete customer surveys, enter competitions or provide feedback.
o When we do business with you, which will usually include:
o Full or partial contact details including names and addresses (including business details if you are making a corporate booking), telephone and email details.
o If you have special requirements, then it may also be necessary to collect details about diet or disability or any other preferences that you may have.
o Car parking arrangements at our properties may also make it necessary for us to collect your car registration number for your visit to us.
o We collect payment card information from you should you choose to use this form of payment for purchasing or guaranteeing use of our products and services.
o We may also collect your birthdate and other significant dates for making special offers to you around your birthday and other anniversaries.
o From our overseas guests we may also collect passport details.
Information Automatically Collected. This includes information and personal data collected:
o Through CCTV at our properties. We operate CCTV systems at our properties. These are in operation and video recordings may be made. This activity is carried out for security and service reasons for the better management of our properties and security for all clients and staff.
Your personal data will be stored in (i) centralized systems which are under the control of The Hotel and The Operator, and are accessible by authorized staff of The Hotel and The Operator as relevant, and the respective suppliers of each, and (ii) some local systems controlled solely by The Hotel.
We use the information we collect about you to process your bookings, answer your queries, process your gift card purchases, provide our hotel and restaurant facilities and services, enable you to manage your website user account and provide loyalty programmes. With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about other related products and services we, or our group business, provide which we think may be of interest to you. Our marketing communications are generally sent by email but we may sometimes use other methods of delivery such as by post or SMS.
We mainly collect, store and process personal data at two different stages: (i) before you decide to visit The Hotel and (ii) when you visit, or have visited, The Hotel.
When you visit our Website (www.themanorelstree.co.uk), we collect information about your use of the Website. This includes both information we collect directly from you, and information we collect about your behaviour. This information may constitute ‘personal data’ under applicable law. We use this information to provide you with (personal) offers, both on our Website and via advertisements on other websites you visit.
Generally. We may use other companies to serve third-party advertisements when you visit and use the Website. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Website and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies’ use of their tracking technologies is subject to their own privacy policies.
Targeted Advertising. We use Website information to provide you with (personal) offers, both on our Website and via advertisements on other websites you visit. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Website, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.
When you make a reservation, you will have to provide us with your name, email address, phone number, the dates you are staying with us and a credit card token or other payment information as applicable. We use this personal data to process the reservation, for billing purposes, and to allow us to communicate with you about your reservation. When you stay in one of our properties, we will collect personal data about your preferences, use of our services, and location.
Overview of activities under stage (i) and (ii):
We may at each of the stages outlined above use your personal data but only when and to the extent the law allows us to. Most commonly, we will use your personal data in the following circumstances:
o Where we need to perform the contract we are about to enter into or have entered into with you.
o Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
o Where we need to comply with a legal or regulatory obligation. Where you have provided your consent.
For your convenience, we have made an overview of activities that involve the processing of your personal data:
completed and after you have stayed in one of our properties to the extent required by law, and if you have signed up a loyalty programme, to be able to contact you and welcome you again in the future.
organizational reasons, it is necessary that your personal data is transferred to servers located in the US, or to servers located in countries outside of the European Economic Area (‘EEA’).
We are committed to collecting and using your personal data in accordance with applicable data protection laws.
We will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do this.
This may be because:
If you would like to find out more about the legal basis for which we process personal data please contact either The Hotel or The Operator, using the details set out in Section 10 below. If you have provided your consent to our processing of your personal data you can also withdraw this consent at any time by contacting us.
We may share your personal data as follows:
In some instances it is necessary to transfer your personal data overseas. Any transfers will be made in full compliance with all aspects of the applicable regulations.
Both The Hotel and The Operator use cloud based services for many business services. Therefore, for technical and organizational reasons, it is necessary that your personal data is transferred to servers located in the US, or to servers located in countries outside of the EEA. When we transfer the data to a country outside of the EEA that does not offer an adequate level of data protection, we will ensure compliance with applicable law by way of EU Model Clauses, EU-US Privacy Shield-certification, or other legally accepted safeguards, as applicable. Any requests for information we receive from law
enforcement or regulators will be carefully validated before personal data is disclosed. You have the right to find out more about the safeguards used where your personal data is transferred outside of the EEA. If you would like further information please contact either The Hotel or The Operator as relevant, using the details given in section 10 below.
The GDPR provides the following rights for individuals:
Right to revoke consent
If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward.
Right of access to your information
If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by contacting either The Hotel or The Operator as relevant, using the details given in section 10 below. We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.
Right to rectification and erasure of data, and restriction of processing
If you believe that our processing of your personal data is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with Article 20 of the General Data Protection Regulation.
Right to object
You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data which is based on our legitimate interests. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes or to profiling. You can do this by either (i) opting out by using the option we provide in the relevant direct marketing message (e.g. an email newsletter), or (ii) by contacting either The Hotel or The Operator as relevant, using the details given in section 10 below.
For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing, i.e. service messages.
General information relevant for all requests and queries
Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law.
We will use reasonable endeavours to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive, we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honour your request or answer your query, we will explain our reasons for doing so in our reply.
You can find out more and exercise any of your rights by contacting either The Hotel or The Operator as relevant, using the details given in section 10 below.
We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state-of-the-art protection measures. A strictly limited amount of people have access to your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Statement. This may be up to 4 years, unless a longer retention period is required or permitted by law (which is typically the case in the context of our obligations under tax law). In some cases we keep transactional records (which may include your personal data) for longer periods if required or permitted by law or to meet regulatory, tax or accounting needs.
Should you choose to unsubscribe from our mailing list, please note that your personal data may still be retained on our database to the extent permitted by law.
We are committed to resolve any complaints about our collection or use of your personal data. In case you have any questions in relation to this Privacy Statement or our practices in relation to your personal data, or you wish to exercise any of your right you may contact us using the details below.
By Post: The Manor Elstree, Barnet Lane, Elstree, Borehamwood, WD6 3RE.
By Email firstname.lastname@example.org
By Post: Countrywide Hotels Ltd, Kelmscott, Hattingley Road, Medstead, Alton, GU34 5NQ
By Email: email@example.com
The Hotel and The Operator will work together to ensure that any request received is dealt with by the appropriate party. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date and we will notify you if we make any material updates. We may also notify you in other ways from time to time about the processing of your personal information.