Who we are
Scope of this policy
We are committed to respecting your privacy and protecting the personal data you share with us and that we collect about you. This policy tells you about how we use the personal data we collect about you when you use our websites or visit the Hotel (or any of the restaurants or other facilities in the Hotel). It also provides more information about your privacy rights and how the law protects you. Please read this policy before browsing the Website, making a reservation with us, completing any in-venue form, booking our conference/event/private dining facilities, signing up to any of our mailing lists, signing up to the guest list of any event at the Hotel or a third party venue, completing a purchase with us and/or accessing the Wi-fi at the Hotel.
What personal data do we collect and what do we do with it?
The table below sets out the personal data we may collect from you (or from others on your behalf) when you use our Website or visit the Hotel (or make a booking or enquiry in respect of the same), how this is used by us and, where applicable, GG Hospitality, and our lawful basis for such use.
Where we (or where applicable GG Hospitality) send you marketing, you may request that we remove you from our mailing list at any time by either contacting us using the contact details set out below or by following the “opt-out/unsubscribe” option in any marketing communications sent to you.
Sharing of Personal Data
We do not sell your personal data to any third parties. We may share your personal data with our carefully selected third party service providers who help us provide our products and services to you, including:
- GG Hospitality Management Limited, our manager.
- Our payment processors in respect of our in-venue and online purchases.
- MailChimp (The Rocket Science Group LLC) who store our mailing databases and send communications on our behalf.
- Our couriers and similar delivery companies.
- Our Wi-fi provider
- Our professional partners, including our marketing agencies, online travel agencies, event facilitators and website hosts.
- Our IT and technical service providers, platforms and applications.
In certain circumstances, we may also need to share your personal data with our legal advisers, bankers, auditors and insurers and our regulators and other authorities, including HM Revenue & Customs. We may also share your data with third parties in the following circumstances:
- if we are under a legal or regulatory duty to do so;
- to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity;
- where such disclosure is necessary to protect the safety or security of any persons;
- if we sell or buy any business or assets in which case we will disclose your personal data to the prospective seller or buyer;
- if we or substantially all of our assets are bought by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and/or
- otherwise as permitted under applicable law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to use your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such information. Our websites may include links to third-party websites, plug-ins and apps. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and apps and are not responsible for their privacy statements. When you leave our websites, we encourage you to read the privacy notice of every website and app you visit.
CCTV and photography
Please note that for your safety and security, CCTV is in operation at the Hotel (both inside and at the entrance(s) to and in any outdoor areas of the Hotel). Such CCTV footage is retained for up to 30 days following initial collection. We occasionally take videos and photos in the Hotel for use on our websites, publications and social media but, unless you have specifically consented, you will never be the sole focus of these images (unless you have specifically consented to this). If you do see an image of you which we have taken which you would like us to remove from the relevant media and stop using, please contact us to let us know using the details set out below.
How long will we keep your information for?
Generally, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. Hotel reservation: where we are holding your personal data to enable us to fulfil a reservation, it will be held for 400 days following the date such reservation has been completed (i.e. the date on which you check out) unless you have chosen to join our mailing list (in which case please see below). Other bookings: where we are holding your personal data to enable us to carry out a booking for our event / conference / dining facilities, it will be held for up to six years following the date such booking has been completed (i.e. the date on which your booking takes place or ends), unless you have chosen to join our mailing list (in which case, please see below). Mailing lists: where we are holding your personal data on any of our mailing databases, we will keep this for such time as you wish to continue to be part of our mailing list (i.e. until you “opt-out”). We may, at our discretion, choose not to keep your personal data if you have not engaged with us (made an enquiry, reservation, opened an email, clicked-through from an email etc.) for a period of 3 years or more. Wi-fi access: where we are holding your personal data for the purpose of allowing you access to Wi-fi in one of our venues, we will hold this for one month following your most recent login unless you have chosen to join our mailing list (in which case please see above). Payment processing: where we are holding your personal data for payment processing reasons, such personal data will be retained for no more than 90 days. General enquiries: where we are holding your personal data to deal with an enquiry you have submitted (where you have not otherwise engaged with us in relation to our services), it will be held for such period as is necessary to ensure that your query has been dealt with fully and properly in accordance with our usual standards (this will normally be around 90 days following the date of collection).
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the following:
- The right to request access to a copy of the personal data we are holding about you.
- The right, in certain circumstances, to request that the personal data we are holding about you be updated/corrected.
- The right, in certain circumstances, to request the erasure of the personal data we hold about you.
- The right to object to our processing of your personal data on the basis of our legitimate interests (please refer to the table above).
- The right to object to processing for direct marketing.
- The right to request that we restrict our processing of your personal data in certain circumstances.
- The right to request that your personal data be transferred to you or another provider in certain circumstances.
If you wish to exercise any of the rights set out above, please contact us using the details below. You also have the right to make a complaint to your data protection regulator (in the UK, this will be the Information Commissioner’s Office (ICO)( www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us first before escalating your complaint.
If you have any questions about this policy or the personal data we collect about you, please contact us at firstname.lastname@example.org.
Changes to this Policy
We may change this policy from time to time to reflect how we are processing your personal data so you should review this policy regularly. Any updates will be published on our Website.