This notice describes how Grasmere House Hotel processes your personal data, as a controller. Our address is Grasmere House Hotel, 70 Harnham Road, Salisbury, Wiltshire, UK. SP2 8JN. We may update this policy from time to time, please check back occasionally to check that you’re happy with any changes. By using our website, you are agreeing to be bound by these terms.
You have the right to object to some of the processing which we carry out. More information about your rights and how to exercise these is set out in the section headed “Your rights” below.
This notice applies to:
And anyone contacting, visiting or using our:
Health and Beauty Club
Hotel, and Restaurant.
SUMMARY OF THE PURPOSES FOR PROCESSING YOUR PERSONAL DATA AND THE LEGAL BASIS FOR DOING SO:
We process personal data to make, amend and administer room bookings, provide hotel services, process and store payment details and provide other products and services (such as meals and car parking). We also deal with enquires, gather customer feedback, undertake market research and direct marketing, in our legitimate interests to promote our business and improve our service and delivery.
When you post on social media about our business, we may use your contact details to respond to any complaints or comments, on the legal basis of our legitimate interests.
In our legitimate interests, we also seek to prevent and detect crime as well as protect our business and premises.
When you apply for employment with us, in order to administer the recruitment and selection process and enter into an employment contract.
In order to fulfil the above purposes:we disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical service providers and advisers, to manage your bookings, arrange payments, and provide services.
we may transfer your personal data outside the European Economic Area (EEA) and, where we do this, we will use safeguards to protect your data.
We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
Any consent(s) you give us may be withdrawn at any time.
You have an absolute right to object to direct marketing at any time.
You also have the qualified right to request access, rectify, and erase your personal data for any purpose where we rely on our legitimate interests as the legal basis;
Where you exercise any of your rights, we will process your personal data to comply with your request in accordance with our legal obligations.
You have the right to lodge a complaint with a data protection supervisory authority of the EU Member State in which you are resident, work or in which your complaint arises. In the UK, the supervisory authority is the Information Commissioner.
If you wish to exercise your rights, please email firstname.lastname@example.org.
PERSONAL INFORMATION WE COLLECT.
We collect personal information when you book with us or request or use our services. This includes hotel and restaurant visits, using our website, or corresponding with us. We may also receive personal data about you from another source. This includes:
Personal Identifiers – title, name, marital status, postal and email addresses, postcode, car registration number IP addresses and contact telephone numbers. We may also collect the names of those who are part of a group booking where necessary, and the age of children to meet your needs (e.g. to provide a cot) and enable us to confirm any restrictions that may apply to a room booking;
Business-to-Business Information – for corporate customers and corporate business leads and contacts: job title, business address and business email address;
Transaction Information – payment, reservation and booking details, including meals, beverages, and beauty treatments.
Customer special requests and feedback including complaints – via emails, third parties and via telephone.
Third parties that we receive personal data from may include:
Travel agents, booking agents, other agents, tour operators;
Corporate customers and public information sources such as Companies House;
Comparison and review websites;
Government and law enforcement agencies;
Other licensees in accordance with licensing requirements;
Other hotel providers and other organisations as part of their contingency plans.
HOW DO WE USE YOUR INFORMATION, AND WHAT IS THE LEGAL BASIS FOR THIS USE?
To fulfil a contract, or take steps linked to a contract. This is relevant when you want to make a reservation with us; or receive other products and services from us such as meals and includes:
making, amending or administering your room booking and meal orders;
providing products and services requested by you (such as beauty treatments);
verifying your identity;
communicating with you;
providing customer services, including managing complaints; and
alerting you by email or phone in the event of an unplanned alteration to your booking, as a result of which we have to make alternative arrangements under our contract (or where we believe it is in your vital interests).
If the information we request is not provided, we may not be able to enter into or comply with a contract or our legal obligations.
We also process your data if it is in our legitimate interests regarding the conduct of our business, in particular:
ENSURING CUSTOMER SATISFACTION, MAINTAINING GOODWILL AND DISPUTE RESOLUTION
we provide technical support and investigate and process any complaints about our website or our products or services, and to maintain appropriate records for internal administrative purposes. We reserve the right to request evidence to support any claims or complaints.
TO PROTECT OUR BUSINESS AND PREVENT FRAUD
monitor, test and control the performance and security of our systems, networks, processes and premises to prevent and detect fraud and protect our business; and
if you provide a credit or debit card as payment, we use third parties to check the validity of your bank account or card details in order to prevent fraud.
SAFETY & SECURITY OF OUR GUESTS AND EMPLOYEES
to protect premises and for security purposes including information recorded from CCTV;
to monitor food safety and hygiene;
to obtain statements from witnesses to accidents and other incidents; and
for the detection and prevention of crime.
DEVELOPING AND MARKETING PRODUCTS AND SERVICES
for raising brand awareness;
for marketing, competitions and promotions by post, email and social media where permitted to do so by law;
we may use your data to provide personalised promotional offers to you;
for monitoring the use of our website in order to improve performance and monitor the success of our marketing;
for developing corporate business and applying rates.
responding to a rights request under data protection legislation.
LEGAL AND REGULATORY PURPOSES
in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with claims, legal process or litigation);
to comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents;
to prevent, investigate and/or report suspected fraud, terrorism, security incidents or other crime, in accordance with applicable law; and
to anonymise personal data when we no longer need to process it.
IF YOU GIVE US CONSENT
we will send you emails (including newsletters) in relation to products and services provided by us;
when you use our website, we place cookies and use similar technologies on your computer, mobile or other device.
we may use credit checks if you apply for a Business Account;
to participate in competitions we run and, if you win, to use your information for promotional purposes;
we will process health information, such as dietary, accessibility, and allergy information you or a party on your behalf provides to us (we may also be able to do this where it is in your vital interests); and
on other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
You have the right to withdraw consent at any time.
FOR PURPOSES WHICH ARE REQUIRED BY LAW:
to record details of guests not resident in the UK;
in response to requests by government, law enforcement authorities, or intelligence services and court orders;
if required to comply with health and safety legislation to which we are subject;
we may be required to share information with other licensees in accordance with local licensing requirements; and
responding to a rights request under data protection legislation.
TO PROTECT YOUR VITAL INTERESTS OR THOSE OF ANOTHER PERSON:
disclosing your personal data to the emergency services where we believe it is necessary to protect your vital interests or the vital interest of another person; and
where you (or a person acting on your behalf) provide us with dietary or other personal health data such as allergies.
For some activities Grasmere House Hotel uses third party service providers. Your personal data will be disclosed to such organisations where this is necessary to provide a service to you, or where it is in our legitimate interests. For example, we use third parties to:
send promotional offers;
process payments to enable you to pay by credit or debit card;
provide credit checks and fraud checks; and
provide CCTV systems and maintenance.
Personal data may be shared with regulators, government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes.
We disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical advisers, to manage your bookings, arrange payments, and provide services.
With your consent, we will also disclose your personal data to Ombudsman services and Citizens’ Advice if required.
WHAT RIGHTS DO I HAVE?
WITHDRAWING CONSENT OR OTHERWISE OBJECTING TO DIRECT MARKETING
Wherever we rely on your consent, you will always be able to withdraw that consent. We will continue to process your personal data for other purposes on a different lawful basis (other than consent) where that applies.
In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, at any time. You can do this by clicking on the ‘unsubscribe’ link located in the footer of every marketing email.
Where you have a relationship with another organisation, such as a social media platform like Facebook, we may ask them to send marketing to you. If you object to receiving marketing from us we will stop marketing to you. However, please contact the organisation directly if you want to withdraw your consent to such organisation marketing to you.
OTHER QUALIFIED RIGHTS
You have the right to know whether or not we process information about you and to access that information.
You have the right to update, correct and complete any information we hold about you which is inaccurate or incomplete.
You have the right to ask that we erase or restrict (stop active) processing of your personal data.
In addition, you can object to the processing where the lawful basis is our legitimate interests.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person or you ask us to erase information which we are required by law to keep. Where you object to us processing personal information, we may have a compelling justification for processing it. Relevant exemptions are also included within the data protection laws that apply in the UK. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, you can get in touch with us using the details set out below. If you have concerns, you have the right to complain to the data protection supervisory authority of the EU Member State in which you are resident, work or in which your complaint arises. In the UK, the supervisory authority is the Information Commissioner, their website can be accessed here https://ico.org.uk/
HOW LONG WILL YOU RETAIN MY PERSONAL DATA?
We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period. For example, we retain:
CCTV recording for up to 54 days;
Personal data which we process for marketing purposes will be used until you ask us to stop sending electronic direct marketing, in which case we will act on your request, and then keep a record of your request indefinitely.
accident report forms for 3 years (or for accidents relating to a child, for 3 years after the child’s 18th birthday); and
financial information for a period of 6+1 years, for accounting, business reporting, analysis and audit purposes.
In any of the cases mentioned above, we may retain the personal data for longer, if it is required for the purposes of any internal or external investigation or litigation. In these cases, it may be retained until the matter is resolved. We may keep your data for longer in line with any limitation periods, or if we cannot delete it, e.g. for tax, legal or regulatory reasons.
You have the qualified right to request deletion of your personal data at any time, or we may choose or be obliged to erase your personal data earlier, for example, if we no longer need to process it.
If you have any queries or want to exercise any of your rights please contact us via email at email@example.com.
This Privacy Notice was last updated on 20th May 2018. Any changes to this Privacy Notice will be communicated on our website.