The privacy and security of your information is very important to us. This privacy notice describes how we use your personal data. Whether you are visiting our website for browsing only, using our app, booking a room, we want to keep you informed about how we use the information and of your choices. This Privacy and Cookie Centre contains details of the information collected and used by Grosvenor House Hotel, Clacton- On-Sea and IQTECH Ltd. This Privacy and Cookie Centre only applies to information collected by Grosvenor House Hotel, Clacton-On-Sea and IQTECH Ltd unless where specifically noted. The data controller for any information collected on this website is Grosvenor House Hotel, Clacton-On-Sea. The address of the controller is 23 Carnarvon Road, Clacton-On-Sea, Essex CO15 6PH.
Your rights
Where you exercise any of your rights, we will process your personal data to comply with your request in accordance withour legal obligations.
You have the right to lodge a complaint with any data protection supervisory authority, in particular, the one of the countryin which you are resident, work or in which your complaint arises. For the contact details of the Information Commissionerin the UK see www.ico.org.uk, for Information Commissioner in the Isle of Man see www.inforights.im and for the Office ofInformation Commissioner in Jersey see https://oicjersey.org.see https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. Details of all EU supervisoryauthorities can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080We may provide additional information during the booking and check-in process and at other points at which we collectyour personal data.If you wish to exercise your rights, please visit our Contact Us page where you will be directed to a feedback form. Thenplease use “Privacy” as the “Reason for contact”.If you require further details of our Privacy Notice, please read more below.
Personal information we collect:
We collect personal information when you book with us or request or use our services. Thisincludes hotel and bar/restaurant visits, using our websites or apps, or corresponding with us.
We may also receive personal data about you from another source. This includes • PersonalIdentifiers – title, name, marital status, postal and email addresses, postcode, IP addresses, and contact telephone numbers. We may also collect the names of those who are part of a group booking where necessary, and the age of children to meet your needs (e.g. to provide a cot)and enable us to confirm any restrictions that may apply to a room booking.
Business-to-Business Information – for corporate customers and corporate business leads andcontacts: job title, business address and business email address.
Transaction Information – payment, reservation, and booking details, including meals, beverages & car parking.
Facebook Page Insights Data – In relation to our Facebook Pages, we may receive InsightsData from Facebook, i.e. aggregated data that can help us to understand how visitors are engaging with our Page, which may be based on personal data collected during your visit to our Page or its contents. In relation to the processing of this personal data only, we are joint controllers with Facebook Ireland Limited. Facebook Ireland Ltd has agreed to take primary responsibility under the GDPR for the processing of Insights Data and to comply with all applicable obligations under the GDPR with respect to the processing of Insights Data, so all requests and queries should be addressed to Facebook Ireland Limited.
Customer special requests and feedback including complaints – via phone calls, emails, and online free text fields. Third parties, including where we are joint controllers, that we receive personal data from may include:
• Travel agents, booking agents, other agents, tour operators and schools;
• Corporate customers and public information sources such as Companies House;
• Comparison and review websites;
• Social networks;
• Market researchers;
• Marketing service providers and advertising technology providers;• Government and law enforcement agencies;
• Other licensees in accordance with licensing requirements;
• Other hotel providers and other organisations as part of their contingency plans;
How do we use your information, and what is the legal basis for this use?
• To fulfil a contract, or take steps linked to a contract. This is relevant when you want tomake a reservation with us; or receive other products and services from us such as meals andincludes:
o making, amending or administering your room booking and meal orders;
o providing products and services requested by you;
o verifying your identity;o processing payments;o communicating with you;
o providing customer services, including managing complaints; and
o alerting you by text, email, or phone in the event of an unplanned incident, as a result of which we have to make alternative arrangements under our contract (or where we believe it is in your vital interests). If the information we request is not provided, we may not be able to enter into or comply with a contract or our legal obligations.
• In our legitimate interests regarding the conduct of our business, in particular: Ensuringcustomer satisfaction, maintaining goodwill and dispute resolution
o we provide technical support and investigate and process any complaints about our websiteor our products or services, and to maintain appropriate records for internal administrativepurposes. We reserve the right to request evidence to support any claims or complaints. 5 Toprotect our business and prevent fraud
o monitor, test and control the performance and security of our systems, networks, processesand premises to prevent and detect fraud and protect our business;
o if you provide a credit or debit card as payment, we use third parties to check the validity ofyour bank account or card details in order to prevent fraud. For business performance andimprovement
o to monitor and record CCTV, call centre communications, including incoming andoutgoing calls and emails for staff training, quality improvement purposes and establishingfacts; and
o to analyze transactions to enable us to improve our services and products and plan for our business. Safety & Security of our Guests and Employees
o to protect premises and for security purposes including information recorded from CCTV;
o to monitor food safety and hygiene;
o to obtain statements from witnesses to accidents and other incidents;and
o for the detection and prevention of crime.
Developing and Marketing Products and Services
o for raising brand awareness;
o to understand you better as a customer by analysing your transactions and other informationyou provide to us or which we learn through your interactions with us;
o for marketing (including creating profiles), competitions and promotions by post, email,text and push notification where permitted to do so by law (for an alternative lawful basis, seeconsent below);
o we may use your data to provide personalised promotional offers to you;
o we may also use your data to provide you with personalized promotional offers on selected partner websites (for example, you might see an advertisement for our products on a partnersite such as Facebook, Twitter, Booking.com, Expedia.com, Hotels.com and Google);
o we also share some of your information with marketing service and ad technology providers and digital marketing networks, such as Facebook, Google to present advertisements that might interest you. For example, we may transfer information about you to such providers so that they may recognize your devices and deliver interest-based content and advertisements to you. The information may include your name, email, device ID, or another identifier in encrypted form. The providers may process the information in hashed form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which weparticipate; and may place or recognize their own unique cookie on your browser. Thesecookies may contain demographic or other data in de-identified form;
o for monitoring the use of our websites, apps and Facebook Pages in order to improve theirperformance, understand how people are engaging with them and optimise our media spend;
o we use personal data of some individuals to invite them to provide feedback or take part inmarket research; and
o for developing corporate business and applying rates.
Legal and Regulatory purposes:
o in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with claims, legal process or litigation);
o to comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents;
o to prevent, investigate and/or report suspected fraud, terrorism, security incidents or other crime, in accordance with applicable law; and
o to anonymize personal data when we no longer need to process it. Where we have relied on legitimate interests as the lawful basis for processing, we have carried out a balancing test. For details of these email [email protected].
Where you give us consent:
o we will send you emails, texts and push notifications (including newsletters) in relation toproducts and services provided by us (for an alternative lawful basis see “legitimate interests”above), or by our named affiliates and carefully selected partners;
o when you use our websites or apps, we place cookies and use similar technologies on yourcomputer, mobile or other device and we use such technologies such as pixel tags and webbeacons in marketing emails and communications (also see our Cookie Notice);
o we may use credit checks if you apply for a Business Account;o to participate in competitions we run and, if you win, to use your information forpromotional purposes;
o we will process health information, such as dietary, accessibility, and allergy informationyou or a party on your behalf provides to us (we may also be able to do this where it is inyour vital interests);
o when you donate to a charity, we will process your payment for this purpose; and o onother occasions where we ask you for consent, we will use the personal data for the purposewhich we explain at that time. You have the right to withdraw consent at any time.
For purposes which are required by law:
o to record the identity and nationality of overseas guests (excluding the Republic of Ireland and Commonwealth citizens) on check-in. These guests will be asked to complete a registration form and provide their identity card/passport details, to comply with the immigration (Hotel Records) Order 1972, as amended. Acceptable forms of identification are:
• an International passport,
• driving licence,
• ID card or police warrant card.
o UK;
o in response to requests by government, law enforcement authorities, or intelligence servicesand court orders;
o if required to comply with health and safety legislation to which we are subject;
o we may be required to share information with other licensees in accordance with locallicensing requirements; ando responding to a rights request under data protection legislation.
• To protect your vital interests or those of another person:
o disclosing your personal data to the emergency services where we believe it is necessary toprotect your vital interests or the vital interest of another person; and
o where you (or a person acting on your behalf) provide us with dietary or other personal health data such as allergies. Other recipients that we disclose, transfer, or share your personal data with IQTECH Ltd, parent company of Grosvenor House Hotel. For example, we use third parties to:
o administer bookings;
o provide Wi-Fi;
o undertake customer feedback surveys;
o provide analytics;
o send promotional offers;
o provide personalised advertisements;
o process payments to enable you to pay by credit or debit card;
o in rare circumstances provide credit checks and fraud checks; and
o provide CCTV systems and maintenance. Other parties Personal data may be shared with regulators, government authorities, and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes.
We disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical advisers, to manage your bookings, arrange payments, and provide services. With your consent, we will also disclose your personal data to Ombudsman services and Citizens’ Advice. In the event that the business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business. International transfers Sometimes we may need to send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein, and Norway) (‘EEA’). For example, to follow your instructions, comply with a legal duty or to work with or receive services from our service providers who we use to help run your accounts and our services. If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards: • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU. • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU. • Transfer it to organizations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between EU countries and the US. It makes sure those standards are similar to what is used within the EEA. • Binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries that do not provide an adequate level of protection. We rely on contractual measures for a small number of our suppliers who have or use offices outside the EEA and who have restricted access to some data to provide us with IT services including development, testing, support, and maintenance. For further details on the mechanisms used please contact [email protected]. Business Account If you apply for a business account a separate Privacy Notice will also apply. Like many businesses, we use business rules on financial and other information in order to detect and prevent fraud. When used, these may identify risk and, as a result, a particular transaction may not be processed.
10 What rights do I have?
Withdrawing consent or otherwise objecting to direct marketing. Wherever we rely on your consent, you will always be able to withdraw that consent. We will continue to process your personal data for other purposes on a different lawful basis (other than consent) where that applies. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, and any profiling we carry out for direct marketing, at any time. You can do this by clicking on the ‘unsubscribe’ link located in the footer of every marketing email or text. Where you have a relationship with another organization, such as a social media platform like Facebook, we may ask them to send marketing to you. If you object to receiving marketing from us we will stop marketing to you. However, please contact the organization directly if you want to object or withdraw your consent to such organization marketing to you.
Other qualified rights
• You have the right to know whether or not we process information about you and to access that information.
• You have the right to update, correct and complete any information we hold about you which is inaccurate or incomplete.
• You have the right to obtain the personal data you provide to us for a contract or with your consent in a commonly used, structured, and machine-readable format, and to ask us to share(port) this personal data to another controller.
• You have the right to ask that we erase or restrict (stop active) processing of your personaldata.
• In addition, you can object to the processing where the lawful basis is our legitimate interests. These rights may be limited, for example, if fulfilling your request would reveal personal data about another person or you ask us to erase information which we are required by law to keep. Where you object to our processing personal information we may have a compelling justification for processing it. Relevant exemptions are also included within the data protection laws that apply in the UK. We will inform you of the relevant exemptions we rely upon when responding to any request you make. To exercise any of these rights, you can get in touch with us using the details set out below. If you have concerns, you have the right to complain to the data protection supervisory authority of the EU Member State in which you are resident, work, or in which your complaint arises. In the UK, the supervisory authority is the Information Commissioner. Details of all EU supervisory authorities can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
How long will you retain my personal data?
We keep your data to enable us to fulfill our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes. The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period. For example, we retain:
• CCTV recording for up to 31 days;
• for up to 1 year incoming and outgoing voice recordings (although we will keep a record of any consent you give us during a call for as long as we rely on it as the lawful basis for processing);
• for up to 25 months from your last stay, any personal data we process for managing your hotel or restaurant bookings;
• for up to 36 months after it is resolved, any personal data we process in relation to queries, complaints or feedback (other than market research surveys) relating to your hotel or restaurant booking;
• until a period of 3 years has elapsed since your last interaction with us,
personal data we process for marketing (including profiling) purposes unless you ask us to stop sending electronic direct marketing, in which case we will act on your request, and then keep a record of your request indefinitely;
• for 3 years in the case of accident report forms (or for accidents relating to a child, for 3years after the child’s 18th birthday);
• for up to 6 years from your last stay or access to your account, any personal data in an account you have set up with us,
• for up to 6 years, financial and transactional data for the purposes of insights and analytics; and
• for up to 7 years, financial information for accounting, business reporting, analysis, and audit purposes. In any of the cases mentioned above, we may retain the personal data for longer, if it is required for the purposes of any internal or external investigation or litigation. In these cases, it may be retained until the matter is resolved. We may keep your data for longer in line with any limitation periods, or if we cannot delete it, e.g. for tax, legal or regulatory reasons. You have the qualified right to request the deletion of your personal data at any time, or we may choose or be obliged to erase your personal data earlier, for example, if we no longer need to process it. Cookies and other similar technologies we use Information about the first and third parties cookies and other technologies we use are available in our Cookie Notice.
Queries and exercise of rights If you have any queries or want to exercise any of your rights, please see the “Contact Us” page on our website and choose “Give us your feedback” to be directed to an inquiry form. Then please select ‘Privacy’ from the ‘Reason for contact. General data protection queries If you have any queries about the way we process your personal data, you can get in touch at [email protected].
This Privacy Notice was last updated on 25th August 2020. Any changes to this privacy notice will be communicated on our website.