This privacy policy tells you how ‘THE HOTEL ’ use your personal data when you visit our
website, when we welcome you as our guest or you otherwise interact with us. In
compliant with the General Data Protection Regulation 2018 (GDPR), it also tells you
your privacy rights and how the law protects you. When we mention, “we”, “us” or “our”
in this privacy policy, we are referring to ‘THE HOTEL’
It is important that you read this privacy policy, together with any other privacy notices
we may show you from time to time, so that you are fully aware of how and why we are
using your personal data.
This website is not intended for children and we do not knowingly collect data relating to
Types of personal data we collect
Personal data, or personal information, means any information about an individual,
which can be used to identify that person. It does not include data where the identity
has been removed (anonymous data).
We collect a variety of personal information about our guests, customers and visitors to
our website.
This personal data falls into these categories:
● Identity Data includes title, gender, first name, maiden name, last name, marital
status, date of birth, username or similar identifier and an encrypted version of
your login/password. If you interact with us through social media, this may
include your social media user name.
● Contact Data includes billing address, delivery address, email address and
telephone numbers.
● Financial Data includes payment card and direct debit/bank account details.
● Transaction Data includes details about payments to and from you and other
details of products and services you have purchased from us.
● Profile Data includes your username and password, purchases or orders made by
you, your interests, preferences, feedback and survey responses, as well as any
data which we have added (for example, using analytics and profiling).
● Technical Data includes internet protocol (IP) address, your login data, browser
type and version, time zone setting and location, browser plug-in types and
versions, operating system and platform and other technology on the devices you
use to access this website.
● Usage Data includes information about how you use our website, products and
● Tracking Data includes information we or others collect about you from cookies
and similar tracking technologies, such as web beacons, pixels, and mobile
● Marketing and Communications Data includes your preferences in receiving
direct marketing from us and our third parties and your communication
We also collect, use and share Aggregated Data such as statistical or demographic data
for any purpose. Aggregated Data may be derived from your personal data but is not
considered personal data in law as this data does not directly or indirectly reveal your
identity. For example, we may aggregate your Usage Data to calculate the percentage of
users accessing a specific website feature. However, if we combine or connect
Aggregated Data with your personal data so that it can directly or indirectly identify you,
we treat the combined data as personal data which will be used in accordance with this
privacy policy.
We do not ordinarily collect any Special Categories of Personal Data about you (this
includes details about your race or ethnicity, religious or philosophical beliefs, sexual
orientation, political opinions, trade union membership, information about your health
and genetic and biometric data) nor do we collect any information about criminal
convictions and offences. The only exceptions to this are: (i) if you provide health data
to us as part of a spa booking, we will use this to perform our contract with you, and we
need your explicit consent to use your health data as part of that or (ii) you have made
the special category data obviously public.
How we collect data
We may collect or receive data in lots of different ways.
You may give us data in person when you are a guest at one of our hotels, for example
when you:
● check-in and check-out;
● make use of our accommodation, facilities and services;
● make use of our concierge services;
● attend our events;
● enter a competition, promotion or survey;
● complete a contact details card; and/or
● give us your business card.
You may give us data remotely when you interact with us via this website, by post,
phone or email, or through chat or social media, for example, when you:
● sign up to receive our newsletter or other direct marketing;
● make enquiries or request information, or correspond with us generally;
● create an account on our website;
● book accommodation, hospitality, spa treatments or services;
● engage with us on social media;
● enter a competition, promotion or survey;
● leave comments or reviews; and/or
We may get some data automatically, for example, we could collect data about your
equipment, browsing or the way you use this website. We may also collect data when
you click on one of our adverts (including the ones you see on third party websites or
social media). The systems we use for guest management may also collect data
automatically to help create a guest profile, which in turn gives us a better
understanding of how we can improve your experience with us.
We may get some data from third parties as part of the booking process for our
accommodation, hospitality, spa treatments or services at our hotels. For example, when
● use third party booking services for accommodation, restaurants, hospitality, spa
treatments or other services; and/or
● are our guests as part of a group or corporate booking.
We may receive data about you from various other types of third parties, including:
● from technology partners who help us run our website and mailing list sign-ups;
● from providers of payment and fraud prevention services;
● from analytics providers, advertising networks and search information providers;
● from data partners;
● from feedback and review partners;
● from publicly available sources;
● from social media, where privacy settings are set to public;
● from third parties to whom you have given permission to share your data with us;
● from any third parties who are permitted by law to share your personal data with
How and why we use your personal data
We use your personal information in a number of ways, including providing and
personalizing the services you request and expect from us, to offer you a high level of
hospitality, conduct direct marketing and sales promotions and as set forth below in
more detail. We will collect your consent prior to processing your data where required
by applicable law.
We are obligated to collect certain data, including your name, address, payment
information, and, in certain countries, travel document information, in order to process
your reservation. Failure to provide this information will result in our inability to process
your reservation. We may use your personal information to provide you with
information about meeting and event planning. We may use your personal information
to provide or offer you newsletters, promotions and featured specials, as well as other
marketing messages in accordance with any communications preferences you have
expressed. We use your information to provide in-stay messaging, account alerts, and
reservation confirmations and to send you marketing messages. We may provide these
communications via email, postal mail, online advertising, social media, telephone, text
message (including SMS and MMS), push notifications, in-app messaging, and other
means. We may also collect information from your payment card, which can be
appended to personal information and used by us to recognize what type of card you
have, the bank or network of the card, and present and/or send you targeted marketing
messages based on your payment method and in accordance with your communication
preferences. We may use your personal information to improve our services and to
ensure that our site, products, and services are of interest to you. We may aggregate
your personal information with data from third-party sources for purposes of keeping
information up to date and analytics. We also rely on information from third parties in
order to provide better, more personalized service. For example, if you connect your
social media services or other accounts to our services, we may use this information to
make your experiences with us more personal and social, or share and use it as
described elsewhere in this Statement.
We may process your personal data for more than one legal basis depending on how we
are using it. Whenever we process data for these purposes we will ensure that we
always keep your personal data rights in high regards and take account of these rights.
If you choose not to give us your personal data
When you make a booking with us for accommodation, hospitality, spa treatments or
other services, we may need to collect some of your personal data by law, or under the
terms of a contract we have with you. This means that if you decide not to give us your
data, we might not be able to provide the service, and may have to cancel your booking
or gift shop purchase. We will let you know if this is the case at the time, so you can
decide what you’d like to do.
Explaining the legal bases for using personal data
We will only use your personal data when the law allows us to. Most commonly, we will
use your personal data in the following circumstances:
● Where we need to perform the contract we are about to enter into or have
entered into with you. For example, when you make a booking at one of our
hotels, that’s a contract.
● Where it is necessary for our legitimate interests (or those of a third party) and
your interests and fundamental rights do not override those interests. For
example, when we carry out fraud screening as part of the check-out process or
take steps to keep our website secure.
● Where we need to comply with a legal or regulatory obligation. For example,
keeping records of our sales for tax compliance.
When we are considering legitimate interests, we make sure we think about and balance
any potential impact on you (both positive and negative) and your rights before we
process your personal data for our legitimate interests. We do not use your personal
data for activities where our interests are overridden by the impact on you (unless we
have your consent or are otherwise required or permitted to by law).
Unless it is necessary for a reason allowable in the GDPR, we will always obtain explicit
consent from a data subject to collect and process their data. Where consent is given, a
record will be kept documenting how and when consent was given. If the personal data
is not obtained directly from the data subject, then this information will be provided to
the data subject within a reasonable period after the data are obtained. Where the
personal data collected and processed is required to fulfill a contract with the data
subject, explicit consent is not required. This will often be the case where the contract
cannot be completed without the personal data in question e.g. a dining or room
reservation cannot be made without a name, email address and credit card details.
If the personal data is required to be collected and processed to comply with the law,
then explicit consent is not required.
Sharing your personal data
We may share your personal data with the third parties set out below for the purposes
set out in this privacy policy. We may also share your personal data if the law otherwise
permits or requires it.
We may share personal data with the following categories of third parties:
● suppliers and service providers (such as outsourced service providers for
administration and hotel management (e.g. booking and reservation systems,
customer relationship management systems), technology and media services
providers, payment processing and fraud prevention providers, fulfillment
partners for the gift shop)
● auditors and professional advisers like bankers, lawyers, accountants and insurers
● Government, regulators and law enforcement.
We require all third parties to respect the security of your personal data and to treat it in
accordance with the law. We do not allow our third-party service providers to use your
personal data for their own purposes and only permit them to process your personal
data for specified purposes and in accordance with our instructions.
We do not share your personal data outside Europe.
Our website uses “cookies”. Cookies are small pieces of information which are sent by a
website to your web browser and remain on your computer until they are deleted.
Cookies are sent by our website to ensure that it does not unnecessarily show you
information that you have already seen or have indicated as not being of interest to you.
Cookies therefore enable our website to offer you a more personalized service. You
agree to our use of cookies and/or any other data tracking or gathering technologies we
employ in the future.
Cookies help us to provide you with a good experience when you use our website and
also allow us to improve our website and services. We use the following categories of
● Strictly necessary cookies. These are cookies which are needed to make the
website work properly. For example, cookies enable you to log in, make a booking
or and make secure payments.
● Functionality cookies. These are used to recognize you when you return to our
website. This helps us to personalize our content for you and remember your
● Analytical/performance cookies. These allow us to recognize and count the
number of visitors and to see how visitors move around our website when they
are using it. This helps us to improve the way our website works, for example, by
ensuring that users are finding what they are looking for easily.