Customer Privacy Policy

OUR COMMITMENT TO PROTECTING YOUR PRIVACY

Almarose Hotels & Resorts are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.   We know that you care how information about you is used and shared.  Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely.  This privacy policy describes the type of personal information that we may collect about you when you visit or stay at our hotel or join our leisure and golf clubs, how we use any personal information, the circumstances in which we may share the information and the steps we take to safeguard the information to protect your privacy.

We have published this notice to help you understand

  • The personal data we collect from you
  • The purpose for collecting and using your data
  • The lawful basis we rely on to be able to process your personal data
  • Who we share your information with, why and on what basis
  • Where we store your personal data and the security measures we have in place to protect it
  • How long we will retain your personal data for
  • Your rights in relation to your personal data

“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number). Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.

This Customer Privacy Policy forms part of the terms and conditions that govern our hotel, leisure facilities (including spa and golf facilities) and event and conference services.

 WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

  1. IF YOU ARE A CUSTOMER STAYING IN OUR HOTELS

We have set out in the table below the categories of personal data we collect about you some of which may be provided to us by a third party e.g. travel agency, booking website, hotel partners etc:

Categories of Personal Data

Description of Category

Contact Details

This is the personal data that is provided by you or collected by us from a third party (e.g. Travel Agent) to enable you to use our service.  This includes your first name, last name, telephone number, address and email address.

Personal Information

This is the personal data that is provided by you to help us confirm your identity and tailor your stay and initially may include your Date of Birth, Nationality, Passport details, duration of stay, loyalty programme membership details, vehicle details and your personal preferences re type of room, bedding, newspapers, interests etc and latterly may include your room number.  On occasion, as you use the hotel facilities, e.g. a Spa, you may be asked to provide us with personal data that relates to medical conditions e.g. allergies, special needs, injuries, health conditions etc.  When we take this sensitive data from you we may ask you to give us specific consent to process that data.

Payment Information

This is the personal data that is provided by you directly or via a Booking Partner that enables us to take a payment from you for our services.  This may include payment card details

Safety and Security Information

This is the personal data that we collect to help keep you safe within the hotel environment.  This may include CCTV images and information entered into accident reports you have been involved with etc

Feedback and Complaints Information

This is the personal data that you supply to us in relation to your stay at the hotel and may include feedback forms and complaints

Service Usage Information

This is the personal data that we may derive from recording your usage of our services either from your interactions with various parts of the Hotel or from calls and correspondence you have with us in relation to your stay e.g. whether you use the gym, golf or spa services.  This can help us tailor our services to you and others.

Family/Party Data

This is the personal data that you supply us in relation to the people that you are travelling with.  For those who are under the age of 18 we will normally limit the data we collect to their name, nationality and date of birth (all of which must be provided by an adult)

We may collect the data above from you at various times and in various locations during your stay with us including:

  • When you make a reservation
  • When you check in
  • When you use the restaurant/room service
  • When you use the concierge service
  • When you use the leisure or spa facilities
  • When you are using the communal hotel areas
  • When you are providing feedback or making a complaint

We may also collect data about you when you visit our websites.  We do this by using Cookies.  For more details on what information we may collect from you when you visit our websites please see our separate Cookies Policy https://www.qhotels.co.uk/privacy-cookies/

  1. IF YOU ARE A LEISURE CLUB MEMBER OR PROSPECTIVE MEMBER

We have set out in the table below the categories of personal data we collect about you when you apply to join one of our Leisure Clubs as a member.

Categories of Personal Data

Description of Category

Contact Details

This is the personal data that is provided by you to enable you to become a member of the Leisure Club.  This includes your first name, last name, telephone number, address and email address.

Personal Information

This is the personal data that is provided by you to help us verify your membership and maximise your safe enjoyment of the facilities.  This will initially include your date of birth, a recent photograph and health related information and latterly your Leisure Club Membership number. When we ask you to provide us with personal data that relates to medical conditions e.g. allergies, special needs, injuries, health conditions etc. we will ask you to give us specific consent to process that data.

Payment Information

This is the personal data that is provided by you that enables us to take a payment from you for our services.  This may include payment card details or bank account details etc.

Safety and Security Information

This is the personal data that we collect to help keep you safe within the Leisure Club environment.  This may include CCTV images and information entered into accident reports you have been involved with etc

Feedback and Complaints Information

This is the personal data that you supply to us in relation to your use of the Leisure Club and may include feedback forms and complaints

Service Usage Information

This is the personal data that we may derive from recording your usage of our services e.g. whether you use the gym or spa services.  This can help us tailor our services to you and others.

  1. IF YOU ARE A GOLF CLUB MEMBER

We have set out in the table below the categories of personal data we collect about you when you apply to join one of our Golf Clubs as a member.

Categories of Personal Data

Description of Category

Contact Details

This is the personal data that is provided by you to enable you to become a member of the Leisure Club.  This includes your first name, last name, telephone number, address and email address.

Personal Information

This is the personal data that is provided by you to help us verify your membership and maximise your safe enjoyment of the facilities.  This will initially include your date of birth and a recent photograph and latterly your club membership number.

Payment Information

This is the personal data that is provided by you that enables us to take a payment from you for our services.  This may include payment card details or bank account details etc.

Safety and Security Information

This is the personal data that we collect to help keep you safe within the Golf Club environment.  This may include CCTV images and information entered into accident reports you have been involved with etc

Feedback and Complaints Information

This is the personal data that you supply to us in relation to your use of the Golf facilities and may include feedback forms and complaints

Service Usage Information

This is the personal data that we may derive from recording your usage of our services e.g. how frequently you play etc.  This can help us tailor our services to you and others.

  1. IF YOU ARE A CUSTOMER VISITING OUR HOTEL FOR A DRINK OR A MEAL, A DAY CONFERENCE OR AN EVENING EVENT

We have set out in the table below the categories of personal data we may collect from you when you visit our hotels and conference centres and don’t stay overnight.

Categories of Personal Data

Description of Category

Payment Information

This is the personal data that is provided by you that enables us to take a payment from you for our services if required.  This may include payment card details or bank account details etc.

Personal Information

This is the personal data that is provided by you such as your name to help us manage your time within our facilities and maybe used to generate conference guest lists and seating plans etc.

Safety and Security Information

This is the personal data that we collect to help keep you safe within the Hotel and Conference environment.  This may include CCTV images and information entered into accident reports you have been involved with etc.  If we need to collect any special category data from you in relation to the use of our services

Feedback and Complaints Information

This is the personal data that you supply to us in relation to your use of our hotel and conference facilities and may include feedback forms and complaints

Service Usage Information

This is the personal data that we may derive from recording your usage of our services. This can help us tailor our services to you and others.

 HOW WE USE YOUR INFORMATION

The table below describes the purpose for collecting your data and the categories if data collected:

Purpose

Categories of Data Collected

To make a reservation for you at the hotel and enable you to pay us for our services

·         Contact Details

·         Payment Information

·         Personal Information

To enable us to communicate with you ahead of your arrival at the hotel with relevant news and updates related to your reservation

·         Contact Details

·         Personal Information

To help you make bookings around the hotel for meals, spa, golf etc

·         Contact Details

·         Payment Information

·         Personal Information

To help ensure we can tailor our services to your requirements before and after your stay with us

·         Personal Information

·         Service Usage Information

To help ensure we can keep you and your property reasonably safe and secure whilst you stay with us

·         Safety and Security Information

·         Contact Details

·         Personal Information

To help ensure we can manage your application to be a Leisure or Golf Club member

·         Contact Details

·         Payment Information

·         Personal Information

To help ensure you can exercise your benefits and rights as a Leisure or Golf Club member

·         Contact Details

·         Payment Information

·         Personal Information

To help ensure you can feedback to us important information about your experiences as our customer so we can resolve challenges and improve our services

·         Feedback & Complaints Information

To help us provide relevant information to you about future offers from the Almarose Group

·         Contact Details

·         Personal Information

To help ensure we can update your loyalty programme information

·         Personal Information

To provide the legal and regulatory authorities with specific information they appropriately request from us within their legal authority and to help ensure we are combatting Fraud and Financial Crime

·         Contact Details

·         Payment Information

·         Personal Information

To help us recover any debt that may be owed by you to us

·         Contact Details

·         Payment Information

·         Personal Information

A NOTE ABOUT MARKETING

We want to keep our customers up to date with information about special offers, benefits and improvements to our facilities and services.

When you engage with our marketing activities, or join our leisure clubs, either electronically on-line via a website or social media or in person at the hotel, we will ask you if you want to opt-in to receive this type of promotional information.  If you consent to receive marketing, you may opt out at a later date.

If you have previously consented to us sending you marketing information and you subsequently decide you do not want to receive it you have the right to ask us not to process your personal information for marketing purposes.  You can request that we stop contacting you for marketing purposes by emailing marketing@almarosehotels.com, or via the unsubscribe link within any marketing Email or SMS which you receive.  You may continue to receive marketing information for a short period while your request is dealt with.

Almarose Hotels & Resorts will not share your information with outside companies for their marketing purposes.

We reserve the right to contact our hotel customers or leisure club members as necessary to fulfil the obligations and administration of our service.  We will also communicate as deemed appropriate by Almarose Hotels & Resorts in regards to any changes to the product, services and facilities of the hotel or leisure club which may impact on you.

 THE “LAWFUL BASIS” UPON WHICH WE RELY, WHEN PROCESSING YOUR PERSONAL DATA

The Data Protection regulations are very clear when they state, that in order to process your personal information, we need to do so on the basis of one of the 6 proscribed “lawful bases” (rationales).  The table below sets out which lawful basis we rely on to process your personal data for each purpose:

Lawful Basis for Processing

Purpose

Legitimate Interests

·         To enable us to communicate with you ahead of your arrival at the hotel with relevant news and updates related to your reservation

·         To help you make spa bookings and dinner reservations etc around the hotel

·         To help ensure we can tailor our services to your requirements before and after your stay with us

·         To help ensure we can we can keep you and your property reasonably safe and secure whilst you stay with us

·         To help ensure you can feedback to us important information about your experiences as our customer so we can resolve challenges and improve our services

·         To enable us to communicate with you about similar services that you may be interested in based on your stay with us

Contract

·         To make a reservation for you at the hotel and enable you to pay us for our services

·         To help ensure we can manage your application to be a Leisure or Golf Club member

·         To help ensure you can exercise your benefits and rights as a Leisure or Golf Club member

·         To help us recover any debts that may be owed to us by you

Consent

·         To help us provide relevant information to you about other future offers from the Almarose Group

·         To help ensure we can update your loyalty programme information

·         To help ensure we can process special category data you need us to have to help tailor our services to you e.g. health information

Legal Obligation

·         To provide the legal and regulatory authorities with specific information they appropriately request from us within their legal authority and to help ensure we are combatting Fraud and Financial Crime

 WHO WE SHARE YOUR INFORMATION WITH AND WHY

Protecting the personal data of our customers is very important to us and we do not sell this information to others.   Within Almarose Hotels & Resorts, in order to offer you the best service, we will, when appropriate or necessary share for the purposes outlined above, your personal data with third parties. Almarose Hotels & Resorts works with a number of trusted suppliers, agencies and businesses in order to provide you the high-quality services you expect from us.  Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay or leisure club membership experience.

Some examples of the categories of third parties with whom we share your data are:

 

Third Party Processor

Purpose

Booking Service Providers

Almarose Hotels & Resorts works with a number of trusted partners who take bookings for our hotels, spas, golf courses and restaurants.  This includes branded hotel partners such as Marriott, Hilton and Accor and web-based booking partners such as GolfBreaks, SpaBreaks and Bookatable

IT Providers

Almarose Hotels & Resorts work with a number of businesses who support our website and other business systems.  This includes those Partners who provide data storage facilities to us.

Marketing Services Providers

Almarose Hotels & Resorts work with marketing companies who help us manage our electronic communications with you or carry out surveys and reviews on our behalf.  If customers have opted-in to receiving information regarding our goods and services we may utilise a marketing company to send out such information. 

Payment Services Providers

Almarose Hotels & Resorts work with trusted third-party payment processing providers and banks in order to securely take and manage payments.

Regulators, Local Authorities and Law Enforcement Agencies

Almarose Hotels & Resorts will, if required by law, release your personal information to law enforcement agencies, local authorities and regulators. 

Fraud Prevention and Debt Management and Recovery Service Providers

Almarose Hotels & Resorts may exchange information with other companies and organisations for verification of identity, fraud protection, credit risk reduction and debt collection.

As we continue to develop our business, we might sell or buy hotels, leisure clubs or golf clubs. In such transactions, hotel guest, leisure and golf club member information is generally one of the transferred business assets.  However, it remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the customer or member consents otherwise).  Also, in the unlikely event that Almarose Hotels & Resorts or substantially all of its assets are acquired, personal information will be one of the transferred assets.

WHERE WE STORE YOUR PERSONAL DATA AND THE SECURITY MEASURES WE HAVE PUT IN PLACE TO PROTECT IT

WHERE IS YOUR INFORMATION STORED?

Your information is primarily stored on our IT and physical storage systems that are based primarily in the UK and in the European Economic Area (EEA). 

However, your data may be transferred outside of the UK & EEA, and processed by staff and organisations outside of the UK & EEA in order to provide our services. Countries outside of the UK & EEA may not provide the same level of legal protection when it comes to your personal information.

Any transfers outside of the UK & EEA will be conducted in accordance with UK GDPR, including the use of processors based in the United States.  By submitting your data to us, you agree to this handling. We will base any sharing of data outside of the UK & EEA on the following:

  1. the transfer is necessary for the delivery of our services
  2. the transfer will be based on the standard data protection clauses for transfer of personal data to countries outside of the UK & EU/EEA adopted by the European Commission.

Note some non-EEA countries are recognised by the European Commission as providing an adequate level of data protection to UK & EEA standards. The full list of these countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data.

HOW IS YOUR PERSONAL INFORMATION PROTECTED?

Almarose Hotels & Resorts take data security seriously. We take the appropriate technical and organisational procedures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorised access or disclosure.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal information back to you.

Our information security policies and procedures are aligned with widely accepted international standards.  These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

To this end, we have taken the following technical and organisational measures;

  1. TECHNICAL MEASURES:
  • We have in place firewalls and encryption of computer and mobile device systems.
  • When personal data is transferred TLS encryption technology is used.
  • When you submit credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction.
  • We have in place User ID / Password systems and procedures

NB - Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when you transmit it via email; therefore, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  1. POLICIES & PROCEDURES:
  • We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
  • We place appropriate restrictions on the levels and type of access to personal information and have organisational measures such as user IDs / passwords to control staff access to personal data in line with their job requirements.
  • We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
  • We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies
  • We require privacy, information security, and other applicable training on a regular basis for our employees who have access to personal information and other sensitive data
  • We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
  • We require, through the use of contracts and security reviews, our third-party data processors to protect any personal information with which they are entrusted in accordance with our security policies and procedures

Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data.

HOW LONG WE RETAIN YOUR PERSONAL DATA FOR

If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.

For example we may keep:

  • Check-in details for 7 years
  • Spa Treatment data for 3 years
  • Invoice details for 7 years
  • Vehicle Registration details for 12 months

We have developed a separate Retention & Disposal Policy that sets out the full details of how long we retain your data for and how we then dispose of it.  If you want to understand how long a particular personal data set is retained for then please send your request to our Privacy team at  dataprivacy@almarosehotels.com

YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

Under UK GDPR and the Data Protection Act 2018 you have certain rights over the personal information that we hold about you. The rights available to you depend on our lawful basis for processing your information.

Your rights include the right to access information we hold about you, the right to correct your information (if it is inaccurate or incomplete) and in some circumstances you have the right to restrict or stop the processing of your personal information.

Where we are processing personal information with your consent, you can withdraw this consent at any time by contacting our Privacy Team at dataprivacy@almarosehotels.com.  You also have the right to ask us not to process your personal information where we are relying on a “legitimate interest” to do so.

There are some circumstances in which you can request the deletion of your information and these include :

  • when the personal data is no longer necessary for the purpose for which it was originally collected or processed
  • if we are relying on your consent as a lawful basis for holding the data, and you have withdrawn your consent
  • we are relying on legitimate interests as our basis for processing and you object to the processing of your data, and there is no overriding legitimate interest to continue this processing
  • we are processing the personal data for direct marketing purposes and you object to that processing
  • we have processed the personal data unlawfully i.e. without lawful basis

You have the right to have the data we hold about you transferred to another organisation and to reuse your personal data for your own purposes across different services. We will transfer this information in a commonly used format. This right only applies to the following circumstances:

  • to personal data you have provided us
  • where the processing is based on your consent or for the performance of a contract
  • when processing is carried out by automated means

You can find further information on your data protection rights from the Information Commissioner's Office (ICO).

If you would like to request to exercise any of your rights or if you have any queries related to accessing your personal information, correction, or your rights under GDPR including requiring a copy of the information we hold on you, we will provide this free of charge and within one month. Please contact our Privacy Team if you wish to exercise any of your rights by emailing us at dataprivacy@almarosehotels.com

Or if you’d like, you can write to us at:

Data Privacy,

Chesford Hub

Kenilworth

CV8 2LD, United Kingdom (UK)

Reg. No 11745703

For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You may be asked to include a copy of two official pieces of identification, such as a driver’s license or passport, along with your request.

If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to our Privacy Team as indicated above.

All requests will receive a response as swiftly as possible and in accordance with applicable law.

If you are not satisfied with our response to your query, you can contact your local data protection authority who will be able to advise you on next steps. For the United Kingdom, this is the Information Commissioner's Office (ICO), who is also our supervisory authority. Details of their contact information can be found at https://ico.org.uk/global/contact-us/.

We may change or update this Privacy Policy from time to time, to reflect how we are processing your data. If we make significant changes, we will make that clear on our website, or by some other means of contact such as email, so that you are able to review the changes before you continue to use our services.