QLodges respects your privacy and is committed to protecting
what information we collect and process using the QLodges website,
how we protect and use it, and what choices you have about your
referring to QLodges of Wellington House, Cliffe Park, Bruntcliffe
Road, Morley, Leeds, LS27 0RY, the organisation which provides this
website, and any services or features which may be made available
to you from this website.
Data Protection Framework
Data Protection Regulation ("GDPR"), which comes into effect on
25th May 2018, under the supervision of the ICO within the
QLodges will complete the applicable Privacy Impact
Assessments (also known as Data Protection Impact Assessments under
GDPR) for activities related to this website if they meet the
necessary criteria, and these are available upon request from
This privacy notice aims to give you information on how
we collect and processes your personal data through your use of
this website, including any data you may provide through this
website when you sign up to our deal alert newsletter, complete the
enquiry or contact forms.
It is important that you read this privacy notice together
with any other privacy notice or fair processing notice we may
provide on specific occasions when we are collecting or processing
personal data about you so that you are fully aware of how and why
we are using your data.
This privacy notice supplements the other notices and is not
intended to override them.
QLodges is the controller and responsible for your
We have appointed a data protection officer who is responsible for
overseeing questions in relation to this privacy notice. If you
have any questions about this privacy notice, including any
requests to exercise your legal rights, please contact the data
protection officer using the details set out at the end of this
1. Customer and Citizen Data
You may decide to send us your personal information via this
website if you are seeking more information about rental
accommodation or ownership at QLodges, signing up for newsletters
or deal alerts, or for other similar purposes. Your decision to
disclose your personal data is entirely voluntary, and by doing so,
you are taking an affirmative action by providing us with specific
consent to use your personal data only for the purposes for which
you have disclosed it to us.
Personal data, or personal information, means any information
about an individual from which that person can be identified. It
does not include data where the identity has been removed
1.1 How data is collected
We may collect, use, store and transfer different kinds
of personal data about you which we have grouped together
• Identity Data includes first name last name,
• Contact Data includes address, email address and telephone
• Technical Data includes internet protocol (IP) address,
your login data, browser type and version, time zone setting and
location, browser plug-in types and versions, operating system and
platform and other technology on the devices you use to access this
• Usage Data includes information about how you use our
website, products and services.
• Marketing and Communications Data includes your preferences
in receiving marketing from us and your communication
We use different methods to collect data from and about you
1.1.1 Direct interactions
You may give us your Identity and Contact by filling in
online forms or by corresponding with us by phone, email, online
chat or otherwise. This includes personal data you provide when
• Request information about holiday rentals or holiday
• Request marketing to be sent to you in the form of deal
alerts or newsletters;
• Enter a competition, promotion or survey; or
• Give us some feedback.
1.1.2 Automated technologies or interactions
As you interact with our website, we may automatically
collect Technical Data about your equipment, browsing actions and
patterns. We collect this personal data by using cookies, server
logs and other similar technologies. We may also receive Technical
Data about you if you visit other websites employing our cookies.
Please see our
1.1.3 Third parties or publicly available
We may receive personal data about you from various third
parties and public sources as set out below:
• Technical Data from the following parties:
• Analytics providers such as Google based outside the
• Search information providers based both inside and outside
1.2 How we use your personal data
QLodges will only use your personal data when the law allows
us to and only for the purposes for which you have submitted it to
us. Most commonly, we will use your personal data in the following
circumstances: (a) provide information to you, (b) make contact
with you, (c) provide contracted services to you, (d) perform the
contract between us, (e) where it is necessary for our legitimate
interests (or those of a third party) and your interests and
fundamental rights do not override those interests (f) where we
need to comply with legal and regulatory obligations or (g)
maintain the operations and security of the website and services we
provide to you.
Generally, we do not rely on consent as a legal basis for
processing your personal data other than in relation to sending
third party direct marketing communications to you via email or
text message. You have the right to withdraw consent to marketing
at any time by contacting us.
You will receive marketing communications from us if you
• Requested information from us, rented holiday
accommodation with us or purchased holiday ownership products at
• If you have provided us with your details and ticked
the consent box to send you marketing communications; and
• You have not opted out of receiving that marketing
1.3 Promotional offers from us
We may use your Identity, Contact, Technical and Usage Data to
form a view on what we think you may want or need, or what may be
of interest to you. This is how we decide which marketing of
products, services and offers may be relevant for you.
You will receive marketing communications from us if you have
requested information from us or purchased services from us or if
you provided us with your details when you entered a competition or
registered for a promotion and, in each case, you have not opted
out of receiving that marketing.
1.4 Change of purpose
We will only use your personal data for the purposes for which
we collected it, unless we reasonably consider that we need to use
it for another reason and that reason is compatible with the
original purpose. If you wish to get an explanation as to how the
processing for the new purpose is compatible with the original
purpose, please contact us via the details below.
If we need to use your personal data for an unrelated purpose,
we will notify you and we will explain the legal basis, which
allows us to do so.
Please note that we may process your personal data without
your knowledge or consent, in compliance with the above rules,
where this is required or permitted by law.
1.5 Data Storage
We will, at all times, handle and store your personal data in
accordance with industry best practice aligned with ISO27001, the
international standard for information security. This includes the
activities and procedures undertaken by our own personnel and
authorised third parties, and the technical controls which we have
implemented to prevent unauthorised access, compromise or theft of
information from our applications, supporting computer systems and
These include removal of all personal data from the local and
staging website, removal of data migration plugin, password prompts
to access the staging site and two-factor authentication and email
verification to access the back-end of the site. User access is
We have put in place procedures to deal with any suspected
data breach including disaster planning and will notify you, and
any applicable regulator, of a breach where we are legally required
to do so.
We limit, where possible, access to your personal data to
employees and third parties including data processors, who have a
business need to know such data. They will only process your data
on our instructions and are subject to a processing agreement duty
We will only retain your personal data for as long as
necessary to fulfil the purposes we collected it for including
satisfying any legal, accounting or reporting requirements. By law
we keep basic information about our customers (including contact,
identity, financial and transaction data) for six years after they
cease being customers for tax purposes.
In some circumstances you can ask us to delete your data, please
In some circumstances we may anonymise your personal data (so that
it can no longer be associated with you) for research or
statistical purposes in which case we may use this information
indefinitely without further notice to you.
2. Sensitive Personal Data
GDPR specifies a set of personal data categories which are
"sensitive", and which require special consideration by Data
Controllers. This website, and any services available from this
website, do not knowingly collect or process any sensitive personal
data, and supporting Privacy Impact Assessments (also known as Data
Protection Impact Assessments under GDPR) are available upon
request from the QLodges Data Protection Officer.
3. Children's Personal Data
This website, and any services available from this website,
are not directed to children under the age of 13. If you learn that
a child under the age of 13 has provided us with their personal
information without having parental consent, please contact the
QLodges Data Protection Officer immediately so that we can take
4. Customer and Citizen Data Rights
As prescribed within data protection regulations, you have
specific rights connected to the provision of your personal data to
QLodges using this website. These include your rights to request
• Confirm to you what personal data we may hold about
you, if any, and for what purposes;
• Change the consent which you have provided to us in
relation to your personal data;
• Correct any inaccurate or incomplete personal data which we
may hold about you;
• Provide you with a complete copy of your personal data for
you to move elsewhere;
• Stop the processing of your personal data, whilst an
objection from you is being resolved; and
• Permanently erase all your personal data promptly, and
confirm to you that this has been done (there may be reasons why we
may be unable to do this)
To contact QLodges, please see below.
4.1 Exercising your rights
You will not have to pay a fee to access your personal data
(or to exercise any of the other rights). However, we may charge a
reasonable fee if your request is clearly unfounded, repetitive or
excessive. Alternatively, we may refuse to comply with your request
in these circumstances.
4.1.1 What we may need from you
We may need to request specific information from you to help
us confirm your identity and ensure your right to access your
personal data (or to exercise any of your other rights). This is a
security measure to ensure that personal data is not disclosed to
any person who has no right to receive it. We may also contact you
to ask you for further information in relation to your request to
speed up our response.
4.1.2 Time limit to respond
We try to respond to all legitimate requests within one month.
Occasionally it may take us longer than a month if your request is
particularly complex or you have made a number of requests. In this
case, we will notify you and keep you updated.
If QLodges does not address your request within one month or
fails to provide you with a valid reason why we have been unable to
do so, you have the right to contact the Information Commissioner's
Office to make a compliant. They can be contacted via their website
(www.ico.org.uk) or by telephone 0303 123 1113.
5. Declaration of Processing and
To make an informed decision on whether to provide your
personal data to QLodges using this website, we need to make you
aware of the following organisations who act as Data Processors for
us in the provision of our services to you:
• Durham Associates
• Cameron House Lodges Limited
• Merlin Timeshare Software
We require all third parties to respect the security of your
personal data and to treat it in accordance with the law. We do not
allow our third-party service providers to use your personal data
for their own purposes and only permit them to process your
personal data for specified purposes and in accordance with our
Where we use providers based in the United States, we may
transfer data to them if they are part of the EU-US Privacy Shield,
which requires them to provide similar protection to personal data
shared between the Europe and the US.
If none of the above safeguards is available, we may request
your explicit consent to the specific transfer. You will have the
right to withdraw this consent at any time.
Please email us at [email protected]
if you want
further information on the specific mechanism used by us when
transferring your personal data out of the EEA.
The activities within which each of these Data Processors
participates may have been recorded within the applicable Privacy
Impact Assessment records (also known as Data Protection Impact
Assessments under GDPR) and these are available upon request from
the QLodges Data Protection Officer.
6. Website Cookies
both session-based and persistent cookies, dependent upon how you
use or interact with this website.
Cookies are small text files sent by us to your computer, and
from your computer or mobile device to us each time you visit our
website. They are unique to you or your web browser.
Session-based cookies last only while your browser is open and
are automatically deleted when you close your browser session.
Persistent cookies last until you or your browser deletes them, or
until they expire.
unique and allow us to undertake website analytics and
customization, among other similar things. If you decide to disable
some or all cookies, you may not be able to use some of the
functions on our website. We may use third-party cookies, for
example Google Analytics, and you may choose to opt-out of third
party cookies by visiting their website.
We may use third-party cookies, for example Google Analytics,
and you may choose to opt-out of third party cookies by visiting