|Company Name:||The Beacon Country House Hotel Limited (“The Company”)|
|Company Contact Details:||The Data Protection Manager, The Beacon Country House Hotel, Goonvrea Road, St Agnes, Cornwall. TR5 0NW|
|Policy Effective Date:||1/11/19|
The Beacon Hotel knows that your personal information is very important to you. The purpose of this statement is to explain how we may use the information we obtain about you.
The Beacon Country House Hotel reserves the right to amend this policy at any time: we will notify you of any necessary changes.
For the purpose of the Data Protection Act 2018 and the EU GDPR regulations, the data controller is Beacon Country House Hotel.
The Beacon Country House Hotels websites and their owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of their users throughout their visiting experience. The websites comply with all UK national laws and requirements for user privacy.
Storage of your personal information
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
It is important for you to protect against unauthorised access to your password and to your computer. Be sure to logout when you finish using a shared computer.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the websites to provide the users with a tailored experience. Users are advised that if they wish to deny the use and saving of cookies from The Beacon Country House Hotels websites on to their computer’s hard drive they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when The Beacon Country House Hotels websites use referral programs, sponsored links or adverts. Such cookies are used for sales conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Website Data Collection
Users and owners of The Beacon Country House Hotels websites do so at their own discretion and provide any such personal details as are requested at their own risk. Your personal information is held securely and stored privately as per the regulations set out in the Data Protection Act 2018 and the EU GDPR regulations. Every effort has been made to ensure that your personal data is transmitted and stored securely and safely in line with IT security best practice.
Website Email Newsletters
The Beacon Country House Hotels websites may operate an email newsletter program, used to inform subscribers about the Beacon Country House Hotel products and services including services supplied by the Beacon Country House Hotels websites. Your details may be used to subscribe you to the Beacon Country House Hotels email newsletters but only if this was made clear to you and your express permission was granted when submitting any online form or at checkin/checkout. Or whereby you the consumer have previously purchased from or enquired about purchasing from the Beacon Country House Hotels company a product or service that the email newsletter relates to.
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 2018 and the EU GDPR regulations. No personal details are passed on to third parties nor shared with companies or people outside of the Beacon Country House Hotels Company operating the website. Under the Data Protection Act 2018 and EU GDPR regulations you may request details of the personal information held about you by the Beacon Country House Hotels websites. If you would like a copy of the information held on you, please write to the Data Protection Manager using the contact details at the top of this policy.
Email marketing campaigns published by the Beacon Country House Hotels websites or their owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity. This information is used to refine future email campaigns and supply the subscriber with more relevant content based around their activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un- subscription system is unavailable clear instructions on how to un-subscribe will be detailed instead.
Damage to hotel property – We reserve the right to charge guests the cost of rectifying damage, caused by the deliberate, negligent or reckless act of the guest to the hotel’s property or structure. Should this damage come to light after the guest has departed, we reserve the right to make a charge to the guest’s credit / debit card, or send an invoice for the amount to the registered address. We will however make every effort to rectify any damage internally prior to contracting specialists to make the repairs, and therefore will make every effort to keep any costs that the guest would incur to a minimum.
Our websites aim to include safe and relevant external links. However, users are advised to adopt a policy of caution before clicking any external web links located on the Beacon Country House Hotels websites. (External links are clickable text, banners or images which link to websites outside the control of the Beacon Country House Hotels and associated technology suppliers).
The owners of the Beacon Country House Hotels websites cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore be aware that they click on external links at their own risk and that the Beacon Country House Hotels websites and their owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Adverts and Sponsored Links
We reserve the right to charge guests the cost of replacing any items that are removed from the premises by them without consent. The charge will be the full replacement amount of the missing item, including any carriage charges. Should the fact that the item is missing come to light after the guest has departed, we reserve the right to make a charge to the guests credit/debit card, or send an invoice for the amount to the registered address.
The Beacon Country House Hotels websites may contain sponsored links and adverts. These will typically be served through advertising partners, who may have detailed privacy policies relating directly to the adverts they serve.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. Beacon Country House Hotels websites nor their owners will not ask for personal or sensitive information through social media platforms, nor encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Beacon Country House Hotel websites may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised, before using such social sharing buttons, that they do so at their own discretion and should note that the social media platform concerned may track and save a user’s request to share a web page through the social media platform account of the user making the request.
Shortened Links in Social Media
Unfortunately we do not accept Children under the age of 8 at the hotel due to the lack of children’s facilities. Occasionally we will run family weekends in our quieter periods to allow our guests with children and grandchildren to see the glorious area we live in!
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URLs [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened URLs published on social media platforms by the Beacon Country House Hotel websites and their owners. Despite best efforts to ensure only genuine URLs are published, many social media platforms are prone to SPAM and hacking, consequently the Beacon Country House Hotel websites and their owners cannot be held liable for any damages or implications caused by following any shortened links.
Resources & Further Information
Data Protection Act 2018 – http://www.legislation.gov.uk/ukpga/2018/12/contents
General Data Protection regulation (GDPR) – https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
Privacy and Electronic Communications Regulations 2003 – http://www.legislation.gov.uk/uksi/2003/2426/contents/made
Privacy and Electronic Communications Regulations 2003 – The Guide – https://ico.org.uk/for-organisations/guide-to-pecr/
The Beacon Country House Hotel and its member companies provide hotel, bed and breakfast, and function services to its guests, holiday makers, and clients. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
You may give your personal details to the Company directly, such as on a reservation or registration form or via our websites, or we may collect them from another source such as a review site or third party booking site or when talking with you on the telephone. The Company must have a legal basis for processing your personal data. For the purposes of providing you with guest services and/or information relating to services relevant to you, we will only use your personal data in accordance with the terms of the following statement.
Collection And Use Of Personal Data
Purpose of processing and legal basis
The Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with hotel, bed and breakfast, and function services. The legal bases we rely upon to offer these services to you are:
- Legitimate interest
- Legal obligation
- Contractual obligation
We collect and use your personal data for hotel, bed and breakfast, and function services, business management, invoice processing and accounting reasons including:
- identifying and evaluating guest information for the purpose of their stay, service, or function at the hotel;
- record keeping in relation to previous and future stays/functions at the hotel;
- Ability to communicate and offer future services;
- ensuring compliance with statutory and legal requirements, including the provision of tax information to HMRC as well as diversity and inclusion requirements and practices;
- protecting our legal rights to the extent authorised or permitted by law; or
- emergency situations where the health or safety of one or more individuals may be endangered.
We process your personal data for the purposes described above: when we have your consent to do so; when necessary to enter into an contractual arrangement with you; when necessary for us to comply with a legal obligation; or when necessary for the purposes of our legitimate interests as a provider of guest and hotel services.
Where the Company has relied on a legitimate interest to process your personal data our legitimate interests are as follows:
- in pursuit of the Company’s legitimate business interest in the supply of guest and hotel services.
Recipient/s of data
The Company will process your personal data and/or sensitive personal data with the following recipients:
To Our Group Companies
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this notice.
Our insurers/professional advisers
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
Our clients/partner agencies
We may disclose your personal data and account data to our clients, and our partner agencies insofar as reasonably necessary in relation to providing guest and hotel services.
Providing your personal data to any third party
Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.
To comply with legal obligations
In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation, or in order to protect your vital interests or the vital interests of another individual.
Your personal data is not required as part of a statutory and/or contractual requirement, and/or a requirement necessary to enter into a contract.
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you hotel & guest services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
We must keep your invoice records and reservation details for as long as is legally required by HMRC and associated tax legislation.
We will retain details of your booking and payment history for the purposes of providing financial information to HMRC. We may also need to retain details of your history, address, and contact details for six years following the date you last stayed with us, in order to provide a legal defence against possible claims for breach of contract.
Where the Company has obtained your consent to process your personal data, we will do so in line with our retention policy. Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data.
Your rights under GDPR
Please be aware that you have the following data protection rights:
The right to access
You may ask us to give you access to any personal information we hold about you; we will provide you with a copy of the personal information we hold provided your request is not found to be excessive or unjustified, in which case a charge may apply; we will also require appropriate evidence of your identity. We may withhold personal information that you request according to legal constraints.
The right to rectification of your personal data;
You have the right to request that we correct any incomplete or inaccurate data we hold about you.
The right to erasure of your personal data in certain circumstances;
In certain circumstances you may ask us to delete the personal data that we hold about you. For example:
- it is no longer necessary for us to hold your personal data in relation to the purposes for which it was originally collected or otherwise processed;
- you withdraw your consent to any processing for which you gave us explicit consent;
- the processing is for direct marketing purposes;
- you believe we have processed your personal data unlawfully.
However, there are certain general exclusions to the right to erasure, including where processing is necessary in order to exercising the right of freedom of expression and information or for compliance with a legal obligation or for establishing, exercising or defending legal claims.
The right to restrict processing of your personal data;
The right to object to processing of personal data based on public or legitimate interest;
You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
The right not to be subjected to automated decision making and profiling;
We do not perform automated data processing.
The right to withdraw consent at any time.
If we have obtained your explicit consent to processing your personal data, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Your right to object to direct marketing
You may ask us at any time not to process your personal information for marketing purposes. However, usually you will either have agreed in advance to our use of your personal information for marketing purposes, or you will be able to opt out of the use of your personal information for marketing purposes.
Complaints or queries
If you have any questions or complaints regarding this privacy notice or any of the procedures set out in it please contact the Data Protection Manager using the contact information at the top of this notice.
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.