OUR COMMITMENT TO PROTECTING YOUR PRIVACY
Almarose Hotels are committed to complying with the General Data
Protection Regulation and the Data Protection Act 2018.
We know that you care how information about you is used and
shared. Looking after the personal information you share with
us is very important, and we want you to be confident that your
personal data is kept safely and securely. This privacy
policy describes the type of personal information that we may
collect about you when you stay at our hotel or join our leisure
club, how we use any personal information, the circumstances in
which we may share the information and the steps we take to
safeguard the information to protect your privacy.
We have published this notice to help you understand
• how Almarose Hotels uses your personal data;
• who we share your information with, why and on what
basis;
• and what your rights are.
If we make changes to this notice we will notify you by updating
it on our website.
"Personal data" means any information collected and logged in a
format that allows you to be identified personally, either directly
(e.g. name) or indirectly (e.g. telephone number). Before providing
us with this information, we recommend that you read this document
describing our customer privacy protection policy.
This Customer Privacy Policy forms part of the terms and
conditions that govern our hotel and leisure club services.
WHAT PERSONAL DATA WE COLLECT
HOTEL CUSTOMERS
At various times, we will be obliged to ask you, as a hotel
customer, for information about you and/or members of your family,
such as:
• Contact details (for example, last name, first name,
telephone number, address, email)
• Personal information (for example, date of birth,
nationality)
• Information relating to your children (for example, first
name, date of birth, age)
• Your credit card number (for transaction and reservation
purposes)
• Your membership number if you are a member of our loyalty
program.
• Your arrival and departure dates.
• Your preferences and interests (for example, smoking or
non-smoking room, preferred floor, type of bedding, type of
newspapers/magazines, sports, cultural interests)
• Your questions/comments, during or following a stay in one
of our hotels.
• The information collected in relation to persons under 18
years of age is limited to their name, nationality and date of
birth, which can only be supplied to us by an adult.
• Our hotels use CCTV for safety and security monitoring
purposes.
Personal data of hotel customers may be collected on a variety of
occasions, including:
• Hotel activities:
o Booking a room
o Checking-in and paying
o Eating/drinking at the hotel bar or restaurant during a
stay
o Requests, complaints and/or disputes.
• Transmission of information from third parties:
o Tour operators, travel agencies, reservation systems, and
others
• Internet activities:
o Connection to hotel websites (IP address, cookies)
o Online forms (online reservation, questionnaires, hotel
pages on social networks, network login devices such as Facebook
login etc.).
LEISURE CLUB MEMBERS
When you join the leisure club as a member, you are entering into
a membership contract agreement with us, a copy of the terms &
conditions for which you can find on the leisure club
website. To enable us to set-up your membership and to help
us improve your leisure club experience we will ask you to provide
some personal information which may include
• Contact details (last name, first name, telephone number,
email)
• Date of birth
• Bank account details (for direct debit memberships)
• Photograph
• Health Information
• Our leisure clubs use CCTV for safety and security
monitoring purposes.
HOW WE USE YOUR INFORMATION
Data Protection says that we are allowed to use and share your
personal data only where we have a proper reason to do so. The law
says we must have one or more of these reasons and these are:
• CONTRACT - your personal information is processed in order
to fulfil a contractual arrangement.
• CONSENT - where you agree to us using your information in
this way e.g. for sending you information on hotel or leisure club
promotions
• LEGITIMATE INTERESTS - this means the interests of Almarose
Hotels in managing our business to allow us to provide you with the
best service.
• LEGAL OBLIGATION - where there is statutory or other legal
requirement to share the information e.g. when we have to share
your information for law enforcement purposes.
We use your information in a number of different ways, primarily
to fulfil a contract and also provide excellent service to our
customers.
HOTEL CUSTOMERS
The table below set this out in detail, showing what we use the
information we collect for:
Contact Details
• To manage the reservation of rooms and accommodation
requests and other hotel services.
• To manage your stay at the hotel, room lists, restaurant
bookings, special requests and services.
• To monitor your use of hotel services.
• To manage invoicing and payment records.
• Carrying out surveys and analyses of questionnaires and
customer comments
• Managing claims/complaints
• Offering you the benefits of our loyalty program
• Managing access to rooms
• Monitoring your use of services
Personal Information
• To improve hotel services, to input to our marketing
programme.
• To assist promotion of our services, and adapting our
products.
Information relating to your children
• Only supplied by an adult. Used to manage their stay at the
hotel.
Credit Card Number
• Managing the reservation of rooms, accommodation requests
and to take payment
Loyalty Membership Number
• Managing our relationship with customers before, during and
after your stay
• Knowing and managing the preferences of new or repeat
customers
• Managing the loyalty program and supply rewards
• Providing details for the customer database
• Developing statistics and commercial scores, and carrying
out reporting
Arrival and Departure dates
• To manage your hotel booking.
Preferences and Interests
• To enhance customers, stay at our hotel and to customise
and improve the services we offer.
Questions / Comments
• To collect feedback to improve our services and monitor
customer experience.
LEISURE CLUB MEMBERS
The table below set this out in detail, showing what we use the
information we collect for:
Contact Details
• To manage the membership application and administration of
your club membership.
• To verify your membership status
• To manage payment records.
• Carrying out surveys and analyses of questionnaires and
customer comments
• Managing claims/complaints
• Offering you the benefits of our loyalty program
• To carry out obligations arising from membership
contractual agreements.
• To facilities booking of a class
Personal Information
• To improve services, to input to our marketing
programme.
• For demographic profiling of our customer base, to assist
promotion of our services, and adapting and improving our products
and services.
Information relating to your children
• We do not collect personal information from individuals
under 18 years of age without the permission of their parent or
guardian.
• Only supplied by a parent or guardian as required by the
membership application process we will require the name, date of
birth and age of any member under the age of 18.
Bank Account Details
• If you are paying for your membership via monthly direct
debit we will collect and securely store your bank account
information for membership administration purposes.
Photograph
• In the interests of security and the prevention of crime,
we may take a digital photograph of each member to whom a
membership card is issued.
• To identify you as a club member.
• By providing the digital photograph to us, you are
consenting to our using it in the manner set out in this
Policy.
Membership Number
• To manage your access to the club.
• To monitor your usage of the club to assist us to
supporting you achieve your exercise and health goals.
Sensitive Information
• As part of the gym induction process, at your discretion
you may also share with us information about your general health
and medical conditions
• This information is used to inform the prescription of an
appropriate exercise programme*
• By providing sensitive information to us, you are
consenting to our using it in the manner set out in this
Policy.
Questions /Comments
• To collect feedback to improve our services and monitor
customer experience.
*Your attention is drawn to the Health Commitment Statement policy
which outlines our responsibilities and what we can reasonably
expect of each other in regards to your health, exercise any
medical conditions.
YOUR RIGHTS
You are entitled to request the following from Almarose Hotels,
these are called your Data Subject Rights and there is more
information on these on the Information Commissioners website
www.ico.org.uk
• THE RIGHT TO BE INFORMED - The right to be informed about
how your personal information is being used and processed (as
described in this policy).
• RIGHT OF ACCESS - The right to access the personal
information we hold about you.
• RIGHT TO RECTIFICATION - The right to request the
correction of inaccurate personal information we hold about you and
to have incomplete personal information completed
• THE RIGHT TO ERASURE (also known as the Right to be
Forgotten) - The right to request that we delete your data, or stop
processing it or collecting it, in some circumstances.
• RIGHT TO RESTRICTION OF PROCESSING - to restrict processing
of your personal information.
• RIGHT TO DATA PORTABILITY - to electronically move, copy or
transfer your personal information in a standard form, or port
elements of your data either to you or another service
provider.
• RIGHT TO OBJECT - The right to object to processing of your
personal information
• THE RIGHT TO STOP DIRECT MARKETING messages, and to
withdraw consent for other consent-based processing at any
time.
• THE RIGHT TO COMPLAIN to your data protection regulator -
in the UK, the Information Commissioner's Office. We
encourage you to contact us before making any complaint and we will
seek to resolve any issues or concerns you may have.
If have any general questions about your rights or if you want
to exercise your rights or have a complaint, please contact us,
details in the contact us section at the end of this document.
WHO WE SHARE YOUR INFORMATION WITH AND WHY
Within Almarose Hotels, in order to offer you the best service,
we can share your personal data and give access to authorised
employees including:
• Hotel staff
• Reservation staff
• IT departments
• Commercial partners and marketing services
• Legal services if applicable
• Generally, any appropriate person within Almarose Hotels
for certain specific categories of personal data.
Information about our hotel guests and leisure club members are an
important part of our business and we do not sell this information
to others. Almarose Hotels works with a number of
trusted suppliers, agencies and businesses in order to provide you
the high quality services you expect from us. Your personal
data may be sent to a third party for the purposes of supplying you
with services and improving your stay or leisure club membership
experience.
Some examples of the categories of third parties with whom we
share your data are:
Booking Partners
Almarose Hotels works with a number of trusted partners who take
hotel bookings and manage reservation systems on our behalf. All
partners are subject to thorough security checks, and will only
hold the minimum amount of personal information needed in order to
fulfil the bookings you make on our behalf.
IT Companies
Almarose Hotels work with business who support our website and
other business systems.
Marketing Companies
We work with marketing companies who help us manage our electronic
communications with you or carry out surveys and reviews on our
behalf. If customer have opted-in to receiving information
regarding our goods and services we may utilise a marketing company
to send out such information. For further information see the
'Keeping in touch with you' section of this policy.
Payment Processing
Almarose Hotels work with trusted third party payment processing
providers and banks in order to securely take and manage
payments.
Debt Recovery and Fraud Prevention
We release your personal information on the basis that we have a
legitimate interest in preventing fraud and money laundering, when
we believe release is appropriate to comply with the law; enforce
or apply our contractual agreements; or protect the rights,
property or safety of Almarose Hotel or our customers. This
includes exchanging information with other companies and
organisations for verification of identity fraud protection, credit
risk reduction and debt collection.
Details of the personal information that will be processed
include, for example: name, address, date of birth, contact
details, financial information, employment details, device
identifiers including IP address and vehicle details.
We and fraud prevention agencies may also enable law enforcement
agencies to access and use your personal data to detect,
investigate and prevent crime.
Local Authorities
We may also be obliged to send your information to local
authorities if this is required by law or as part of an inquiry and
in accordance with local regulations.
Business Transfers
As we continue to develop our business, we might sell or buy
hotels or leisure clubs. In such transactions, hotel guest and
leisure club member information generally is one of the transferred
business assets but remains subject to the promises made in any
pre-existing Privacy Policy (unless, of course, the customer or
member consents otherwise). Also, in the unlikely event that
Almarose Hotels or substantially all of its assets are acquired,
personal information will be one of the transferred assets.
Website
To improve our platform, prevent or detect fraud or abuses of our
website and enable third parties to carry out technical,
logistical, research or other functions on our behalf.
Outside the UK
Whenever we transfer personal information to countries outside of
the European Economic Area in the course of sharing information as
set out above, we will ensure that the information is transferred
in accordance with this Privacy Policy and as permitted by the
applicable laws on data protection.
KEEPING YOUR INFORMATION
If we collect your personal information, the length of time we
retain it is determined by a number of factors including the
purpose for which we use that information and our obligations under
other laws.
We may need your personal information to establish, bring or
defend legal claims. For this purpose, we will always retain your
personal information for 5 years after the date it is no longer
needed by us for any of the purposes listed under the 'How we use
your information' section within this policy.
The only exceptions to this are where:
• the law requires us to hold your personal information for a
longer period, or delete it sooner;
• you exercise your right to have the information erased
(where it applies) and we do not need to hold it in connection with
any of the reasons permitted or required under the law;
• we bring or defend a legal claim or other proceedings
during the period we retain your personal information, in which
case we will retain your personal information until those
proceedings have concluded and no further appeals are possible;
or
• In limited cases, existing or future law or a court or
regulator requires us to keep your personal information for a
longer or shorter period.
HOW WE SECURE YOUR INFORMATION
Almarose Hotels take data security seriously, and we take
appropriate technical and organisational procedures, in accordance
with applicable legal provisions, to protect your personal data
against illicit or accidental destruction, accidental alteration or
loss, and unauthorised access or disclosure.
We maintain physical, electronic and procedural safeguards in
connection with the collection, storage and disclosure of
personally identifiable information. Our security procedures mean
that we may occasionally request proof of identity before we
disclose personal information to you.
Our information security policies and procedures are aligned with
widely accepted international standards, we apply the controls
detailed in the Payment Card Industry Data Security Standard to all
environments storing personal data. These standards are applied and
are reviewed regularly and updated as necessary to meet our
business needs, changes in technology, and regulatory
requirements.
To this end, we have taken technical and organisational
measures
TECHNICAL MEASURES:
• We have taken technical measures such as firewalls and
encryption of computer and mobile device systems.
• When personal data is transferred encryption technology is
used.
• When you submit credit card data when making a reservation,
SSL (Secure Socket Layer) encryption technology is used to
guarantee a secure transaction.
• Unfortunately, the transmission of information via the
internet is not completely secure. Although we will do our best to
protect your personal data, we cannot guarantee the security of
your data transmitted to our site; any transmission is at your own
risk. Once we have received your information, we will use strict
procedures and security features to try to prevent unauthorised
access.
• User ID / Password systems and procedures
POLICIES & PROCEDURES:
• We have measures in place to protect against accidental
loss and unauthorized access, use, destruction, or disclosure of
data
• We place appropriate restrictions on the levels and type of
access to personal information and have organisational measures
such as user IDs / passwords to control staff access to personal
data in line with their job requirements.
• We implement appropriate measures and controls, including
monitoring and physical measures, to store and transfer data
securely
• We conduct Privacy Impact Assessments in accordance with
legal requirements and our business policies
• Training for employees and contractors
• We require privacy, information security, and other
applicable training on a regular basis for our employees who have
access to personal information and other sensitive data
• We take steps to ensure that our employees and contractors
operate in accordance with our information security policies and
procedures and any applicable contractual conditions
• We require, through the use of contracts and security
reviews, our third-party vendors and providers to protect any
personal information with which they are entrusted in accordance
with our security policies and procedures
KEEPING IN TOUCH WITH YOU
We want to keep our customers up to date with information about
special offers, benefits and improvements to our facilities and
services.
When you engage with our marketing activities, or join our
leisure clubs, either electronically on-line via website or social
media for example, or in person at the hotel, we will ask you if
you want to opt-in to receive this type of promotional
information. If you have consented to receive marketing, you
may opt out at a later date.
If you decide you do not want to receive this marketing
information you have the right to ask us not to process your
personal information for marketing purposes. You can request
that we stop contacting you for marketing purposes by emailing
[email protected], or via the unsubscribe link within any
marketing Email or SMS which you receive. You may continue to
receive marketing information for a short period while your request
is dealt with.
Almarose Hotels will not share your information with outside
companies for their marketing purposes.
We reserve the right to contact our hotel customers or leisure
club members as necessary to fulfil the obligations and
administration of our service. We will also communicate as
deemed appropriate by Almarose Hotels in regards to any changes to
the product, services and facilities of the hotel or leisure club
which may impact on you.
COOKIES
This section is designed to help you understand what cookies
are, how Almarose Hotels uses them and the choices you have in
regards to their use.
WHAT ARE COOKIES?
Cookies are small data files that are transferred to your
computer's web browser to enable our systems to recognise your
browser and to collect information from your computer such as your
IP address and other details about your computer which are
collected by our web server, operating system and browser type, for
system administration and to report aggregate information to our
advertisers. This is statistical data about our users' browsing
actions and patterns, and does not identify any individual.
ARE COOKIES SAFE?
Yes - Cookies are not harmful and do not contain any information
such as your home address, date of birth or credit card
details. The information stored in cookies is safe and
anonymous to any external third party, and your account security is
never compromised.
There are four main types of cookies - here's how and why we use
them:
1. Site functionality cookies - these cookies allow you to
navigate the site and use our features.
2. Site analytics cookies - these cookies allow us to measure
and analyse how our customers use the site, to improve both its
functionality and your shopping experience.
3. Customer preference cookies - when you are browsing, these
cookies will remember your preferences (like your language or
location), so we can make your experience as seamless as possible,
and more personal to you.
4. Targeting or advertising cookies - these cookies are used
to deliver ads relevant to you. They also limit the number of times
that you see an ad and help us measure the effectiveness of our
marketing campaigns.
By using our site, you agree to us placing these sorts of
cookies on your device and accessing them when you visit the site
in the future.
CAN I TURN OFF COOKIES?
Yes - To change your cookie settings, or if you want to be
notified each time a cookie is about to be used, you should amend
the settings provided in your web browser to prevent us from
storing cookies on your computer hard drive.
For information on how to have your browser notify you when you
receive a new cookies and how to disable or delete cookies, please
consult the "Help" tab of your browser via the menu bar.
Further information about cookies can be found at
https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/.
Please note that by deleting or disabling future cookies, your user
experience may be affected, and you might not be able to take
advantage of certain functions of our site.
Because cookies allow you to take advantage of some of website's
essential features, we recommend that you leave them turned on.
Website visitors who don't want their data used by Google
Analytics can install the Google Analytics opt-out browser add-on.
To opt-out of Analytics for the web, visit the Google Analytics
opt-out page and install the add-on for your browser. Web
site visitors can also opt-out of Google Analytics for Display
Advertising and customize Google Display Network ads using the
google Ad Settings.
CHANGES TO HOW WE PROTECT YOUR PRIVACY
We may change or update this Privacy Policy from time to time,
to reflect how we are processing your data. If we make significant
changes, we will make that clear on our website, or by some other
means of contact such as email, so that you are able to review the
changes before you continue to use our services.
ACCESS, MODIFICATION & CONTACTING US
You have the right to access your personal data collected by
Almarose Hotels and to modify it subject to applicable legal
provisions. Should you need to contact us if you have any questions
about this notice, would like us to stop using your information,
want to exercise any of your rights as set in this Privacy Policy,
or have a complaint; please email us at:
[email protected]
Or if you'd like, you can write to us at:
Data Privacy
1 Towers Place
Richmond, Surrey
TW9 1EG
For the purposes of confidentiality and personal data
protection, we will need to identify you in order to respond to
your request. You will be asked to include a copy of two official
pieces of identification, such as a driver's license or passport,
along with your request.
If your personal data is inaccurate, incomplete or not up to
date, please send the appropriate amendments to the Data Privacy
department as indicated above.
All requests will receive a response as swiftly as possible and
in accordance with applicable law.