- 1. Introduction
By personal data, we mean data which could be used to identify you, including your name and contact details, and any related data which could be attributed to you. It may also include information about how you use our website and other services.
This policy does not include information about the privacy of Hand Picked Hotels employees’ data, which can be obtained from our HR department.
- 2. Who is responsible for your personal data
Hand Picked Hotels Limited is responsible for your personal data. Our registered address is The Old Library, The Drive, Sevenoaks, Kent, TN13 3AB. We are registered as a company in England and Wales under company number 3760451. We are the data controller of the personal data which we collect from you, and so we are responsible for the ways your personal data are collected and the purposes for which your personal data are used.
- 3. How we protect your data
We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to your personal data.
We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
The vast majority of our data processing is undertaken in the European Economic Area (EEA). We will ensure that any data that is processed outside of the EEA adheres to the same security standards as that processed inside the EEA.
- 4. What personal data we collect from you
Depending on how you use our services, we may collect any of the following personal data from you:
Type of personal data Places where these may normally be collected Your name and contact details (email address, telephone number, address) When you create a web account or become member of our loyalty programme
When you make a booking or reservation (including via 3rd party travel agents)
When you make an enquiry, complete a form or download a brochure (including via 3rd parties)
When you register for our free Wi-Fi
When you sign up to our marketing database
When you enter a competition
When you purchase a gift voucher
When you become a member of one of our Health Clubs
When you fill out a feedback form
Information about your activity with us When you make a booking or reservation
When you make an enquiry or complete a form
Names of fellow guests, including the age of any children When you make a booking for people other than yourself Communication we have with you (emails, letters, telephone calls, messages sent to us, feedback) When you get in touch with us
When you respond to our requests for feedback
Information about your activities in our hotels We use CCTV in and around our hotels. We also use automated number plate recognition (ANPR) in some of our hotel car parks.
We keep a record of phone numbers dialled, and call duration, from hotel bedroom phones for billing purposes.
Payment card details When facilitating payment by card Information about how you use our website and emails (including your IP address, browser type, geographical location, referring website or source, the duration of your visit, pages viewed and files downloaded)
Information about your interests and preferences
When you use our website (e.g., to browse or to make a booking)
When you accept our cookies placed on your device
When you open our marketing emails
When you interact with our online advertisements
When you get in touch with us
When you respond to our requests for feedback
We may also collect limited amounts of more sensitive personal data in order to provide certain services to you:
- When you join one of our health clubs or have a consultation with a personal trainer, we will collect certain information relating to your health
- Similarly, when you have a spa treatment with us, we will collect certain information relating to your health
- You may give us information about any allergies or other special requirements you have
- We may collect more sensitive information if you have had an accident in one of our hotels.
Please see the information below on how we use and protect all of your personal data, including sensitive data.
- 5. How we use your personal data
We can only use your personal data if we have a valid reason (or "lawful basis") for doing so. The law defines a number of possible reasons, of which the following four apply to our use of your data:
- To fulfil a contract we have with you
- When you consent to it
- If we have a legal obligation to use your data for a particular reason
- When it is in our legitimate interests
In cases where we have chosen "legitimate interests", we will give you further information on what these interests are and why the processing of your data is necessary to achieve this. If we choose this basis, we will have ensured that we have balanced our interests against yours and believe that you would reasonably expect us to use your data in this way.
You can find detail on the different ways in which we use your personal data, and the reasons for doing so, below.
What we use your personal data for Lawful basis Our legitimate interests To respond to your enquiries or requests Legitimate Interests As you have made an enquiry with us, we need to respond to this enquiry To process any reservations or bookings you may have with us; before and during your stay Contract Not applicable To give you further information about any reservations, bookings or subscriptions you may have with us Legitimate Interests We want you to have the best possible experience To send you requests for feedback on your experience with us Legitimate Interests We continually strive to improve our services and need your input to do so To inform you about our news and offers that we think you might be interested in Consent
We think you will be interested in offers that are similar to what you have previously purchased with us, you can opt-out at any time. To meet certain legal responsibilities, e.g., collecting registration data or cooperating with police Legal obligation Not applicable To combat fraud and manage risk for us and our customers Legitimate interests We need to protect our business and our customers To respond to complaints and to seek to resolve them, including refunds where appropriate.
To investigate accidents and improve our processes for the future
Legitimate interests We want to resolve complaints as best we can. We also want to improve processes and service levels for the future. To personalise your experience on our digital channels and our interactions with you (see detail below). Legitimate interests We want you to have the best possible experience with us.
- 6. How we use your data to personalise your experience
We use these data to personalise your experience in the following ways:
- To identify your likes and dislikes, so that in future we send you news and offers that are more interesting to you (e.g., for certain hotels)
- To understand more about your preferences and purchasing habits, so that we can match you with similar customers and use this to offer you and other customers more relevant products and services. Sometimes we use third party systems or tools to help with this.
- To help you complete a booking, if you leave the booking path before your booking is finalised.
- To show you more relevant advertising online
- 7. How we work with Third Parties
We use a number of Third Party systems to collect and process your data for the purposes shown above. This includes our website (which is developed and hosted by a Third Party), our reservation systems, some marketing systems (such as email systems) and our payment system providers. We ask that they follow the same rigorous data protection standards that we do
We collect personal data from Third Party agents who process reservations or other information on our behalf. Examples of this include online travel agents and our WiFi provider.
We sometimes share your anonymised data with Third Party advertisers, so that they can better target their advertising to you and other customers.
We will never sell, rent, loan or share your personal data with a third party for the purpose of marketing activity of any nature, unless you have provided us with explicit permission to do so.
- 8. How long we keep your data
We only keep your data only for as long as we need it. How long we need data depends on what we are using it for, as described above.
We will actively review the personal data we hold and when there is no longer a need for us to hold it, we will either delete it securely or in some cases anonymise it.
We aim to destroy any paper copies of your personal data as soon as they have served their purpose (e.g., once information has been entered into a system). In the cases where we need to keep paper copies for longer, we ensure that they are stored securely and access is limited.
- 9. Your rights and how to manage the marketing communications you receive
You have a number of rights with regard to your data, which include:
- The right to access your data
- The right to rectify your data, if you believe there is an error such as the spelling of your name
- The right to delete your data or restrict their use
- The right to are object to the certain uses of your data
Should you wish to exercise any of these rights, please complete our data access form and e-mail it to [email protected]. We will deal with data access requests promptly and in any event within a month of receiving it, or (if later) from the day any information requested to confirm the requester’s identity is obtained. In rare cases, when the request is particularly complex or numerous, this deadline may be extended by a further two months (in which case we will let you know within one month). This service is free, unless the request is manifestly unfounded or excessive.
We may send you marketing communications by email if you have opted in to receive such emails (e.g., at the point of purchase or when checking in), or if you have recently opened one of our marketing emails and have not told us that you no longer wish to receive marketing emails.
You have the right to opt out of receiving future marketing communications at any time and can do so by clicking the unsubscribe link in any email that we have sent you. Alternatively, you can email [email protected] to ask to be removed from our mailing list. Please note, because we use multiple email systems it can take up to two weeks for all of them to be updated.
Please note that if you tell us that you do not wish to receive marketing communications, you will still receive service emails which are directly related to your reservations or subscriptions, for example a booking confirmation.
- 10. If you have any further questions or complaints