• 1. Introduction

    At Hand Picked Hotels, we use certain elements of your personal data to provide our hospitality services to you. In this Privacy Policy, we have described how we collect, store and use your personal data. We take every care to protect your personal data and your privacy during this process in accordance with all relevant legislation. There are steps you can take to control what we do with your personal data and these are explained in the policy.

    By personal data, we mean data which could be used to identify you, including your name and contact details, and any related data which could be attributed to you. It may also include information about how you use our website and other services.

    This policy does not include information about the privacy of Hand Picked Hotels employees’ data, which can be obtained from our HR department.

  • 2. Who is responsible for your personal data

    Hand Picked Hotels Limited is responsible for your personal data. Our registered address is The Old Library, The Drive, Sevenoaks, Kent, TN13 3AB. We are registered as a company in England and Wales under company number 3760451. We are the data controller of the personal data which we collect from you, and so we are responsible for the ways your personal data are collected and the purposes for which your personal data are used.

  • 3. How we protect your data

    We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to your personal data.

    We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.

    The vast majority of our data processing is undertaken in the European Economic Area (EEA). We will ensure that any data that is processed outside of the EEA adheres to the same security standards as that processed inside the EEA.

  • 4. What personal data we collect from you

    Depending on how you use our services, we may collect any of the following personal data from you:

    Type of personal data Places where these may normally be collected
    Your name and contact details (email address, telephone number, address) When you create a web account or become member of our loyalty programme

    When you make a booking or reservation (including via 3rd party travel agents)

    When you make an enquiry, complete a form or download a brochure (including via 3rd parties)

    When you register for our free Wi-Fi

    When you sign up to our marketing database

    When you enter a competition

    When you purchase a gift voucher

    When you become a member of one of our Health Clubs

    When you fill out a feedback form
    Information about your activity with us When you make a booking or reservation

    When you make an enquiry or complete a form
    Names of fellow guests, including the age of any children When you make a booking for people other than yourself
    Communication we have with you (emails, letters, telephone calls, messages sent to us, feedback) When you get in touch with us

    When you respond to our requests for feedback
    Information about your activities in our hotels We use CCTV in and around our hotels. We also use automated number plate recognition (ANPR) in some of our hotel car parks.

    We keep a record of phone numbers dialled, and call duration, from hotel bedroom phones for billing purposes.
    Payment card details When facilitating payment by card
    Information about how you use our website and emails (including your IP address, browser type, geographical location, referring website or source, the duration of your visit, pages viewed and files downloaded)

    Information about your interests and preferences
    When you use our website (e.g., to browse or to make a booking)

    When you accept our cookies placed on your device

    When you open our marketing emails

    When you interact with our online advertisements

    When you get in touch with us

    When you respond to our requests for feedback

    We may also collect limited amounts of more sensitive personal data in order to provide certain services to you:

    • When you join one of our health clubs or have a consultation with a personal trainer, we will collect certain information relating to your health
    • Similarly, when you have a spa treatment with us, we will collect certain information relating to your health
    • You may give us information about any allergies or other special requirements you have
    • We may collect more sensitive information if you have had an accident in one of our hotels.

    Please see the information below on how we use and protect all of your personal data, including sensitive data.

  • 5. How we use your personal data

    We can only use your personal data if we have a valid reason (or "lawful basis") for doing so. The law defines a number of possible reasons, of which the following four apply to our use of your data:

    • To fulfil a contract we have with you
    • When you consent to it
    • If we have a legal obligation to use your data for a particular reason
    • When it is in our legitimate interests

    In cases where we have chosen "legitimate interests", we will give you further information on what these interests are and why the processing of your data is necessary to achieve this. If we choose this basis, we will have ensured that we have balanced our interests against yours and believe that you would reasonably expect us to use your data in this way.

    You can find detail on the different ways in which we use your personal data, and the reasons for doing so, below.

    What we use your personal data for Lawful basis Our legitimate interests
    To respond to your enquiries or requests Legitimate Interests As you have made an enquiry with us, we need to respond to this enquiry
    To process any reservations or bookings you may have with us; before and during your stay Contract Not applicable
    To give you further information about any reservations, bookings or subscriptions you may have with us Legitimate Interests We want you to have the best possible experience
    To send you requests for feedback on your experience with us Legitimate Interests We continually strive to improve our services and need your input to do so
    To inform you about our news and offers that we think you might be interested in Consent

    Legitimate interests
    We think you will be interested in offers that are similar to what you have previously purchased with us, you can opt-out at any time.
    To meet certain legal responsibilities, e.g., collecting registration data or cooperating with police Legal obligation Not applicable
    To combat fraud and manage risk for us and our customers Legitimate interests We need to protect our business and our customers
    To respond to complaints and to seek to resolve them, including refunds where appropriate.

    To investigate accidents and improve our processes for the future
    Legitimate interests We want to resolve complaints as best we can. We also want to improve processes and service levels for the future.
    To personalise your experience on our digital channels and our interactions with you (see detail below). Legitimate interests We want you to have the best possible experience with us.


  • 6. How we use your data to personalise your experience

    We use the data we collect about you from different sources to try to understand more about you and your preferences, so that we can personalise your experience. We use data that you have directly given to us (such as through reservations or enquiries) as well as data we have obtained from your online activities, such as interactions with our marketing emails or activities on our website (including the use of Cookies). You can find out more about Cookies in our Cookie Policy.

    We use these data to personalise your experience in the following ways:

    • To identify your likes and dislikes, so that in future we send you news and offers that are more interesting to you (e.g., for certain hotels)
    • To understand more about your preferences and purchasing habits, so that we can match you with similar customers and use this to offer you and other customers more relevant products and services. Sometimes we use third party systems or tools to help with this.
    • To help you complete a booking, if you leave the booking path before your booking is finalised.
    • To show you more relevant advertising online
  • 7. How we work with Third Parties

    We use a number of Third Party systems to collect and process your data for the purposes shown above. This includes our website (which is developed and hosted by a Third Party), our reservation systems, some marketing systems (such as email systems) and our payment system providers. We ask that they follow the same rigorous data protection standards that we do

    We collect personal data from Third Party agents who process reservations or other information on our behalf. Examples of this include online travel agents and our WiFi provider.

    We sometimes share your anonymised data with Third Party advertisers, so that they can better target their advertising to you and other customers.

    We will never sell, rent, loan or share your personal data with a third party for the purpose of marketing activity of any nature, unless you have provided us with explicit permission to do so.

  • 8. How long we keep your data

    We only keep your data only for as long as we need it. How long we need data depends on what we are using it for, as described above.

    We will actively review the personal data we hold and when there is no longer a need for us to hold it, we will either delete it securely or in some cases anonymise it.

    We aim to destroy any paper copies of your personal data as soon as they have served their purpose (e.g., once information has been entered into a system). In the cases where we need to keep paper copies for longer, we ensure that they are stored securely and access is limited.

  • 9. Your rights and how to manage the marketing communications you receive

    You have a number of rights with regard to your data, which include:

    • The right to access your data
    • The right to rectify your data, if you believe there is an error such as the spelling of your name
    • The right to delete your data or restrict their use
    • The right to object to the certain uses of your data

    Should you wish to exercise any of these rights, please email [email protected] and we will forward a data access form for you to complete and return. We will deal with data access requests promptly and in any event within a month of receiving it, or (if later) from the day any information requested to confirm the requester’s identity is obtained. In rare cases, when the request is particularly complex or numerous, this deadline may be extended by a further two months (in which case we will let you know within one month). This service is free, unless the request is manifestly unfounded or excessive.

    We may send you marketing communications by email if you have opted in to receive such emails (e.g., at the point of purchase or when checking in), or if you have recently opened one of our marketing emails and have not told us that you no longer wish to receive marketing emails.

    You have the right to opt out of receiving future marketing communications at any time and can do so by clicking the unsubscribe link in any email that we have sent you. Alternatively, you can email [email protected] to ask to be removed from our mailing list. Please note, because we use multiple email systems it can take up to two weeks for all of them to be updated.

    Please note that if you tell us that you do not wish to receive marketing communications, you will still receive service emails which are directly related to your reservations or subscriptions, for example a booking confirmation.

  • 10. If you have any further questions or complaints

    Please contact us on [email protected] in the first instance. If you are not satisfied with the response that we give you, you have the right to complain to the Information Commissioner’s Office (ICO), whose details can be found on