This notice sets out how we collect and use the personal information that you provide to us. How we keep it secure and how you can access the information we hold about you.
Data Protection legislation sets out that personal data relates to a living individual, who can be identified from that data. Identification may be from the information alone or in conjunction with other information in the public domain.
We comply with Data Protection obligations by:
· Not collecting excessive information
· Storing and then destroying it securely
· Retaining it only for the period required
· Using it only for the purpose intended – we do not sell or share the information you give to us, with any third parties
We may amend this policy to reflect any legislative changes that take place.
What we collect
When you make a reservation with us, we may collect the following information:
· Email address
· Contact phone number
· Home address
· Credit/debit card details (type of card, card number card name, expiration date and security code)
· Date of arrival and departure
· Room preferences
· Special request requirements
· Car registration number
· Payment details – receipts
· Details of any guests sharing your booking – it is your responsibility to ensure that those you have provided personal data about are aware that you have done so, and understand how we may use the information
· Food and dining preferences
These details are used to reserve and secure your booking with us and ensure good customer service.
If you choose to correspond with us via email, we may retain the content of your email messages, together with your email address and our responses. When you make a reservation online, either via our website or booking site, we are notified of the booking and your personal information. This information is only used in connection with the management of your reservation with us or for reservation queries.
Why we collect your personal information
· To manage your booking
· Ensure good customer service
Occasionally we may need to use your information to handle and resolve legal disputes or for regulatory investigations and compliance. We may also need to use your personal information for the prevention and detection of fraud and other illegal or unwanted activities.
Lawful basis for processing legal information:
· Performance of a contract – we will use the information you provide in connection with our management of your reservation (the contract you have taken out with us).
Information shared with third parties:
When you make a reservation through our website, you are re-directed to US Booking Services Limited, trading as Freetobook. They operate the software that runs our online diary system on our behalf. We have access to any information that you provide on the Freetobook site whilst making a booking.
We treat any personal information you provide via Freetobook as though it had been provided to us directly and will not use this information other than for the purpose set out in this policy. Our access to the information on Freetobook requires a user ID and password. In particular, your credit/debit card information is stored securely and requires an additional password before it can be accessed.
Many guests make reservations through Booking.com or other online travel agents. We have access to any information you provide on those sites whilst making a booking. For details on how Booking.com or other online agents use your personal information, please see their privacy notices.
The details you provide to Booking.com and other online travel agents is automatically used to update our reservations diary, managed by Freetobook (see above). We treat any personal information that you provide via Booking.com and other online travel agents as if it had been provided to us directly. Our access to the information on Booking.com requires a user ID and password.
When you make a reservation through Booking.com, you provide an email address. Booking.com will send a confirmation of your booking to your email address. We are not provided with your email address, we can though, send you messages about your reservation via Booking.com. We will not use this facility other than for the purposes set out in this policy.
Note, where there is reference to a password, those passwords are known only to the proprietors of the business.
Retention of information:
Under the Immigration (Hotel Records Order 1972), we are required to keep registration information or at least 12 months. Our accounting records must be held for 5 years after 31st January, following the end of our accounting year ending in the previous fiscal year, ended on 5 April.
What security procedures are in place to safeguard your personal data?
We implement reasonable procedures to prevent unauthorised access to, and the misuse of personal data. We use appropriate business systems and procedures to protect and safeguard the personal data you give us.
· Any data held by Freetobook, Booking.com or other online travel agents require a password
· Access to email records requires a password
· Sales invoices are held manually in a file in the office and electronically on our accounting software
· Credit/Debit card details are held securely in compliance with the requirement, compliance criteria and validation process set out in the current Payment Car Industry (PCI) Data Security Standard issued by major credit card companies
How you can access your personal information
You have a right to review the personal information we hold about you. You can make a request by email or in writing to the contact details shown below.
You can also contact us, if you believe the information we hold about you is incorrect, if you believe we are no longer entitled to hold personal data about us, or if you have any questions about the information used or this privacy notice.
If you have any unresolved issues relating to the processing and storage of your personal information, you ultimately have the right to complain to the Information Commissioner’s Office. You can do so by telephone at 0303 1113 or by writing to Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
The person responsible for processing your personal data is James Fox, a proprietor of White Rose Guest House, Filey. Our email address is: firstname.lastname@example.org