We are a data controller in respect of the data that we hold about you, (i.e. we are the company who is responsible for, and controls the processing of, your personal data) and we manage all our personal data in accordance with the Data Protection Act and General Data Protection Regulations (GDPR).
Personal data we may collect about you
The personal data that we hold about you will be specific to your relationship with us and may include some or all of the following:-
We may also collect details about your car if you use our car park when staying at or using one of our hotels, including the make and model of the car and the car registration number.
The types of personal information that we may collect and process in connection with our services to you, may also include sensitive personal data about you, also known as "special categories of personal data", if you volunteer this information during the completion of an online form. For example, information relating to your health including but not limited to your physical health and any disabilities you may have. If you volunteer such information, you will be consenting to our processing it for (where relevant) the purposes of adapting our services (for example, regarding accessibility or dietary requirements). We do not routinely collect this information unless you volunteer it, and we will only process this information with your consent to provide enable us to tailor our services to your needs.
Where we collect your personal information from
We collect most of our information from you directly, when you contact us directly or through our website. This may include, for example when you:
We may also receive some information, from third party booking agents such as Booking.com or Expedia.
Information about other individuals
We ask the primary booking individual to provide information about other members of their party to enable the booking and provision of the services. If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
• give consent on his/her behalf to the processing of his/her personal data
• receive on his/her behalf any data protection notices
• give consent to the transfer of his/her personal data abroad, and
• give consent to the processing of his/her sensitive personal data.
Occasionally, we may receive information about you from other sources, such as credit reference agencies, which we will add to the information we already hold about you in order to help us provide our services.
How we use your personal data
Our primary use of your personal information is to enable us to deliver our services to you, and provide you with the booking that you have requested.
We require certain information to enable us to enter into a contract with the individual booking the reservation online or over the telephone. Your contact information is needed in order for us to be able to confirm your hotel or restaurant reservation and notify you of any changes to our services or website that may affect you.
Any payment information you have provided is needed, where applicable, to enable us to confirm the reservation and to take payment for our services.
Your car details are needed in order for us to supply you with a parking permit.
We may also use your personal information where we are legally obliged to for fraud prevention and detection, or to defend or enforce our legal rights, including our booking terms.
We may be required to use your personal data to protect your vital interest in an emergency situation. This is to protect your safety or enable the emergency services to respond appropriately.
We also use personal information for our legitimate business interests in monitoring, developing and promoting our services. To do this we perform a number of administrative tasks including; managing the operation of promotions or competitions, publicising our services; administrating our website and reviewing the efficiency of our online services and communications; dealing with feedback or complaints; researching and performing statistical analysis and behavioural analysis; customer profiling; analysing your purchasing preferences and to monitor or enforce our terms and conditions or user policies.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance. We will notify you of the recording of communications each time you call our customer numbers.
Communicating with you
We may also use your personal information to offer you personalised services such as promotions, services, products and special offers that may be of interest to you.
If you have given permission for us to communicate with you in this way, we may contact you by mail, telephone, SMS, text/picture/video message or email. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by contacting us using the details below and we will remove your name and email address from the relevant mailing list.
From time to time we may use email as a way to keep in touch with our guests, but you will not receive any unsolicited emails or correspondence. If you agree to receive email communications from us, every email message we send to you will include an email address to which you can respond. If at any time you decide you do not want to receive marketing emails from us, simply let us know by contacting us using the details below and we will remove your name and email address from our mailing list.
Who we share your personal data with
Most of our business activities are conducted in-house, and where we need to bring in outside services, we will only share your personal data with businesses who have agreed to keep your data secure and confidential, and subject to appropriate protections.
We may disclose your personal data to other companies within our group, for example if you stay or use the services of our Cardiff hotel, we may share your information with our hotels in Bristol and Plymouth. Some of this information is shared for marketing, and some for our management and reporting.
We may also, where necessary, disclose your information to credit reference agencies (see "Credit Checking" below.
We may disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation.
Following a stay with us at one of our hotels, we share your email address with TripAdvisor in order to be able to an invitation to write a review. You can ask for your email not to be shared with TripAdvisor by informing us in writing at any time during your stay or by using the contact details below.
We may share or transfer your data if we sell or transfer our business.
Except as specified above, we will not provide your personal data to third parties without your prior consent, as we respect the privacy and confidentiality of our website users.
How we keep your data secure
We use technical and organisational measures to safeguard your personal data, for example:
• access to your account is controlled by a password and username that are unique to you
• we store your personal data on secure servers
• payment details are encrypted using SSL technology
Hard copies of your personal information including name, address, telephone number and email address, are collected when you arrive at one of our hotels when you complete our guest registration card and these are transferred to secure storage on site. Following the end of your stay these hard copy files are securely destroyed after 6 months.
Your car registration details will be held on a secure data system managed by New Generation Parking and we have an appropriate contract in place to ensure that your data is protected.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
How long we keep your personal information for
Whenever we collect and process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. For example, your payment information is held on our internal electronic booking system for 7 days after the departure date to confirm that payment has been effective and then is automatically deleted.
Any personal information you may have given that falls under the 'heading special categories of personal data' us will be kept on our secure booking system for the duration of your stay with us and deleted 6 months following the departure date of your last stay with us.
Your car registration details are held on the electronic parking system for 14 days after the expiry of your parking permit and then deleted.
Any hard copies of your contact details provided by you on our guest registration cards (which detail your name, address, telephone number and email address) are held in our secure storage facility for 6 months following the departure date of your last stay with us and then destroyed.
Any hard copies of your invoices are kept securely by us for 9 months and then destroyed.
Your guest contact details are held on our internal booking system for 6 months following your last stay with us.
Any recorded communications (such as telephone conversations and emails) taken for the purpose of quality assurance, training, fraud prevention and compliance are kept for 6 months and then securely destroyed.
To enable us and other companies in our group to make credit decisions about you and members of your household and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit grantors may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this.
As an individual you have a number of rights under the relevant data protection laws, including:
Please see the ICO website for further information on the above rights: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
These rights may be limited to certain defined circumstances and we may not be able to comply with your request. If you request to exercise these rights, we aim to respond to you within one month.
We will not charge a fee for dealing with your request. If you wish to receive a copy of your personal data or exercise these rights, please write or email the address below.
Our contact details
If there is anything in this notice that you are unclear about, please contact Rachel Gurney, on the contact details below, who shall be happy to answer any queries you may have concerning this privacy notice or the way in which we process your personal data.
By mail: Future Inns UK Hemingway Road, Cardiff, CF10 4AU
By e-mail: firstname.lastname@example.org
By telephone: 02920 487111
Changes to this privacy notice
Any changes we may make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice to ensure you are aware of the most recent version that will apply each time you access this website.
This policy is effective from 24.05.2018