About this privacy notice
At Considerate Hoteliers Ltd, we are committed to safeguarding the privacy of your personal data. This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users. It explains how we use your personal data and for what reasons, how we protect it, and what rights you have to control our use of it. Our website and services are not intended for children and we do not knowingly collect data relating to children.
Information about the data controller
In this policy, “we”, “us” and “our” refer to Considerate Hoteliers Ltd. We collect, use and are responsible for certain personal data about you. When we do so we are regulated under the General Data Protection Regulation (“GDPR”), which applies across the European Union (including the United Kingdom) and we are responsible as “data controller” of that personal information for the purposes of the law.
We are registered in England and Wales under registration number 07996155, and our registered office is: C/O Oliver Phillips Ltd, Suite 20, 46 Aldgate High Street, London, EC3N 1AL. Our principal place of business and contact address is: 2 Eastbourne Terrace, London, W2 6LG.
You can contact us:
(a) by post, at the contact address given above;
(b) using our website contact form;
(c) by telephone, on +44 (0)20 3865 2052;
(d) by email, using firstname.lastname@example.org
How we use your personal data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We use different categories of personal data for several different purposes, and each with its own lawful basis. These categories are detailed below:
If you complete the ‘Contact Us’ form on our website
If you complete the form on our website to contact us, we will store the data you enter (usually name, contact details, comment) for the purposes of answering your enquiry and/or marketing and business development. We do this on the basis that it is necessary for our legitimate interests in promoting our business to interested parties. We store your data for as long as we need to interact with you for these purposes. If you would like us to update or delete any of your information, please send us an email (as provided in our contact details above) or use the unsubscribe links on marketing emails.
We may hold your name, company, job title and contact details, if you work for a client or if you are working in an area related to our business. We will have been provided with this data either by you, a mutual contact or your employer, or in some cases we may have sourced it from publicly available sources. We need this data in order to interact with you (or your employer) for the purposes of the proper administration of our website and business, and to communicate with interested parties regarding news and updates.
We do this on the basis that it is necessary for our legitimate interests in operating and developing our business. We will hold your details for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see contact details above).
Providing your personal data to others
We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our business and the services we provide. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
Website analytics service providers
Website and data hosting service providers
Document storage service providers
Email, contacts and calendar service providers
CRM service providers
Accounting software service providers
For security reasons we do not name all our service providers in this privacy notice. The types of personal data we hold about you (and that may be transferred to our data processors) are set out above. Please contact us (see above) if you would like further information on specific data processors or the types of personal data they process for us.
We may also share your personal data with additional third parties as below in certain circumstances:
We will share personal information with law enforcement or other authorities (such as tax authorities) if required by applicable law.
We may share personal information with third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We may share personal information with professional advisors such as lawyers, accountants or auditors in order for them to provide us with legal, accounting or auditing services.
We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes.
International transfers of personal data
We do not directly transfer any of your personal data outside the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations.
All the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA. Please note that the reason companies may choose to do this is to hold back-up copies, so they can guarantee recovery.
In each case our processors and/or we employ one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
• Certain processors may only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Providers storing data in the US, may be self-certified to the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us (details as above) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them (generally free of charge).
You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, and withdrawal of consent cannot be backdated.
Where we process your data based on a “legitimate interest” (underlined in the section on “how we use your personal data”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You also have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, which we carry out based on your consent or where it is necessary to perform a contract with you. This right does not apply where it would adversely affect the rights and freedoms of others.
For further information on these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, please contact us via the contact details provided above. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We try to respond to all legitimate requests within one month of the request being received. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your rights to lodge a complaint with the Regulator
We hope to be able to resolve any reported issues promptly and fairly. However, at any time, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. They can be contacted via their website: https://ico.org.uk/concerns/, or by phone on 0303 123 1113.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647 (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
12.2 Blocking all cookies will have a negative impact upon the usability of many websites.
12.3 If you block cookies, you will not be able to use all the features on our website.