This privacy notice covers the actions of Sarova Hotels and its associated hotels & spas (“Sarova Hotels”) within the United Kingdom. Sarova Hotels take your privacy seriously and will only use your personal information to provide the products and services that you have requested from us or to provide you with news and marketing services related to these products and services. We are committed to protecting any personal data you provide us, whether that data is provided directly or via a third party of your choosing.
The limited companies referred to within the banner Sarova Hotels can be considered Data Controllers. These limited companies are:
The Abbey Hotel Limited
Company No. 3389220
ICO Reg. No. Z6713875
The Bull Hotel Limited
Company No. 3389217
ICO Reg. No. Z6713918
The Rembrandt Hotel Limited
Company No. 2815107
ICO Reg. No. Z5430746
The Sir Christopher Wren Hotel Limited
Company No. 7490297
ICO Reg. No. ZA265766
What information is being collected?
Through Sarova Hotels’ websites the following services may collect user’s personal information
- Online advertising, remarketing and interaction through Google, Bing, Facebook, Instagram & Twitter (personal data, cookies and usage data)
- Collection of analytics data through Google Analytics and Google Tag Manager (cookies and usage data). This may include the browser you are using, your language settings, the IP address and other information pertaining to the computer itself.
- Through the services of third party software and service providers who may collect amongst other information, personal data, cookies and usage data. The main third parties are:
- Display of content from third party services such as BBC weather, Google Maps (personal data, cookies and usage data)
- Submitted user contact forms stored in WordPress (personal data, cookies and usage data)
Use of Sarova Hotels Complimentary Wi-Fi
Sarova Hotels uses the services of a third party specialist internet provider to facilitate the provision of our complimentary Wi-Fi for customer use.
When you connect to this service the 3rd party will record the following information about your connection
- email address
- MAC addresses
- history of logons
- basic device capabilities
This data is transferred to Amazon Web Services (Ireland). Amazon deals with a host of security aspects https://aws.amazon.com/security/. For this application our third party provider uses two factor authentication in combination with multi-tiered user access to ensure users can only access information they are entitled to view.
Forms Completed on Sarova Websites
All Sarova Hotels’ websites are located in the UK and are managed under the data safety policies of Data Protection Act.
How is personal data collected?
Information will only be collected from the customer. Either through their use of service partners, (e.g. travel agents, booking websites, etc.) where these service providers will be required to forward the customers information to Sarova Hotels in order for the requested service to be provided; or by the customer providing it directly to Sarova Hotels when they are communicating with us, or using one of our websites, a list of which can be found towards the end of this document.
Why is personal data being collected?
There are three legal bases upon which we would collect and transfer your personal information as described above:
- Contract – As part of fulfilling our side of the contract to provide our customers and visitors with hospitality and spa services. If you are not able to provide this data, it is possible that we will be unable to complete our side of any contract for the provision of goods and services.
- Legitimate Interest – In order to communicate information that relates to these services Sarova Hotels will be required to collect and process personal data about its customers.
- Consent – We will rely on your consent to use your personal information in order to provide you with news, special offers and promotions.
How will personal data be used?
For information that is collected purely in the act of providing the goods and services requested by the customer, this will be used by Sarova Hotels’ employees in order to ensure that they provide what the customer has asked for and in the manner they expect it. In this scenario, the information will only be collected and kept for as long as it is required in order to carry out these activities, or as required by Governmental authorities and related legislation.
Information that is obtained from the customer for news or marketing purposes will be added into Sarova Hotels’ customer relationship management software. This information will only be collected with the explicit consent of the customer, and in accordance with the Data Protection Act 1998 and EU General Data Protection Regulation.
Who will personal data be shared with?
Where the information is collected for news or marketing purposes, Sarova Hotels confirms that it will not share this data with 3rd parties for marketing purposes. The only time the customer’s data will be shared with a 3rd party is when it relates to the provision of a good or service which forms part of a package, or where we are using third-party service providers to communicate with you on our behalf. In all news and marketing correspondence from Sarova Hotels the user will have the ability to unsubscribe from these lists unless it is required for the provision of a requested good or service, or it is required to be retained by law.
Where the information is collected solely for the purpose of providing the requested goods or services, or where the customer has utilised the services of a 3rd party in order to make their reservation, such as; social media platforms (e.g. Facebook), travel agencies (e.g. Expedia) , review sites (e.g. TripAdvisor), price comparison sites (e.g. Trivago) or an installed 3rd party application from one of these service providers; the customer should understand that we will be required to share some of their data with these 3rd parties in order to facilitate the efficient provision of these services, or for contractual reasons. For example the passing of payment or commission information, provision of terms and conditions associated with the service provision, customer feedback, etc.
How long will my data be kept for?
Data will be kept for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for compliance with various laws required by United Kingdom government or European Union, for example 7 years for laws relating to tax.
We will endeavour to ensure that all data that is not required after these periods will be deleted/destroyed in a safe and secure manner. Any subscription to Sarova Hotels’ emarketing services will be kept until you request for it to be removed by exercising your rights in the sections below.
Who is retaining this information?
What are my rights?
Please be aware that in order to ensure privacy we may require you to undergo some verification tests to ensure that we are dealing with the correct identity’s data.
Right to know what is being kept
You have a right to know what information is kept about you by Sarova Hotels in order to obtain this we would require you to complete a Subject Access Request. This form can be found by clicking on the here.
Right to correct inaccuracy
If you believe any of the information being held about you to be in accurate you are invited to let us know and we will amend the records accordingly in a timely manner.
Right to portability
You are also welcome to request your data to be provided to you electronically. This will typically be provided in .csv (comma separated values) format.
Right to be forgotten
At any time you may request that we delete all the information we hold about you. Please be aware that we may need to keep some, if not all, of this data in order to comply with laws related to:
- Taxation and Anti-money laundering
Right to withdraw consent
Whilst we always gain your consent to hold data that is not required in order for us to carry out our contractual obligations, you are free to withdraw this consent at any time. This can be done by emailing email@example.com, advising one of our colleagues during your stay, or using the link that will be present on all emarketing correspondence.
Right to lodge a complaint to ICO
You have a right to complain to the Information Commissioner’s Office if you think that there is a problem with the way Sarova Hotels are handling your data. The following page gives you all the information you require about how to go about raising this complaint, including links to complaint letter templates, https://ico.org.uk/for-the-public/raising-concerns/.
Sarova Hotels’ websites
This policy also applies to the collection of data through the use of the following family of Sarova Hotels’ websites: