Our Commitment to Protecting your Privacy
Kew Green Hotels are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018. We know that you care how information about you is used and shared. Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely. This privacy policy describes the type of personal information that we may collect about you when you stay at our hotel or join our leisure club, how we use any personal information, the circumstances in which we may share the information and the steps we take to safeguard the information to protect your privacy.
We have published this notice to help you understand
- how Kew Green Hotels uses your personal data;
- who we share your information with, why and on what basis;
- and what your rights are.
If we make changes to this notice we will notify you by updating it on our website.
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number). Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.
This Customer Privacy Policy forms part of the terms and conditions that govern our hotel and leisure club services.
As used throughout this policy, ‘Kew Green Hotels’ refer to Kew Green Group Ltd, and any hotel and leisure club which is owned or managed by the Kew Green Group.
WHAT PERSONAL DATA WE COLLECT
1. HOTEL CUSTOMERS
At various times, we will be obliged to ask you, as a hotel customer, for information about you and/or members of your party, such as:
- Contact details (for example, last name, first name, telephone number, address, email)
- Personal information (for example, date of birth, nationality)
- Information relating to your children (for example, first name, date of birth, age)
- Your credit card number (for transaction and reservation purposes)
- Your membership number if you are a member of our loyalty program
- Your arrival and departure dates
- Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests)
- Your questions/comments, during or following a stay in one of our hotels
- The information collected in relation to persons under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult
- Our hotels use CCTV for safety and security monitoring purposes
Personal data of hotel customers may be collected on a variety of occasions, including:
- Hotel activities:
- Booking a room
- Checking-in and paying
- Eating/drinking at the hotel bar or restaurant during a stay
- Requests, complaints and/or disputes.
- Transmission of information from third parties:
- Tour operators, travel agencies, reservation systems, and others
- Internet activities:
- Connection to hotel websites (IP address, cookies)
- Online forms (online reservation, questionnaires, hotel pages on social networks, network login devices such as Facebook login etc.).
2. LEISURE CLUB MEMBERS
When you join the leisure club as a member, you are entering into a membership contract agreement with us, a copy of the terms & conditions for which you can find on the leisure club website. To enable us to set-up your membership and to help us improve your leisure club experience we will ask you to provide some personal information which may include
- Contact details (last name, first name, telephone number, email)
- Date of birth
- Bank account details (for direct debit memberships)
- Photograph
- Health Information
- Our leisure clubs use CCTV for safety and security monitoring purposes.
HOW WE USE YOUR INFORMATION
Data Protection says that we are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:
- Contract – your personal information is processed in order to fulfil a contractual arrangement
- Consent – where you agree to us using your information in this way e.g. for sending you information on hotel or leisure club promotions
- Legitimate Interests – this means the interests of Kew Green Hotels in managing our business to allow us to provide you with the best service
- Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes
We use your information in a number of different ways, primarily to fulfil a contract and also provide excellent service to our customers.
1. HOTEL CUSTOMERS
The table below set this out in detail, showing what we use the information we collect for:
Contact Details:
- To manage the reservation of rooms and accommodation requests and other hotel services
- To manage your stay at the hotel, room lists, restaurant bookings, special requests and services
- To monitor your use of hotel services
- To manage invoicing and payment records
- Carrying out surveys and analyses of questionnaires and customer comments
- Managing claims/complaints
- Offering you the benefits of our loyalty program
- Managing access to rooms
- Monitoring your use of services
Personal Information:
- To improve hotel services, to input to our marketing programme
- To assist promotion of our services, and adapting our products
Information relating to your children:
- Only supplied by an adult. Used to manage their stay at the hotel.
Credit Card Number:
- Managing the reservation of rooms, accommodation requests and to take payment
Loyalty Membership Number:
- Managing our relationship with customers before, during and after your stay
- Knowing and managing the preferences of new or repeat customers
- Managing the loyalty program and supply rewards
- Providing details for the customer database
- Developing statistics and commercial scores, and carrying out reporting
Arrival and Departure dates:
- To manage your hotel booking
Preferences and Interests:
- To enhance customers, stay at our hotel and to customise and improve the services we offer
Questions / Comments:
- To collect feedback to improve our services and monitor customer experience
2. LEISURE CLUB MEMBERS
The table below set this out in detail, showing what we use the information we collect for:
Contact Details:
- To manage the membership application and administration of your club membership
- To verify your membership status
- To manage payment records
- Carrying out surveys and analyses of questionnaires and customer comments
- Managing claims/complaints
- Offering you the benefits of our loyalty program
- To carry out obligations arising from membership contractual agreements
- To facilities booking of a class
Personal Information:
- To improve services, to input to our marketing programme
- For demographic profiling of our customer base, to assist promotion of our services, and adapting and improving our products and services.
Information relating to your children:
- We do not collect personal information from individuals under 18 years of age without the permission of their parent or guardian.
- Only supplied by a parent or guardian as required by the membership application process we will require the name, date of birth and age of any member under the age of 18.
Bank Account Details:
- If you are paying for your membership via monthly direct debit we will collect and securely store your bank account information for membership administration purposes.
Photograph:
- In the interests of security and the prevention of crime, we may take a digital photograph of each member to whom a membership card is issued
- To identify you as a club member
- By providing the digital photograph to us, you are consenting to our using it in the manner set out in this Policy
Membership Number:
- To manage your access to the club
- To monitor your usage of the club to assist us to supporting you achieve your exercise and health goals
Sensitive Information:
- As part of the gym induction process, at your discretion you may also share with us information about your general health and medical conditions
- This information is used to inform the prescription of an appropriate exercise programme*
- By providing sensitive information to us, you are consenting to our using it in the manner set out in this Policy
Questions / Comments:
- To collect feedback to improve our services and monitor customer experience
*Your attention is drawn to the Health Commitment Statement policy which outlines our responsibilities and what we can reasonably expect of each other in regards to your health, exercise any medical conditions.
YOUR RIGHTS
You are entitled to request the following from Kew Green Hotels, these are called your Data Subject Rights and there is more information on these on the Information Commissioners website www.ico.org.uk
- The right to be informed – The right to be informed about how your personal information is being used and processed (as described in this policy)
- Right of access – The right to access the personal information we hold about you
- Right to rectification – The right to request the correction of inaccurate personal information we hold about you and to have incomplete personal information completed
- The Right to ERASURE (also known as the Right to be Forgotten) – The right to request that we delete your data, or stop processing it or collecting it, in some circumstances
- Right to restriction of processing – to restrict processing of your personal information
- Right to data portability – to electronically move, copy or transfer your personal information in a standard form, or port elements of your data either to you or another service provider
- Right to object – The right to object to processing of your personal information
- The right to stop direct marketing messages, and to withdraw consent for other consent-based processing at any time
- The right to complain to your data protection regulator – in the UK, the Information Commissioner’s Office. We encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
If have any general questions about your rights or if you want to exercise your rights or have a complaint, please contact us, details in the contact us section.
1. WHO WE SHARE YOUR INFORMATION WITH AND WHY
Within Kew Green Hotels, in order to offer you the best service, we can share your personal data and give access to authorised employees including:
- Hotel staff
- Reservation staff
- IT departments
- Commercial partners and marketing services
- Legal services if applicable
- Generally, any appropriate person within Kew Green Hotels for certain specific categories of personal data.
Information about our hotel guests and leisure club members are an important part of our business and we do not sell this information to others. Kew Green Hotels works with a number of trusted suppliers, agencies and businesses in order to provide you the high quality services you expect from us. Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay or leisure club membership experience.
Some examples of the categories of third parties with whom we share your data are:
a) Booking Partners
Kew Green Hotels works with a number of trusted partners who take hotel bookings and manage reservation systems on our behalf. All partners are subject to thorough security checks, and will only hold the minimum amount of personal information needed in order to fulfil the bookings you make on our behalf.
b) IT Companies
Kew Green Hotels work with business who support our website and other business systems.
c) Marketing Companies
We work with marketing companies who help us manage our electronic communications with you or carry out surveys and reviews on our behalf. If customer have opted-in to receiving information regarding our goods and services we may utilise a marketing company to send out such information. For further information see the ‘Keeping in touch with you’ section of this policy.
d) Payment Processing
Kew Green Hotels work with trusted third party payment processing providers and banks in order to securely take and manage payments.
e) Debt Recovery and Fraud Prevention
We release your personal information on the basis that we have a legitimate interest in preventing fraud and money laundering, when we believe release is appropriate to comply with the law; enforce or apply our contractual agreements; or protect the rights, property or safety of Kew Green Hotel or our customers. This includes exchanging information with other companies and organisations for verification of identity fraud protection, credit risk reduction and debt collection.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
f) Local Authorities
We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
g) Business Transfers
As we continue to develop our business, we might sell or buy hotels or leisure clubs. In such transactions, hotel guest and leisure club member information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the customer or member consents otherwise). Also, in the unlikely event that Kew Green Hotels or substantially all of its assets are acquired, personal information will be one of the transferred assets.
h) Website
To improve our platform, prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical, research or other functions on our behalf.
i) Outside the UK
Whenever we transfer personal information to countries outside of the European Economic Area in the course of sharing information as set out above, we will ensure that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection.
KEEPING YOUR INFORMATION
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 5 years after the date it is no longer needed by us for any of the purposes listed under the ‘How we use your information’ section within this policy.
The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- In limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period
CANDIDATE PRIVACY POLICY
The candidate privacy notice is applicable to all prospective and current job applicants for Kew Green Hotels.
APPLICABILITY / SCOPE
This applies to all KGH colleagues and all those within KGH managed properties (unless otherwise informed by the Human Resources Director).
This policy is not contractual and the Company reserves the right to change it at any time.
GENERAL POLICY STATEMENT
As part of any recruitment process, we collect and processes personal data relating to sourced candidates and job applicants. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
WHAT INFORMATION DOES THE COMPANY COLLECT?
The Company collects and processes a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration, including benefit entitlements;
- whether or not you have a disability for which the company needs to make reasonable adjustments during the recruitment process;
- information about your entitlement to work in the UK; and
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief.
The Company collects this information in a variety of ways. For example, data is collected through online CV databases, application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving license; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessment.
In some cases, the Company collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
Data is stored in a range of different places, including in your personnel file, in the Company’s. HR management systems and in other IT systems (including the Company’s email system).
WHY DOES THE COMPANY PROCESS PERSONAL DATA?
The Company needs to process data to take steps at your request prior to entering into a contract with you. It also needs to process your data to enter into a contract with you.
In some cases, the Company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. [For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question].
The Company has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the company to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. The Company may also need to process data from job applicants to respond to and defend against legal claims.
Where the Company relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).
Where the Company processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.
For some roles, the Company is obliged to seek information about criminal convictions and offences. Where the Company seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
If your application is unsuccessful, the Company will delete all of your data within three months. Should you be suitable for future opportunities, we will ask for your consent to keep your data, to enable us to contact you regarding future opportunities. You are free to withdraw your consent at any time.
WHO HAS ACCESS TO DATA?
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
The Company shares your data with third parties in order to obtain any necessary criminal records checks from the Disclosure and Barring Service. The Company may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The Company also shares your data with third parties that process data on its behalf, in connection with payroll, the provision of benefits and the provision of occupational health services.
The Company will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The company will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.
HOW DOES THE COMPANY PROTECT CANDIDATE DATA?
The Company takes the security of your data seriously. The Company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
The Company has the follow internal controls:
- any data collected from CV databases will be done only for the purposes of an open role and will be kept for no longer than 1 month, or until the role has been filled; whichever is soonest
- when being contacted regarding an opportunity, we will share with you the candidate privacy policy, detailing your rights
- all applicant records are stored in a centralised system that will be deleted after six months, alongside email communications referencing each applicant. If we identify that there are future employment opportunities for which you may be suited, the Company will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.
Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data.
HOW LONG IS EMPLOYEE DATA KEPT FOR?
If your application for employment is unsuccessful, the company will hold your data on file for a maximum of three months after the end of the relevant recruitment process. If you agree to allow the Company to keep your personal data on file, the company will hold your data on file for a further six months for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request;
- Require the Company to change incorrect or incomplete data;
- Require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- Object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
- Ask the Company to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the Company’s legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact your Line Manager. You can make a subject access request by completing the Company’s form for making a subject access request.
If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.
WHAT IF YOU DO NOT PROVIDE PERSONAL DATA?
You are under no statutory or contractual obligation to provide data to the Company during the recruitment process. However, if you do not provide the information, the Company may not be able to process your application properly or at all.
You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.
AUTOMATED DECISION MAKING
Employment decisions are not based solely on automated decision-making.
HOW WE SECURE YOUR INFORMATION
Kew Green Hotels take data security seriously, and we take appropriate technical and organisational procedures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorised access or disclosure.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
Our information security policies and procedures are aligned with widely accepted international standards, we apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
To this end, we have taken technical and organisational measures;
1. TECHNICAL MEASURES:
- We have taken technical measures such as firewalls and encryption of computer and mobile device systems.
- When personal data is transferred encryption technology is used.
- When you submit credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- User ID / Password systems and procedures.
2. POLICIES & PROCEDURES:
- We have measures in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data
- We place appropriate restrictions on the levels and type of access to personal information and have organisational measures such as user IDs / passwords to control staff access to personal data in line with their job requirements
- We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
- We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies
- Training for employees and contractors
- We require privacy, information security, and other applicable training on a regular basis for our employees who have access to personal information and other sensitive data
- We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
- We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal information with which they are entrusted in accordance with our security policies and procedures
3. KEEPING IN TOUCH WITH YOU
We want to keep our customers up to date with information about special offers, benefits and improvements to our facilities and services.
When you engage with our marketing activities, or join our leisure clubs, either electronically on-line via website or social media for example, or in person at the hotel, we will ask you if you want to opt-in to receive this type of promotional information. If you have consented to receive marketing, you may opt out at a later date.
If you decide you do not want to receive this marketing information you have the right to ask us not to process your personal information for marketing purposes. You can request that we stop contacting you for marketing purposes by emailing [email protected], or via the unsubscribe link within any marketing email or SMS which you receive. You may continue to receive marketing information for a short period while your request is dealt with.
Kew Green Hotels will not share your information with outside companies for their marketing purposes.
We reserve the right to contact our hotel customers or leisure club members as necessary to fulfil the obligations and administration of our service. We will also communicate as deemed appropriate by Kew Green Hotels in regards to any changes to the product, services and facilities of the hotel or leisure club which may impact on you.