Last updated: March 2023
Hotel Saint (provided by Aldgate Hotel Opco Limited) is committed to protecting and respecting your privacy and personal data at all times. This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, through use of our services or products including staying at our properties (the “Services“) or the use of any of our websites or apps (together, the “Sites“), will be processed by us.
Please read the following information carefully to fully understand our practices regarding your personal data and how we will treat it. For information regarding the use of the Services, please see our Terms & Conditions.
At all times, we keep our privacy practices and the terms of this policy under review to ensure your personal data is processed as securely as possible and in accordance with applicable laws. This policy was last updated on the date given above. Any changes to this policy will be posted on our Sites.
INFORMATION WE MAY COLLECT FROM YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. To provide you with the Services and/or the Sites, we must collect, store, transfer, analyse and otherwise process some of your personal data. This policy describes what personal data we process and why.
The personal data we process includes:
- Name and Contact Information. For us to provide the Services and for other purposes, we require certain information about you including your first name and surname, postal address, email address and phone number. We will use the personal data for several purposes including securing your reservation, sending you communications with regards your reservation, verifying your identity, providing you with customer support, sending marketing communications via email, direct mail, text, and social media (where permitted), processing payments, and otherwise where necessary to provide you with the Services or fulfil any requests from you.
- Account Data. If you would like to create an account to access our Services more efficiently, we will require certain personal data from you to do this, including your name, email address and a password. You may also choose to provide additional data to your account so we can better get to know you (for example preference data, as described below).
- Other Reservation Data. When purchasing and using our Services, in addition to the above, we may also ask for other personal data if required or permitted by applicable law including nationality, date of birth and gender. This data may be optional or required but we will clearly let you know when we ask you for it.
- Passport or Other Proof of ID. When purchasing and using our Services, in addition to the above, we may also ask for a copy of your passport or other photographic ID, such as a driving licence. This is so we can confirm you are the person who made the reservation to use our Services and, where applicable, to comply with applicable laws.
- Preference Data. We want to ensure your use of our Services is the best it can be and therefore we like to tailor your experience to the best of our abilities. To do so, we need to know more information about you, what you like, what you don’t like, and anything else which we should know to make your use of the Services more enjoyable. This may include, for example, your room preference, whether you have any dietary requirements, whether you have any allergies, whether you have any disabilities which may or may not require special assistance when using our Services, or your preferred language.
- Service Usage Data. Once you have made a reservation to use our Services, we will collect other data which could identify you related to your use of the Services. This includes, for example, the room number you stay in, your arrival time, your check-out time, and any additional Services you use while staying at our property including booking a table at one of our restaurants.
- Additional Guest Data. We require you provide us with the names of all persons staying under your reservation. This is so we can keep an accurate record of who is using our Services at any one time for health and safety reasons and to ensure compliance with applicable laws. The guests may also be required to provide other data included in this list and may also choose to provide additional data (such as preference data) so they can experience a more tailored Service.
- Payment Data. To purchase the Services, we will require payment card information from you.
- Corporate Data. If you are using our Services for work purposes, we may collect information with respect to your employment, namely the name of your employer. Your employer may also have a corporate account with us and may provide us with information about you.
- Images or Footage Collected by CCTV. We use CCTV at our properties to ensure all of our guests, visitors and staff are kept safe and secure. CCTV cameras are only used on our properties where it is appropriate to do so.
- Query or Complaint Data. Should you wish to ask us a query or make a complaint about our Services or Sites, such personal data will also be automatically added to your account.
- Customer Ratings and Comments. If you choose to give us a rating and/or any comments, this will be considered your personal data. We may, depending on the circumstances, record your name and email address with your rating and/or comment.
- Technical, Usage and Cookie Data. We may collect information about your use of the Sites, including how you interact with the Sites and how often you use the Sites. We do this to better understand how to provide the Sites, what our users like about our Sites and what our users don’t like about the Sites. Such information may include, if applicable, your preferences, such as your language preference, internet protocol (IP) address, browser type and version, browser plug-in types and versions.
- Device Information. We may collect information about the device you use to access the Sites including the hardware model, the mobile network, and the time zone setting.
- Third Party Data. We may receive certain data about you from third parties including our advertising partners, social media providers, airline partners or travel agents. This data will be used to provide you with the Services.
- Sensitive Data. We may collect more sensitive information, for example, when you tell us about dietary requirements, disabilities and accessibility requirements or religious beliefs. Where you provide us with sensitive information, we will only hold this information with your express permission. This information is stored securely with restricted access and handled with the greatest respect to your privacy.
Where you provide information to us about other people, you need to make sure you have their permission to do so, or that you can speak on their behalf, for example, in the case of children.
HOW WE USE YOUR PERSONAL DATA
The reason we use your information will often be obvious from the way you interact with us, however, some uses of your information may not always be so obvious and we may use your personal information to:
- create your account,
- allow you to make a reservation at one of our properties and use such reservation,
- keep you updated with regards your reservation and to allow you to change your reservation in advance,
- allow you to set up an account,
- allow you to interact with us online and offline,
- send you product or service-related communications,
- verify your reservation, your identity and check you in,
- tailor your experience of the Services where possible,
- process any payments,
- make any bookings for Services at our outlets or other properties such as in one of our restaurants,
- keep guests safe and ensure the security of our hotels,
- ensure the acceptable use of our products and services,
- allow you to participate in membership / loyalty programmes,
- send you marketing materials via email, direct mail, text and social media, including in relation to other products and services provided by our group companies,
- check you out once your stay with us is over,
- facilitate payments and credit checks,
- facilitate the restructuring or sale of the Hotel,
- investigate and respond to disputes,
- provide you with help and support where required,
- comply with legal obligations on us. For anti-fraud and risk identification and management purposes, we may use your personal data to comply with legal obligations relating to fraud and other financial crimes, and to ensure you, your personal data and your finances are protected,
- verify activity, and to promote safety and security on Sites and at our properties. Should we believe you have breached our Terms & Conditions, or are acting suspiciously, we may investigate to ensure you are not breaking the law. This may include sharing your personal data with authorities if requested or deemed necessary,
- respond to any of your queries,
- improve and customise our Services and Sites.
We only process your personal data when it is lawful for us to do so. Certain laws require us to have lawful grounds when undertaking a processing activity. We rely on the following lawful grounds under applicable law to process your personal data:
- If you provide your consent, for example with respect to receiving marketing communications.
- The performance of the Terms & Conditions, which is a contract under which we agree to provide you with the Services, and you agree to the relevant obligations upon you.
- Compliance with a legal obligation to which we are subject, for example health and safety laws.
- To protect your vital interests or those of another natural person, for example if you suffer an injury while at one of our properties, and/or
- The legitimate interests pursued by us or by a third party as listed below, subject at all times to us ensuring your rights and freedoms do not outweigh the pursued interests.
The legitimate interests we pursue are:
- to constantly improve and customise our Services
- to tailor our Services
- to ensure the safety and security of our Service and Site users and third parties, and to promote such safety and security, and
- to secure our Sites from harmful acts such as cyber-security breaches.
When processing special category data, we may rely on the following additional lawful grounds:
- with your express consent
- when processing is necessary to protect your vital interests or those of another person
- when processing relates to personal data which are manifestly made public
- when processing is necessary for the establishment, exercise, or defence of legal claims
- when processing is necessary for reasons of substantial public interest.
SHARING YOUR PERSONAL DATA and international transfers
We may always share your personal data in the following circumstances and in accordance with applicable laws:
- we may share your personal data with your consent
- we may share your personal data with certain service providers, partners or group companies that facilitate and support us in providing the Services and Sites, including in relation to carrying out promotions, storing information or undertaking promotions
- we may share your personal data with certain service providers or groups companies to analyse our Services and Sites so we can improve and provide the best Services and Sites to you and others
- we may share your personal data if we are required to respond to law enforcement officials, regulatory agencies and other lawful requests or legal processes, or to comply with a legal obligation to which we are subject
- we may share your personal data if we undergo a merger, acquisition or other form or reorganisation and pursuant to such, a third party will become the controller of your personal data
- we may share your personal data with group companies if you request a product or service provided by one of our group companies, or if one of our group companies provides us with services which relate to the provision of the Services to you.
Please note that if we are required and permitted by law to transfer any of your personal data to a country outside that in which we collected it, we will do so in accordance with the applicable data privacy legislation. This may mean your personal data is transferred to a country outside the UK or the EU, such as to the U.S. The lawful requirements will depend on the flow of personal data, meaning it will depend on whether the sharing of personal data is cross-border and which countries are involved. At all times, we will ensure an essentially equivalent degree of protection is afforded to your personal data outside the country in which you are based. We generally do this by relying on the standard contractual clauses for transfers of personal data to third countries which have been approved by the European Commission and the Information Commissioner’s Office (the UK data protection authority).
SECURITY OF YOUR PERSONAL DATA
We take your privacy very seriously and work hard to protect your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place appropriate security measures to prevent this from happening, for example we use encryption tools and password protected access to certain documents.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties (as listed above) who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent your data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
YOUR RIGHTS
In certain circumstances and subject to certain jurisdictional restrictions, you may have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where we are relying on consent to process your personal data.
- Complain to the appropriate regulator for any data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the regulator so please contact us in the first instance.
We may need to request specific information from you to help us confirm your identity and ensure you are able to exercise the right you wish to exercise. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Please contact [email protected] if you would like to request us to erase your data.
THIRD PARTY LINKS
Our Sites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins and/or applications and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website or application you visit or use.