At The Secret Walled Garden, Monmouth, we are committed to protecting the data that we hold and use about you and to respecting your privacy.
We are confident that you will find the information that you need set out in this policy, but if you need to know more about the personal data that we hold or the ways that we use it, you can contact us by email at firstname.lastname@example.org or 07817869934 or by post at The Secret Walled Garden, Old Monmouth Road, Mitchel Troy, Monmouth, NP25 4HX.
This policy covers:
1) About this policy.
"Personal data" is any information that could be used to identify you in some way. The personal data that we collect, store and use from or about you may (depending on our relationship with you) include the following:
We collect personal data in a variety of ways including:
We use your personal data for a variety of purposes related to the day to day running of our business and ensuring the highest standards of service during your visit. From a legal perspective, there are various reasons and justifications for doing so and we have set out an explanation of these below.
In order to run our hotel, welcome guests and visitors to our premises, and ensure the provision of any products and services we offer to you:
We use your personal data in this way either because we have a contract with you (for example, if you booked to stay with us we will need to process your data to ensure there is a room available for you) or because it is in our legitimate interests to do so (for example, it is in our interests to ensure that we meet the needs of all our guests and visitors and ensure everyone has an enjoyable experience) but we will always ensure that your rights are protected.
If we process any dietary or health information (or other particularly sensitive personal data) we will only ever do this with your explicit consent or as otherwise permitted under relevant data protection laws.
For marketing purposes, including to measure how effective our marketing is:
We rely on your consent to contact you directly by email about our business and any events we are running where we do not have a historic relationship with you. You can revoke this consent at any time.
In other scenarios, we will rely on our legitimate interests as a business, always ensuring that your rights are protected. You can inform us at any time if you no longer wish to receive marketing communications.
To share information with other third parties for marketing purposes but only where we have your consent to do so:
We will only ever share any personal data with third parties for marketing purposes where we have your consent to do so. You have the right to revoke your consent at any time.
In order to fulfil our agreement with you:
We use your personal data in this way either because we have a contract with you (for example, we will need to process certain personal data in order to pay your invoice) or because it is in our legitimate interests to do so (for example, from time to time we may wish to undertake credit checks on our suppliers) but we will always ensure that your rights are protected.
For administrative and internal business purposes:
It is in our legitimate interests as a business to use your data in this way. For example, we have a clear interest in ensuring that our website works properly and that our services are high quality and efficient. We will always ensure that your rights are protected.
For security and legal and compliance purposes:
In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your data in this way. We will always ensure that your rights are protected.
We will never sell your personal data or give it to anyone else for them to use for their own purposes without making that clear to you, however, we do sometimes still share your personal data in various ways, as set out below:
(i) Sharing with organisations providing services to us:
We engage various third parties to provide services to us for specific functions, and this will often mean that we need to share your personal data with them (it is in our legitimate interests to do so, since we may not have the capabilities to provide these services ourselves).
For example here are a few of the third parties we work with:
In every case, we will ensure that these third parties are only allowed to use your personal data in order to provide the relevant services to us. We will always make sure that we use organisations that we trust to look after your personal data appropriately and as required by applicable laws.
In rare circumstances we may need to share some data, including personal data with our insurers. We will only pass information to the insurer that it needs to provide adequate insurance cover and will always make sure we use insurers we trust to keep your personal data in the strictest confidence and as required by the law.
(ii) Sharing data in connection with changes to our group structure or the ownership of our business:
We are not currently part of a corporate group, however, if we sell or propose to sell our business or part of it, we may need to disclose your personal data to prospective buyers. Similarly, if our ownership structure changes, we may need to disclose your personal data to the new owners or operators of our website as part of that process.
(iii) Sharing data to comply with laws:
There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as with law enforcement agencies or public authorities in order to prevent or detect crime.
International transfers of personal data
Some of the processes involved in our use of your personal data (or the services our third party suppliers provide involving use of your personal data) may require your data to be stored or processed in countries outside of the European Economic Area (the "EEA") or outside of the United Kingdom. When this occurs we will make sure that we take steps necessary to protect your data as required by applicable laws, for example by implementing appropriate safeguards including by agreeing appropriate contract terms with the recipient of the data or by relying on recognised certifications such as the EU-US privacy shield.
(i) Security of your personal data:
We will ensure that appropriate technical and organisational measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data and we have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.
(ii) Retention of your personal data:
The law gives you a number of rights in relation to your personal data and our use of it. You have the right: 1. to ask us not to use your personal data for direct marketing purposes; 2. to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party); 3. to ask us to correct or update any personal data which is inaccurate; 4. to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to process it; 5. to ask us to temporarily stop using your data if you don't believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and 6. not to be subject to decisions made solely on the basis of 'automated processing' (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
You also have the right to complain about our use of your personal data. You can contact the Information Commissioner's Office via their website: https://ico.org.uk/concerns/ or by calling 07817869934.