This privacy notice describes how Hotel Xanadu collects and uses personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR) when you use www.hotelxanadu.com.
We are dedicated to using your personal information in accordance with the General Data Protection Regulation and not to do anything you wouldn’t reasonably expect.
This notice applies to:
• All clients, guests and visitors to our website.
• All Third Parties and Suppliers with whom we have dealings in the ordinary course of our business including those individuals with whom we send marketing information to. Any reference to ‘you’ or ‘Data Subject’ shall mean any individual receiving this notice for whom we hold personal data. We only use your data to ensure you have a positive experience each time you interact with Hotel Xanadu.
That includes doing things like:
• Confirming, amending or cancelling a reservation
• Contacting you in response to a request you have made
• Following up to ensure everything was as per your requirements
• Storing your details securely in order to provide you with seamless service for repeat business
• Contacting you via email, if you have chosen to opt in to our loyalty scheme or newsletter database
• Informing you of a change to our policies or any issues with a service/facility
• We also use it for business, regulatory and legal purposes, like health and safety (e.g. registration forms so we can account for guests in Hotel Xanadu).
Our general email enquiry form on the website is sent via an encrypted channel however we ask that you do not include confidential information when using them (such as bank account details). The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted online and transmission is made at your own risk. If you communicate with us by email then you assume the risks of such communications being intercepted, not received/delivered or are received by individuals other than the intended recipient.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect the following information:
• Job title
• Contact information including email address
• Demographic information such as post code
• Your preferences and interests according to your activity on our website.
• Allergy information for guests dining with us
• Health considerations for guests.
• Cookie Usage: Cookies are small amounts of information that are sent to and are stored on your computer. They are used by ourselves to identify you when you visit our website, and to make your use of the site more convenient for you.
We use non-essential cookie tracking on our website such as Google Analytics and Facebook Pixel.
We need your information to provide the services that you requested. This will help us to:
Fulfil reservations, payment, send administrative information, confirmations or pre-arrival messages for private reservations, or to assist you with meetings and events and provide other information about the property.
Complete your reservation and stay, or to process your payment ensuring that your room is available and provided with appropriate customer service.
Manage your participation in our Loyalty Program, provide your benefits, send you offers and promotions, manage your account status, assist you to earn, track and use your loyalty benefits.
Internal record keeping
We may use the information to improve our products and services.
We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail.
We may use the information to customise the website according to your interests.
We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
Typically, we will collect personal data from people other than our clients in the following ways
Where we have met individuals at networking or other marketing events;
Where individuals have made enquiries with us regarding possible goods or services but have not subsequently become clients of the business;
Where we have dealt with individuals in the capacity as suppliers of goods or services to the Company;
Where we have regular business-related dealings with you;
Data that has come to our attention as a result of our service to you as our Client.
No. We will not sell, distribute or lease your personal information to third parties unless we have your permission or we are required to do so by law.
We use third parties to provide certain services e.g. online bookings, and online gift vouchers. All partners are selected on the basis they are compliant with current legislation and do not sell, distribute or lease your personal information.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Yes. We have put in place measures to protect the security of your information. Feel free to contact us (see contact details) if you would like details of the measures we have put in place.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to employees and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Your personal data will be retained for as long as it is necessary to fulfil the purpose for which it is collected, or for business or legal purposes, or in accordance with applicable laws. We will also retain your relevant information to be used for accounting or reports specific to our business requirements.
Yes. You can request to view or delete any information we hold on you at any time. Please contact us via email or in writing, providing two copies of your ID e.g.
• Driving licence
• Birth certificate
• Utility bill (from the last three months)
• Current vehicle registration document
• Bank statement (from the last three months)
• Rent book (from the last three months)
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which may give you reason to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by email at [email protected] or in writing.
Please note that where you ask us to erase, correct, object to process or seek to restrict our processing of data we may refuse your request where we have a legal obligation, contractual or other legitimate business interest to refuse your request. If we refuse your request then we will notify you of this refusal and you will have the right to appeal.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we reserve the right to charge a fee of £10 if your request for access is clearly unfounded or excessive.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us by email or in writing. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We have appointed a Data Privacy Manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please email us at [email protected] or write to us at our contact address.
Please note, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Information Commissioner’s Office Wycliffe House
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Hotel Xanadu is managed by Inn-telligence ltd (www.inn-telligence.com). We are obliged to abide by all relevant UK and European Union legislation. Inn-telligence ltd shall comply with the following legislation and other legislation as appropriate:
The Data Protection Act (1998) The Data Protection (Processing of Sensitive Personal Data) Order 2000.
GDPR April 14th 2016 (in force May 25th 2018)
The Copyright, Designs and Patents Act (1988)