1. THE IDLE ROCKS AND ST MAWES HOTEL COMMITMENT TO PROTECTING YOUR PRIVACY
Because we consider your privacy as the utmost of importance, our first priority is to offer you immaculate service in opulent surroundings. Your complete satisfaction and confidence in The Idle Rocks and St Mawes Hotel is essential to us. Along with the recent change of law, that’s why we have updated our privacy policy. This formalises our commitment to you and describes how we use your personal data. The main rules applicable within The Idle Rocks and St Mawes Hotel are founded on seven principles listed below.
2. CONSENT
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a person. Before providing us with this information, we recommend that you read this document describing our privacy policy. This Personal Data Protection policy forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you expressly accept the provisions of this policy.
3. PROTECTING YOUR PERSONAL DATA
3.1. Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.
3.2. Legitimacy: We will collect and process your personal data only for the purposes described in this policy.
3.3. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.
3.4. Storage: We will hold your personal data for the period necessary for processing in compliance with the provisions of the law.
3.5. Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. The details of the department to contact and steps to be taken in this respect are shown below in the clause “Access and modification”.
3.6. Confidentiality and security: We will ensure reasonable technical and organisational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorised use, disclosure or access.
3.7. Sharing and international transfer: We may share your personal data with third parties for payment processing, email services and other services essential to the running of the business (such as commercial partners and/or service providers) for the purposes set out in this policy. We will take appropriate measures to guarantee security when sharing or transferring such data.
For any questions concerning the seven principles of The Idle Rocks and The St Mawes Hotel data protection, please contact the General Manager at nick@stmawes.com via the details in the clause “Access and modification”.
4. SCOPE OF APPLICATION
This policy applies to all data processing implemented in our hotel and to our reservation websites
5. WHAT PERSONAL DATA IS COLLECTED?
At various times, we will be obliged to ask you, as a guest, for information about you and/or members of your family, such as:
Contact details (for example, last name, first name, telephone number, email)
Personal information (for example, date of birth, nationality, medical conditions)
Information relating to your children (for example, first name, date of birth, age)
Your credit card number (for transaction and reservation purposes)
Your membership number for any partner programs related to your stay
Your arrival and departure dates
Your preferences and interests (for example, preferred floor, cultural interests, newspapers)
Your questions/comments, during or following a stay.
The information collected in relation to persons under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We do not deliberately collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of sexual orientation. Depending on applicable local laws, other information which could be considered sensitive, such as your credit card number, your leisure activities, personal activities and hobbies, may be collected in order to meet your requirements or provide you with an appropriate service, such as a specific diet. In this case, depending on the laws in force in certain countries, your prior consent may be required with regard to the collection of this sensitive information.
6. WHEN IS YOUR PERSONAL DATA COLLECTED?
Personal data may be collected on a variety of occasions, including:
Hotel activities such as booking a room, checking-in and paying, requests, complaints and/or disputes.
Participation in marketing programs or events such as signing up for loyalty programs, participation in guest satisfaction surveys, online competitions, subscription to newsletters in order to receive offers and promotions via email.
Transmission of information from third parties such as tour operators, travel agencies, GDS reservation systems, and others
Internet activities such as connection to The Idle Rocks and St Mawes Hotel websites (IP address, cookies) online forms (online reservation, questionnaires, The Idle Rocks and St Mawes Hotels pages on social networks, etc).
7. HOW WILL WE USE THE INFORMATION ABOUT YOU?
We collect your personal data for the purposes of:
Meeting our obligations to our customers.
Managing the reservation of rooms and accommodation requests: Creation and storage of legal documents in compliance with accounting standards.
Managing your stay at the hotel: Monitoring use of services, Managing access to rooms, Internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behaviour, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).
Improving our hotel service, especially: Processing your personal data in our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes, Adapting our products and services to better meet your requirements, Customising commercial offers and the promotional messages we send to you, Informing you of special offers and any new services created by our Hotels
Managing our relationship with customers before, during and after your stay: Segmentation operations based on reservation history and customer travel preferences with a view to sending targeted communications, Predicting and anticipating future behaviours, Developing statistics and commercial scores, and carrying out reporting, Providing context data for offer tools when a customer visits the website or makes a reservation, Knowing and managing the preferences of new or repeat customers, Sending newsletters, promotions and tourist, hotel or service offers, or contacting by telephone, Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys, Taking into account the right to object, Using a dedicated telephone service to search for persons staying at The Idle Rocks or St Mawes Hotel in the event of serious events affecting the hotel (natural disasters, terrorist attacks etc.).
Use a trusted third party to cross-check, analyse and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your customer profile, and to allow us to send you personalised offers.
Improving The Idle Rocks and St Mawes Hotel services, especially: Carrying out surveys and analyses of questionnaires and customer comments, Managing claims/complaints, Offering you the benefits of our Reef Knot Club.
Securing and enhancing your use of The Idle Rocks and St Mawes Hotel website, especially: Improving navigation, Implementing security and fraud prevention.
Conforming to local legislation (for example, storing of accounting documents).
8. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA
To guarantee you the right of access and amendment (“Access and modification” clause), we have to share your personal data with internal and external recipients subject to the following conditions:
Within The Idle Rocks and St Mawes Hotel, in order to offer you the best service, we can share your personal data and give access to authorised personnel from The Idle Rocks and St Mawes Hotel, including:
Hotel staff
Reservation staff using reservation tools
IT departments
Commercial partners and marketing services such as an email service provider
Medical services if applicable
Legal services if applicable
Generally, any appropriate person within The Idle Rocks or St Mawes Hotel entities for certain specific categories of personal data.
With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with required services and improving your stay, for example:
External service providers: IT sub-contractors, banks, credit card issuers, external lawyers, dispatchers, printers.
Commercial partners: The Idle Rocks and St Mawes Hotel may, unless you specify otherwise to us, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyse and apply certain devices to your data. This data processing will allow The Idle Rocks and St Mawes Hotel and its privileged contractual partners to determine your interests and your customer profile and will allow us to send you personalised offers.
Local authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations, this includes emergency and law enforcement services.
9. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS
For the purposes set out in Clause 7 of this policy, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection. Consequently, in addition to implementation of this policy, The Idle Rocks and St Mawes Hotel employs appropriate measures to ensure secure transfer of your personal data to an external recipient located in a country offering a different level of privacy from that proposed in the country where the personal data is collected. Other than those that are required to carry out your reservation, data flows to countries having different levels of personal data protection are regulated by standard contractual manager-to-subcontractor clauses defined by the European Commission. Data flows to the United States are made to entities that belong to Privacy Shield.
10. HOW WE SECURE YOUR INFORMATION
The Idle Rocks and St Mawes Hotel takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are aligned with widely accepted international standards; we apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
For example: Policies and procedures
We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
We have a Business Continuity and Disaster Recovery strategy that is designed to safeguard the continuity of our service to our guests and to protect our people and assets
We place appropriate restrictions on access to personal information
We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies
Training for employees and contractors
We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal information and other sensitive data
We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
Vendor risk management
We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal information with which they are entrusted in accordance with our security policies and procedures
11. MARKETING
We would like to send you information about the products and services of our hotels which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email events@stmawes.com or click the unsubscribe link at the footer of any of our marketing emails.
12. COOKIES
We use cookies when you visit our site. There are four main types of cookies – here’s how and why we use them.
(1) Site functionality cookies – these cookies allow you to navigate the site and use our features.
(2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
(3) Customer preference cookies – when you are browsing, these cookies will remember your preferences (like your language or location), so we can make your experience as seamless as possible and more personal to you.
(4) Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/. Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site.
13. STORAGE OF DATA
We’ll hold on to your information for as long as you have a booking with us, and for as long as is necessary to provide support-related reporting, or accounting purposes. We’ll also hold on to your information if reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even if it is no longer needed to provide the services to you.
14. ACCESS AND MODIFICATION
You have the right to access your personal data collected by The Idle Rocks and St Mawes Hotel and to modify it subject to applicable legal provisions. You may also exercise your right to object by writing to the address below. If you have any questions, would like to request access, deletion or changes be made to your information please contact the General Manager directly by sending an email to nick@stmawes.com or by writing to the address below:
The Idle Rocks, Harbourside, St Mawes, TR2 5AN
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the above details. All requests will receive a response as swiftly as possible and in accordance with applicable law. Substantial access requests may incur an administration charge.
15. UPDATES AND CHANGES TO OUR HOW WE PROTECT YOUR PRIVACY
We may modify this policy from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at The Idle Rocks or St Mawes Hotel.
16. QUESTIONS AND CONTACTS
For any questions concerning our Privacy policy, please contact us by telephone on 01326 270 270 and ask to speak to the Data Protection Officer.