As our valued guest ("You"), we value your commitment to Kensington Court Hotel Notting Hill (“KCHNH”).
WHO COLLECTS MY DATA?
Data is collected during the booking process either via a brand booking engine or independent third party booking engine provider.
WHEN IS MY PERSONAL INFORMATION COLLECTED?
PD may be collected in certain circumstances as follows:
- Booking of a hotel room - through on and offline channels including brand and independent third party booking engines
- Check in and check out
- Consumption during a stay in a hotel as tracked through room charges
- Claims, requests and/or disputes
- Participation in marketing programs
- Registering with loyalty programs
- Contribution to guest’s surveys and/or comments (e.g. "Guest Satisfaction Survey", "Contact us"; "Guests comments”)
- Provision of information by third party service providers
- Filling in of an online collection form (e.g. online bookings, questionnaire, forms)
WHAT ARE THE PURPOSES OF DATA COLLECTION BY KCHNH?
We use PD for the following purposes:
- To deal with Your enquiries and requests
- To book and reserve hotel rooms and requested accommodation
- To establish and maintain business records and comply with accounting requirements and local regulations
- For back office processing; including managing a list of undesirable guests, further to a non-payment, or to improper behaviour
- To manage guests' complaints
- To let You benefit from our loyalty program
- To implement security and fraud prevention means
- Administering membership records
WHAT PERSONAL INFORMATION IS COLLECTED BY KCHNH?
As a customer at KCHNH, You may be asked, at various times, to provide PD about You, such as:
- Contact information, e.g. name, telephone numbers, e-mail addresses, postal addresses
- Other personal details: date of birth; nationality
- Credit card details (only in secure transactional related system)
- Membership card numbers of any loyalty program
- Your dates of arrival and departure
- Your preferences and interests, e.g. preferred location of room (low floor, high floor), type of bed, preferred newspaper, sports and cultural interests
- Any questions/comments You may have during or after your stay in one of our hotels
PERSONAL INFORMATION FROM CHILDREN
We do not knowingly contact or collect information from persons under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.
It is possible that we could receive information pertaining to persons under the age of 18 by the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about persons under the age of 18, please do so by sending an email to [email@example.com].
COLLECTION OF SENSITIVE PERSONAL DATA
The term "sensitive information" refers to information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, or sexual orientation, genetic information, criminal background, and any biometric data used for the purpose of unique identification.
We do not knowingly collect sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life details unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs (for example, the provision of disability access).
COLLECTION OF PERSONAL INFORMATION VIA COOKIES
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies on www.allaboutcookies.org.
Personal Information regarding a user’s journey through our websites is collected when visiting KCHNH.
Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, or look at the instruction on www.allaboutcookies.org.
SHARING OF YOUR PERSONAL INFORMATION
We will not share your data with third parties unless we are obliged to disclose personal data by law, or the disclosure of national security, taxation and criminal investigation, or we have your consent, and to the following.
These authorized individuals include (but is not limited to):
- Hotel teams using reservation tools
- Information technology team
- Medical services
- Legal Department staff
Our service providers are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by us.
3RIGHTS TO ACCESS AND MODIFY YOUR PERSONAL INFORMATION
You have the right to access, modify or delete Your PD at any time.
However, please note that if You object to the collection of PD, we may, in certain circumstances be unable to provide You with services requested during your stay at a hotel.
If You wish to exercise your rights on your PD held by a KCHNH, then You must contact the hotel directly.
KCHNH does not charge individuals for any requests made regarding collection of PD.
In the interests of protecting the privacy of all KCHNH guests, we will need to identify You properly prior to responding to your request. To this end, we may request a copy of a valid identification paper such as a current driver's license, identity card or passport.
If your PD is not accurate, complete or up to date, please provide KCHNH with your request for correction at the contact details outlined below. Any requests for correction will be dealt with as soon as practicable or in compliance with applicable law.
RETAINING PERSONAL INFORMATION
Data will not be kept for longer than is necessary. Records with financial data will be retained for six years.
We retain personal data about you for the period necessary to fulfil the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law. We retain personal information collected in order to fulfil guest reservations for seven years after the stay is completed. We retain other personal information for shorter periods of time if possible and if permitted by law.
We will destroy your personal information as early as practicable and in a way that the information may not be restored or reconstructed.
If printed on paper, the personal information will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.
It is KCHNH’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours. In the 4event that a breach is likely to result in a high risk to the rights and freedoms of an individual, KCHNH will notify those concerned directly. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.
Under the GDPR the relevant DPA has the authority to impose a range of fines of up to four percent of annual worldwide turnover or twenty million Euros, whichever is the higher, for infringements of the regulations.
Within a breach notification, the following information will be outlined:
- The nature of the personal data breach, including the categories and approximate number of individuals and records concerned
- The name and contact details of the Data Protection Team
- An explanation of the likely consequences of the personal data breach
- A description of the proposed measures to be taken to deal with the personal data breach
- Where appropriate, a description of the measures taken to mitigate any possible adverse effects
COMPLIANCE WITH GDPR
The following actions are undertaken to ensure that KCHNH complies at all times with the accountability principle of the GDPR:
- The legal basis for processing personal data is clear and unambiguous
- All staff involved in handling personal data understand their responsibilities for following good data protection practice
- Training in data protection has been provided to all staff
- Rules regarding consent are followed
- Routes are available to data subjects wishing to exercise their rights regarding personal data and such enquiries are handled effectively
- Regular reviews of procedures involving personal data are carried out
- Privacy by design is adopted for all new or changed systems and processes
- The following documentation of processing activities is recorded:
- - Organisation name and relevant details
- - Purposes of the personal data processing
- - Categories of individuals and personal data processed
- - Categories of personal data recipients
- - Agreements and mechanisms for transfers of personal data to non-EU countries including details of controls in place
- - Personal data retention schedules
- - Relevant technical and organisational controls in place
- - These actions are reviewed on a regular basis as part of the management process concerned with data protection.
Any personal data in hard copy format will be kept in a locked filing cabinet, drawer or safe, with restricted access. Confidential paper records will not be left unattended or in clear view anywhere with general access. All electronic devices are password-protected to protect the information on the device in case of theft. Digital data is coded, encrypted or password- protected, on a network drive that is regularly backed up on and off-site. All members of staff are provided with their own secure login and password, and every computer regularly prompts users to change their password. Emails containing sensitive or confidential information are password-protected if there are unsecure servers between the sender and the recipient.
KCHNH understands that recording images of identifiable individuals constitutes as processing personal information, so it is done in line with data protection principles. The hotel operates a multi camera, multi-screen, CCTV system, which is monitored in the public areas to ensure our guests and members of staff’s safety or for investigative purposes. Cameras are only placed where they do not intrude on anyone’s privacy and are necessary to fulfil their purpose.
All CCTV footage will be kept for approximately 90 days for security purposes, after which time will self-delete. Any CCTV footage which has saved on the system for investigative purposes is deleted once the case is completed.
Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.
The data controller in respect of our website is 4C UK Investment Limited, company registration number: 256044514 of 31 Lisson Grove, NW1 6UB. You can contact the data controller by writing to Data Protection Team, 4C Hotel Group, 31 Lisson Grove, NW1 6UB or sending an email to [firstname.lastname@example.org].
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information please contact the General Manager. Alternatively, you have the right to lodge a complaint with the supervisory authority.