We only collect personal information about you where it is completely necessary or you have consented and we ensure that we only collect information that we need.
We will not send you marketing material unless you have given us permission to do so
We will not provide your personal information to third parties
THE CONTROLLER OF YOUR PERSONAL INFORMATION
Under applicable data protection laws, we are required to advise you who the controller of your personal information is. The controller of, and the person responsible for, the personal information covered by this policy is Patshull Park UK Limited t/a Patshull Park Hotel. Our contact details can be found under the heading ‘ HOW TO CONTACT US’
CUSTOMERS AND CONTACTS
A customer is someone who makes a booking, or stays, or uses any of the services at our hotel, including the golf club, golf course, leisure club, fishing lodge or any other facility, or is a member of our golf club, leisure club or fishing lodge.
A contact is someone who makes an enquiry, or contacts us, on our website or in person, or by letter, phone or email, enters into a competition run by us or use wi-fi services offered at our hotel but is not a customer of ours.
WHAT INFORMATION DO WE COLLECT ABOUT YOU
The data we collect, store and process may include the following types
Identity data, including but not limited to, your full name, title.
Contact data, including but not limited to, home address, email address, phone numbers.
Financial data, including but not limited to, your bank account details.
Communications data, including but not limited to, email communications
HOW WE COLLECT DATA
We will collect this data from you when you provide it to us by phone, email, post, through our website or in person.
HOW WE PROCESS COLLECTED DATA
We will only use your personal data as the law permits.
We have determined that our main lawful reasons will be:
- It is necessary for the performance of the contract that exists between us for the provision of goods and services
- where we need to comply with a legal or regulatory obligation
- for our legitimate interests.
We do not normally rely on consent as a lawful basis for processing however we will obtain it from you if a processing reason arises. Where consent has been granted it may be withdrawn at any time using the contact details set out under ‘HOW TO CONTACT US’ below.
We will only process your data under one of the lawful bases listed above.
The data provided will be held on one or more of our systems on our premises
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights include rectification, erasure, restriction, objection, if you deem, and it is proven, the data we hold is incorrect.
You have the right to request transfer of your personal data to you or to a third party
You have the right to lodge a complaint with the UK supervisory authority, which is the Information Commissioner’s Office (ICO). If you are unhappy about any aspect of how we handle your personal data or the application of your rights we would appreciate the opportunity to deal with your concerns before you approach the ICO.
The ICO contact details can be found at www.ico.org.uk
If you wish to exercise any of the rights set out above, please use the contact details set out under ‘HOW TO CONTACT US’ below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
SHARING YOUR PERSONAL INFORMATION WITH OTHERS
We will not disclose personal information we hold about you to any third party except where required by law or as follows: –
- Professional advisers including lawyers, bankers, auditors and insurers
- HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
- Third Parties who act as data processors for us
We require all processors and third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We do not intend to transfer any personal data we hold about you to a country outside of the European Economic Area (EEA). Countries outside of the European Economic Area do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria:
- The countries to which it is transferred have been deemed to provide an adequate level of protection for personal data by the relevant regulators
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will take all reasonable steps to destroy, or erase from our systems, all the personal information we hold about you when it is no longer required
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
HOW TO CONTACT US
GDPR Marketing Department
Patshull Park UK Ltd
Patshull Park Hotel