Welcome to the privacy notice of HotelREZ.
HotelREZ respects your privacy and is committed to protecting your personal information. This privacy notice will inform you as to how we look after your personal information and tell you about your privacy rights and how the law protects you.
Who we are
We are HotelREZ Limited and our registered office is at Unit 4.3, Trentside Business Village, Farndon Road, Newark, Nottinghamshire, NG24 4XB, UK.
We can be contacted at the above address or at the following email address: firstname.lastname@example.org
For the purposes of applicable data protection legislation, where we process your personal information on our own behalf, we are the data controller and where we process your personal information on behalf of a hotel, we are the data processor. This is explained in more detail below.
Applicability of this Policy
Personal information collected and/or processed on our own behalf
We ask for and may collect personal information from you when you submit web forms on our Websites or as you use interactive features of the Websites, including participation in surveys, contests, promotions, downloading documents, requesting customer support, registering for events or otherwise communicating with us.
This will include:
- personal information about you which we ask you for (e.g. your name, address, and email address) when you register to receive a newsletter or download further content or enquire about one of our products and services or when you use a Website generally;
- personal information in any surveys which you complete for us;
- details of your use of the Websites.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Use of data
We may use this information to:
- provide any service offered by us which you choose to use;
- pre-complete forms and other details on our Website to make your next visit to our Website easier (eg when amending or cancelling a booking);
- personalise the content and advertising you will see on our website based on your personal characteristics or preferences;
- notify you of our promotions, relevant new products and services;
- notify you of promotions from members of our group which may be of interest to you (if you opt in to receiving such information);
- send you newsletters informing you about our offers on independent hotels (if you have registered to receive a newsletter);
- personalise your access to our Website (where you have registered on our Website);
- ensure, as far as is practical, that our Website is compatible with the browsers and operating systems used by most of our visitors;
- contact you from time to time to ask for your opinion and suggestions on the services we are offering.
Our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you on our own behalf (where we are data controller) only where: (a) where we need the personal information to perform a contract with you (e.g. to deliver the services you have requested), (b) where we need to comply with a legal or regulatory obligation or (c) in most cases, where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).
Generally we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
A cookie is a small file which is placed on the user’s hard drive during a visit. This file allows the user to move quickly and easily around our website. It is used to identify returning users and to identify subscribers and registrants (a registrant – and subscriber – will have the cookie linked to their e-mail address as a way of identifying them). This means that if you are a registrant or subscriber, you will not have to login each time you visit.
You can delete cookies from your hard drive at any time. Bear in mind, though, that if you delete these cookies, any settings such as your stored username and password will have to be reset when you log in again.
You can view all cookies currently in use on our site and turn them off and on by clicking on the banner below
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, your mobile carrier, and system configuration information. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.
We collect analytics information when you use the Websites to help us improve them. We may also share anonymous data about your actions on our Websites with third-party service providers of analytics services.
We use Google Analytics and other Google services that place cookies on a browser across the Websites. These cookies help us increase the Website’s effectiveness for our visitors. These cookies are set and read by Google. We use data from Google Analytics Demographics, Interest Reporting and 3rd party audience data to help us understand how people find and use our site.
To opt out of Google tracking, please visit this page https://www.google.com/policies/technologies/ads/. You can also turn off cookies related to tracking by visiting the Cookie Settings link above.
Social Media Widgets:
The Websites include social media features, such as the Facebook Like button, and widgets, such as the Share This button or interactive mini-programs that run on our Websites. These features may collect your Internet protocol address, which page you are visiting on the Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Websites. Your interactions with these features are governed by the privacy statement of the companies that provide them.
You can turn off cookies related to Social Media widgets by visiting the Cookie Settings link above.
We use reputable third party systems to deliver the e-mails you will receive from our Website if you subscribe to our e-mail newsletters or have chosen to receive information about products and offers. These third party systems use unique identifiers and invisible images (often called “pixel tags” or “clear GIFs”) to perform message open sensing, message format sensing, and click-through sensing on our behalf in order to bring you more relevant information.
How Long We Retain Your Personal Information:
For personal information that we process on behalf of our hotels, we will retain such personal information in accordance with the terms of our agreement with them, subject to applicable law.
Disclosure of personal information
Where we are the data controller, we will ensure that any disclosure is permitted by applicable data protection laws. We may employ the services of a third party to help us in certain areas such as the provision of a booking engine, website hosting, credit card processing and email delivery. In some cases the third parties may receive your information.
We will require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Where we are data processor, any disclosure will be in accordance with the data controller/hotel’s instructions.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. All emails we send will carry a link to unsubscribe. Alternatively you can email us at email@example.com
You can also exercise the following rights as laid out by the applicable data protection legislation:
Right of access: you have the right to request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Right to Request correction: you have the right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Right to object to processing: you may have the right to request that HotelREZ stop processing your personal information and/or to stop sending you marketing communications.
Right to restrict processing: you may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
If you would like to exercise such rights, please contact us by emailing firstname.lastname@example.org. You can also view our policy for Response Procedures for Data Subject Requests, which can be found here. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights) unless we are charged a fee by any of our processors. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Websites or services. If you have reason to believe that a child under the age of 13 has provided personal information to us through the Websites or Services, please contact us at email@example.com, and we will use commercially reasonable efforts to delete that information.
We have put reasonable technical and organisational measures in place to ensure that users’ personal information is not misused, accidentally destroyed, lost or altered within our server environment. However the internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat these measures or use your personal information for improper purposes.
Transfer of Personal information Overseas
Some of the companies who process personal information for us are based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside the EEA. Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission. For further details, see European Commission: Adequacy of the protection of personal information in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal information to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal information shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
Personal information we collect and process on behalf of a hotel
We will collect and process the following data from you on behalf of hotels:
- personal information about you which we ask you for (e.g. your name, address, and email address) when you make a booking from our Website or over the telephone;
- financial details in order to process your reservation where a hotel requires pre-payment;
- details of transactions you carry out through our Website and details of the fulfilment of your orders.
Use of data
We may only process personal information collected and/or processed on behalf of a hotel in accordance with that hotel’s instructions. We cannot process it in any other way or for any other purpose. You should refer to the hotel’s privacy and data protection policy for details of how they protect, and how they require us to protect, your personal information.
We are generally permitted by the hotel:
- to use your personal information for the administration of reserving rooms and/or other services for you at that hotel;
- to pass on your financial details to the hotel and/or appropriate third party (for example, credit card company) for the purpose of confirming or paying for a reservation (please note any credit card details will not be retained by us). Changes to this statement