This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure. Whilst we will keep all of your personal information confidential, we reserve the right to disclose this information in the circumstances as set out within this policy. We confirm that we will keep the information on secure servers and that we will comply fully with all applicable UK Data Protection legislation and regulations in force from time to time.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to Marketing Team, Bedruthan Hotel & Spa, Mawgan Porth, Cornwall TR8 4BU. Alternatively, you can telephone 01637 861200.
Who are we?
We are Red Hotels, a privately owned limited group which owns Bedruthan Hotel Limited and Scarlet Hotel Limited. We are the controller and responsible for your personal data.
How do we collect information from you?
We obtain information about you when you use our website, for example, when you contact us about services, if you directly give us any information via forms, if you make a booking or purchase or if you sign up to receive email newsletters.
What type of information is collected from you?
In running and operating this website, we may collect and process certain data and information relating to you and your use of this site. Your privacy is important to us and we confirm that we will never release your personal details to any third party for their mailing or marketing purposes. The data that we collect is detailed below:
- Information you provide in order to enter a competition or promotion via the site, complete a survey, or if you report a problem with the site.
- Details of visits to our website and the pages and resources that are accessed, including but not limited to, traffic data, location data and other communication data that may assist us in understanding how visitors use the website. This may also include the resources that you access, and information about where you are on the internet including the domain type, IP address and URL that you came from. This information is collected and used for our internal research purposes and to improve our customer service.
- The personal information we collect might include your name, address, email address, IP address, and information regarding what pages are accessed and when. This information is recorded and sent to third-party processors for the purposes of data analysis, to improve our marketing efforts and for targeting specific services and products.
- Information you provide to us by sending us a message through our website and information provided to us when you communicate with us electronically for any reason. If you contact us, we may keep a record of your email and other correspondence.
- Information that you provide us as a result of filling in forms on our website, such as registering for information or making a purchase.
If you make a purchase from us, your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
We may collect information about your computer, including but not limited to (where available), your IP address, operating system and browser type for administration purposes and to produce internal reports. This is statistical data relating to a web user’s browsing actions and patterns and does not specifically identify you as an individual.
How is your information used?
We may use your information:
- to ensure that the content on the site is presented in the most efficient way for you and the computer that you are using;
- to enable you to participate in interactive features of the site;
- to provide you with information relating to our website, product or our services that you request from us;
- to provide you with information on other products that we feel may be of interest to you in line with those you have previously expressed an interest in via our website;
- to process a booking you have made;
- to meet our obligations arising from any contracts entered into by you and us;
- for dealing with entries into a competition;
- to seek your views or comments on the services we provide;
- to notify you about any changes to our website, including improvements, and service or product changes;
- to send you communications which you have requested and that may be of interest to you. These may include information about stays, events, promotions, offers, job offers, information about the hotel and the surrounding area and replies to requests and bookings enquiries/confirmations
- for our internal purposes including statistical or survey purposes, quality control, site performance and evaluation in order to improve our website;
- to administer this website; and
- if you consent, to notify you of products or special offers that may be of interest to you.
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to your information?
We will not sell or rent your information to third parties. We will not share your information with third parties except where they are working on our behalf.
Third Party Service Providers working on our behalf: We will pass your information to such of our third-party service providers, agents, subcontractors and other associated organisations as is necessary for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you email). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that, except to these third party service providers, we will not release your information to third parties beyond Red Hotels unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
When you are using our secure online booking system, your purchase is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.
Working with third parties
- Any data collected must have consent to sign up for Red Hotels emails specifically
- Our reasons for asking for your data must be shown
Third Party Processing
Red Hotels utilises the services of third party organisations to process your personal data. As the data controller, Red Hotels determines the purposes and means of the processing of your personal data. Where your data is processed by any third party on behalf of Red Hotels, that third party is a processor under the GDPR. We confirm that we take steps in order to ensure that this data is processed lawfully under the law in accordance with each agreement that we have in place with each processor.
If you wish to see all third-party processors, please email email@example.com and we will promptly send you a current list.
Legitimate interest statement
Any guests who have stayed at a hotel within the Group, eaten at one of our restaurants or received a treatment in our spas will be considered ‘previous guests’. We may contact such guests with marketing emails containing information and offers on stays, experiences and events which, based on their previous activity and purchases, we consider to be of interest to them. The lawful ground of processing in these circumstances is Legitimate Interests. Where we rely on Legitimate Interests as the basis on which we are processing your data, we will first carry out an appropriate Legitimate Interest Assessment. Previous guests can opt out at any time by emailing us or clicking the unsubscribe link on any of the emails we send them.
How do I opt out?
You have a choice about whether or not you wish to receive information from us. We will not make contact with you for marketing purposes unless you have previously opted in or you are a previous guest and we are entitled to rely on legitimate interests as the lawful ground for processing your data. If you no longer want to receive direct marketing communications from us you can change your preferences or completely unsubscribe in one of two ways:
- Click the ‘unsubscribe’ or ‘change preferences’ link at the bottom of marketing emails sent to you
- Email firstname.lastname@example.org or telephone 01637 861200 and we will process your request within 7 days
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: email@example.com, or write to us at: Marketing Team, Bedruthan Hotel & Spa, Mawgan Porth, Cornwall TR8 4BU. Alternatively, you can telephone 01637 861200.
Under certain circumstances, you have rights under data protection laws in relation to your personal data as follows:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please Contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL across the entire website. When you are on a secure page, a lock icon will appear in the address bar of modern web browsers such as Microsoft Edge and Google Chrome.
Once we receive your information, we make every effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We or our third party service providers may analyse your personal information to create a profile of your interests and preferences so that we can try to make all our communications as relevant as possible. This automated processing is intended to evaluate certain personal aspects of an individual. We may also use your personal information to detect and reduce fraud and credit risk.
If you do not want us to use profiling in this way please let us know by contacting firstname.lastname@example.org or by telephoning 01637 861200 and we will process your request within 7 days
Use of ‘cookies’
We may also use the cookies to gather information about your general internet use to further assist us in developing our website. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive and then stored there and transferred to us where appropriate to help us to improve our website and the service that we provide to you.
It is possible to switch off cookies by adjusting your browser preferences or using a dedicated browser extension.
Links to other websites
In addition, if you were referred to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.
Those aged 16 or under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken to ensure that your privacy rights continue to be protected to a similar degree as detailed in this policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Retention of data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our Data Cleansing and Retention policy which you can request from us by Contacting us.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Review of this Policy