Learn more about your privacy rights
"Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number). Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.
The Grand Brighton (Company number 08935930) registered at The Grand Brighton, 97 -99 King’s Road. Brighton, BN1 2FW.
For the purposes of the General Data Protection Regulation 2018 (GDPR) we are the Data Controller and when carrying out certain contractual responsibilities on behalf of third parties, the data processor.
At various times, we will be obliged to ask you, as a hotel customer, for information about you and/or members of your family or group, such as:
- Contact details (for example, last name, first name, telephone number, address, email)
- Personal information (for example, date of birth, nationality)
- Information relating to your children (for example, first name, date of birth, age)
- Your credit card number (for transaction and reservation purposes)
- Your arrival and departure dates
- Your preferences and interests (for example, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests)
- Your questions/comments, during or following a stay in our hotel
The information collected in relation to persons under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult.
Our hotels also use CCTV for safety and security monitoring purposes.
Personal data of hotel customers may be collected on a variety of occasions, and from third party sources in addition to hotel customers themselves including:
- Booking a room
- Checking-in and paying
- Eating/drinking at the hotel bar or restaurant during a stay
- Requests, complaints and/or disputes
Transmission of information from third parties:
- Tour operators, travel agencies, reservation systems, and others
- Connection to hotel websites (IP address, cookies)
- Online forms (online reservation, questionnaires, hotel pages on social networks, network login devices such as Facebook login etc.)
If you decide not to provide relevant information, this may hinder our ability to fulfil our service commitment to you and to respond to your visit to our website efficiently and may mean that we will not be able take any further action to support your enquiry.
Our Data Protection obligations permit us to use and share your personal data only where we have a lawful basis to do so. The lawful bases we rely upon to process your personal data are:
- CONTRACT - your personal information is processed in order to fulfil a contractual arrangement
- CONSENT - where you agree to us using your information in this way e.g. for sending you information about the hotel
- LEGITIMATE INTERESTS - this means the interests of The Grand Brighton in managing our business to allow us to provide you with the best service
- LEGAL OBLIGATION - where there is a statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
We use your information in a number of different ways, primarily to fulfil a contract and also provide excellent service to our customers.
The information below sets out in detail what we use the information we collect for:
- To manage the reservation of rooms and accommodation requests and other hotel services
- To manage your stay at the hotel, room lists, restaurant bookings, special requests and services
- To monitor your use of hotel services
- To manage invoicing and payment records
- Carrying out surveys and analyses of questionnaires and customer comments
- Managing claims/complaints
- Managing access to rooms
- To improve hotel services, and to adapt our products
- To assist promotion of our services, and to input into our marketing programme
Information relating to your children
- Only supplied by an adult. Used to manage their stay at the hotel
Credit Card Number
- Managing the reservation of rooms, accommodation requests and to take payment
Arrival and Departure dates
- To manage your hotel booking
Preferences and Interests
- To enhance your stay at our hotel and to customise and improve the services we offer
Questions / Comments
- To collect feedback to improve our services and monitor customer experience
We may also use your website usage information to improve our website, understand how you use our site, and provide more relevant content to you. We use third party companies to process this information on our behalf.
You are entitled to request the following from The Grand Brighton, these are called your Data Subject Rights and there is more information on these on the Information Commissioner’s website www.ico.org.uk
- THE RIGHT TO BE INFORMED – The right to be informed about how your personal information is being used and processed (as described in this policy)
- RIGHT OF ACCESS – The right to ask us for copies of the personal information we hold about you
- RIGHT TO RECTIFICATION – The right to request the correction of inaccurate personal information we hold about you and to have incomplete personal information completed
- THE RIGHT TO ERASURE (also known as the Right to be Forgotten) - The right to request that we delete your data, or stop processing it or collecting it, in certain circumstances
- RIGHT TO RESTRICTION OF PROCESSING – The right to request that we restrict processing of your personal information in certain circumstances
- RIGHT TO DATA PORTABILITY – The right to ask that we transfer electronic data that you have given to us to you or another organisation in certain circumstances
- RIGHT TO OBJECT – The right to object to processing of your personal information in certain circumstances
- THE RIGHT TO STOP DIRECT MARKETING messages, and to withdraw consent for other consent-based processing at any time
- THE RIGHT TO COMPLAIN to your data protection regulator - in the UK, the Information Commissioner’s Office. We encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have. If you have any general questions about your rights or if you want to exercise your rights or have a complaint, please contact us, details are in the contact us section at the end of this document.
Within The Grand Brighton, in order to offer you the best service, we can share your personal data and give access to authorised employees including:
- Hotel staff
- Reservation staff
- IT departments
- Marketing departments
- Commercial partners and services
- Legal services if applicable
- Generally, any appropriate person within The Grand Brighton for certain specific categories of personal data.
Information about our hotel guests is an important part of our business and we do not sell this information to others. The Grand Brighton works with a number of trusted suppliers, agencies and businesses in order to provide you the high-quality services you expect from us. Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay.
Some examples of the categories of third parties with whom we share your data are:
Booking Partners: The Grand Brighton works with a number of trusted partners who take hotel bookings and manage reservation systems on our behalf. All partners will only hold the minimum amount of personal information needed in order to fulfil the bookings you make on our behalf.
IT Companies: The Grand Brighton work with businesses who support our website and other business systems.
Marketing Companies: We work with marketing companies who help us manage our electronic communications with you or carry out surveys and reviews on our behalf. If customers have opted-in to receiving information regarding our goods and services we may utilise a marketing company to send out such information. For further information see the ‘Keeping in touch with you’ section of this policy.
Payment Processing: The Grand Brighton work with trusted third-party payment processing providers and banks in order to securely take and manage payments.
Debt Recovery and Fraud Prevention: We release your personal information on the basis that we have a legitimate interest in preventing fraud and money laundering, when we believe release is appropriate to comply with the law; enforce or apply our contractual agreements; or protect the rights, property or safety of The Grand Brighton or our customers. This includes exchanging information with other companies and organisations for verification of identity fraud protection, credit risk reduction and debt collection. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Website: To improve our platform, prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical, research or other functions on our behalf.
If/when we do share your personal information for these purposes, the data remains our property at all times – these “data processors” act only under our instructions and are not permitted to use your information for their own purposes. We check carefully that our third-party suppliers are as compliant with data protection law and regulations as we are. When we outsource the processing of your information to third parties or provide your information to third party service providers, we oblige those third parties to protect your information with appropriate security measures and prohibit them from using your information for their own purposes or from disclosing your information to others.
Local Authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
If we collect your personal information, the length of time we retain it is determined by a number of factors including fulfilling the purpose for which we use that information and our obligations under other laws.
We may also need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 5 years after the date it is no longer needed by us for any of the purposes listed under the ‘How we use your information’ section within this policy.
The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
The Grand Brighton take data security seriously, and we take appropriate technical and organisational procedures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorised access or disclosure.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
Our information security policies and procedures are aligned with widely accepted international standards. We apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. To this end, we have taken technical and organisational measures.
- We have taken technical measures such as firewalls and encryption of computer and mobile device systems.
- When personal data is transferred, encryption technology is used.
- When you submit credit card data when making a reservation, encryption technology is used to guarantee a secure transaction.
- We facilitate user ID / password systems and procedures.
Unfortunately, your transmission of information via the internet to us is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
POLICIES & PROCEDURES:
- We have measures in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data.
- We place appropriate restrictions on the levels and type of access to personal information and have organisational measures such as user IDs / passwords to control staff access to personal data in line with their job requirements.
- We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely.
- We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies.
- We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal information and other sensitive data.
- We take steps to ensure that our employees and contractors operate in accordance with our information, security policies and procedures and any applicable contractual conditions.
- We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal information with which they are entrusted in accordance with our security policies and procedures.
We want to keep our customers up to date with information about special offers, benefits and improvements to our facilities and services.
When you engage with our marketing activities, either electronically on-line via our website or social media for example, or in person at the hotel, we will ask you if you want to opt-in to receive this type of promotional information. If you have consented to receive marketing, you may opt out at a later date.
If you decide you do not want to receive this marketing information you have the right to ask us not to process your personal information for marketing purposes. You can request that we stop contacting you for marketing purposes by emailing firstname.lastname@example.org, or via the unsubscribe link within any marketing Email or SMS which you receive. You may continue to receive marketing information for a short period while your request is dealt with.
The Grand Brighton will not share your information with outside companies for their marketing purposes.
We reserve the right to contact our hotel customers as necessary to fulfil the obligations and administration of our service. We will also communicate as deemed appropriate by The Grand Brighton in regards to any changes to the product, services and facilities of the hotel which may impact you.
This section is designed to help you understand what cookies are, how The Grand Brighton uses them and the choices you have in regards to their use.
WHAT ARE COOKIES?
Cookies are small data files that are transferred to your computer's web browser to enable our systems to recognise your browser and to collect information from your computer such as your IP address and other details about your computer which are collected by our web server, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
ARE COOKIES SAFE?
Yes - Cookies are not harmful and do not contain any information such as your home address, date of birth or credit card details. The information stored in cookies is safe and anonymous to any external third party, and your account security is never compromised.
There are four main types of cookies – here’s how and why we use them:
- Site functionality cookies – these cookies allow you to navigate the site and use our features.
- Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
- Customer preference cookies – when you are browsing, these cookies will remember your preferences (like your language or location), so we can make your experience as seamless as possible, and more personal to you.
- Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
You will have the option to accept cookies when you first visit our website. By accepting cookies and using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future.
CAN I TURN OFF COOKIES?
Yes – To change your cookie settings, or if you want to be notified each time a cookie is about to be used, you should amend the settings provided in your web browser to prevent us from storing cookies on your computer hard drive. For information on how to have your browser notify you when you receive new cookies and how to disable or delete cookies, please consult the "Help" tab of your browser via the menu bar.
Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/
Please note that by deleting or disabling future cookies, your user experience may be affected, and you might not be able to take advantage of certain functions of our site.
Website visitors who don’t want their data used by Google Analytics can install the Google Analytics opt-out browser add-on. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. Website visitors can also opt-out of Google Analytics for Display Advertising and customise Google Display Network ads using the Google Ad Settings.
Or if you’d like, you can write to us at: Data Privacy, The Grand Brighton, 97 -99 King’s Road. Brighton, BN1 2FW
For the purposes of confidentiality and personal data protection, we may need to identify you in order to respond to your request. You will be asked to include a copy of two official pieces of identification, such as a driver's licence or passport, along with your request.
All requests will receive a response as swiftly as possible and in accordance with applicable law.
You are also entitled to complain to the ICO:
ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone 0303 123 1113
ICO website: https://www.ico.org.uk
Updated August 2020.