Information we collect and how we use and share it
The information collected includes personal details such as your title, full name, postal and email addresses, contact telephone numbers and communication preferences. Details sometimes collected may include, business information, employer details and job title, particularly from our corporate partners. Transaction information, including payment and reservation details, which may include information on any special requests concerning dietary needs and/or mobility issues or any other requirements that you choose to tell us about. In some cases we will receive this information from a third-party, such as when you book through an online travel agency. Registration information, including passport numbers and your next destination from guests outside of the Commonwealth. In each case, we will collect, use and secure your information in a manner consistent with the general principles set out in this Privacy Statement unless we tell you otherwise.
We also collect information through our third party service providers’ use of technologies such as pixels, web beacons, tracking tools and similar technologies.
You do not have to provide us with your information although in some cases, if you do not, it may mean that you are unable to use our services. For example, we may be unable to complete any booking you may wish to make.
How we use this information
We use the information collected from you primarily to fulfil your hotel reservation. Prior to your stay this may include sending you pre-stay communications. Following your stay, we may also send you post-stay communications and satisfaction surveys to get feedback on your experience.
In some instances where we have your consent or where permitted under applicable law, we may send you marketing communications for products and services that we believe would be relevant for you. Additionally, we use this information for purposes of aggregated trend and statistical analysis to evaluate and improve our products and services, and other market research.
Who we share your information with
We may share your information with third-party service providers to provide services in relation to our business as well as to help us improve our products and services. We also share your stay information with other third parties in circumstances such as:
• when we believe in good faith that the disclosure is required by law or to protect the safety of hotel guests, employees, the public or hotel property;
• when disclosure is required to comply with a judicial proceeding, court order, subpoena, warrant or legal process; or
• in the event of a merger, asset sale, or other related transaction
The legal basis for processing your personal data
We are committed to collecting and using your information in accordance with applicable data protection laws.
We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this.
This may be because:
• you have provided your consent to us using the personal information;
• our use of your information is necessary to perform our contract with you, for example, making and managing your booking and operating and providing services;
• our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities;
• our use of your information is in our legitimate interest as a commercial organisation, for example to operate and improve our services and to keep people informed about our products and services – in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing
If you have provided your consent to our processing of your information you can withdraw this consent at any time by contacting the hotel by email: firstname.lastname@example.org
It may be necessary to transfer this information to third parties, including, without limitation, our third-party service providers.
• where we transfer your data to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information. Some of these assurances are well recognised certification schemes such as standard contractual clauses
• any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed.
Cookies and other tracking technologies
Non-Personally Identifiable Information
We collect Non-Personally Identifiable Information automatically when you visit our Site. Non-Personally Identifiable Information is information that is not used nor intended to be used to personally identify an individual and is not associated with nor linked to Personal Information. This Non-Personally Identifiable Information we collect via the Site includes your Internet Protocol address, browser type, browser language, the date and time of your request, and the web page you have visited immediately prior to visiting the Site.
The Crescent Hotel will make no attempt to track or identify individual users, except where there is a reasonable suspicion that unauthorised access to systems is being attempted. In the case of all users, Crescent Hotel reserves the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to computer systems or resources operating as part of Crescent Hotel web services.
As a condition of use of our site, all users must give permission for Crescent Hotel to use its access logs to attempt to track users who are reasonably suspected of gaining, or attempting to gain, unauthorised access.
All log file information collected by Crescent Hotel is kept secure and no access to raw log files is given to any third party.
Cookies are small text files which are placed on your computer when you visit a website.
• “First party” cookies are set by the site you have chosen to visit.
• “Third party” cookies are set by sites external to the one you are visiting.
• “Session” cookies expire when you close your browser.
• “Persistent” cookies do not immediately expire and will remain on your computer until they reach their expiration date or you choose to remove them.
• “Web beacons” are small pixels that are used alongside cookies to monitor site activity.
Should I be concerned?
The E-Privacy Directive asks businesses to make their online customers aware of cookie usage, so that customers may opt out if they prefer. Cookies are not computer programs and importantly cannot spread viruses. They cannot access other information stored on the user’s computer – in order to get a user’s email address for example.
Crescent Hotel recommend that you accept cookies from our site, as you will not be able to use our online service without them, or would prevent us from making future improvements to services based on tracked visitor behaviour.
However, if you wish to disable our cookies it can be achieved via your browser settings or via www.networkadvertising.org/choices. To find out more about managing cookies visit http://www.aboutcookies.org.
What cookies do Crescent Hotel use?
We use “first party” cookies to:
• provide a ‘shopping’ service such as logging in to your account, remembering the contents of your booking and remembering your details whilst going through checkout.
• track visitor numbers, paths and sales to ensure that we can supply a fast and efficient service.
We use “third party”, “session” and “persistent” cookies to:
• track sales where the visitor was referred from external sites.
• track video views.
• provide remarketing support.
Crescent Hotel work with third party suppliers such as Adroll and Google Inc who may set cookies on our website. This allows us to use remarketing techniques to help target our marketing and advertising campaigns more effectively by providing internet based advertisements that are personalised to your interests.
Crescent Hotel may use “web beacons” to:
• track website traffic.
• gather statistics on the use of the website.
How we secure your information
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organisational security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.
Managing your preferences and information
We want to ensure that you have the necessary tools at your disposal to control the information that you provide to us, including how we communicate with you. It is also important that you contact us to update your information if any of it is inaccurate or changes.
Managing your communication preferences
Through the provision of the services described above, we, third-party partners and service providers, may communicate with you in relation to a reservation, through online digital services (e.g. email, online advertising, social media communications), or to support any other services that we provide.
Our prior-to-arrival and post-arrival emails have an unsubscribe option. Please select this option if you no longer want to receive these types of emails. You will still receive confirmation emails for any reservations and other email communications relating to active reservations. If we send an email describing special offers, marketing or a general greeting with information on what we have been up to, you can simply reply to the email and ask us to stop. Your details will be removed from our mailing list.
Please be aware that unsubscribing from one type of communication may not unsubscribe you from another type.
Managing your information
In the event any information that you provide to us is inaccurate, changes or you would like this information deleted, your information can be updated by contacting the hotel by email email@example.com. We will respond to your request within a reasonable timeframe.
Please note that in some instances it may not be possible to delete certain pieces of your information and a portion of the information may be needed for suppression purposes. In other instances, we may not have the ability to delete certain pieces of information that are stored on our systems or that have been provided to third parties in connection with the services discussed in this Privacy Statement.
Links to Other Sites
Our website contains links to websites that are maintained and/or controlled by third parties. In some instances these websites may be co-branded and display our logos or other trademarks. You can always tell whether you are on one of our websites by checking the uniform record locator (“URL”) on the page that you are visiting. We encourage you to review the privacy policies of these third-party websites as their privacy practices may differ from ours.
Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 18. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information.
Retaining your information in our systems
We maintain a data retention policy which we apply to the records we hold.
How to contact us
For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact: firstname.lastname@example.org
To unsubscribe form marketing or greetings emails, please contact/reply: email@example.com
Or by post to: Crescent Hotel, 49-50 Cartwright Gardens, Bloomsbury, London, WC1H 9EL
To the extent permitted under the local law, you may also use the above contact details to request access to any of your personal information that is held by Crescent Hotel. These requests will be reviewed and processed in line with the local law.
Where EU data protection laws apply, you have a right to lodge a complaint with your local data protection supervisory authority at any time. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
Changes to this Privacy Statement
In some instances, we may have to change, modify or amend this Privacy Statement in order to comply with the evolving regulatory environment or the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Privacy Statement will be communicated through our website. However, if there will be changes made to the use of your personal information in a manner different from that stated at the time of collection we will take appropriate steps to notify you, such as by posting a notice on our website for 30 days prior to the changes taking effect or by emailing you.
Your rights under EU data protection laws
You have legal rights under EU data protection laws in relation to your personal information. To exercise any of your rights please contact our Data Protection Officer (Lisa) by emailing firstname.lastname@example.org
• To access personal information
You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
• To correct / erase personal information
You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.
You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
• To restrict how we use personal information
You can ask us to restrict our use of your information in certain circumstances, for example:
• where you think the information is inaccurate and we need to verify it;
• where our use of your information is not lawful but you do not want us to erase it;
• where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
• where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
We can continue to use your information following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
• To object to how we use your information
You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
You can also require us to stop using your data for direct marketing purposes.
• To ask us to transfer your information to another organisation
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
• Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.