Firmdale Hotels Privacy Policy Published: 17Th May 2023
Firmdale Hotels prides itself in offering an exceptional service to its guests and recognises the importance and its obligation to treat your personal data with respect.
This Privacy Policy describes the privacy practices of Firmdale Hotels.
- Personal Data
- How We Collect Personal Data
- Collection of Other Data
- How We Collect Other Data
- Use of Personal Data and Other Data
- Disclosure of Personal Data and Other Data
- Other Uses and Disclosures
- Third Parties
- Choices
- Your Rights in Relation to Your Personal Data
- Retention
- Sensitive Personal Data
- The Processing of Children’s Data
- Security
- Cross-Border Transfer
- Updates to This Privacy Policy
- Contacting Us
- The Supervisory Authority
Personal Data
We take the protection of your private data very seriously and adhere to relevant data protection legislation. Personal data is collected only to the extent necessary. In no case will the data be sold or made available to third parties unless it is integral to the services and goods supplied by Firmdale Hotels. You can learn more about any third party processing by reading this policy and how we handle your data when you use our services.
“Personal Data” is data that identifies you as an individual or relates to an identifiable individual.
At touchpoints throughout your guest journey, we may collect the following Personal Data:
- Contact information: name, gender, postal address, telephone number, email address
- Payment information: Credit and debit card number or other payment date
- Financial information in limited circumstances
- Language preference
- Date and place of birth
- Nationality, passport, visa or other government-issued identification data
- Important dates, such as birthdays, anniversaries and special occasions
- Employer details
- Travel itinerary, tour group or activity data
- Interactions including prior guest visits, goods and services purchased, and special service and amenity requests
- Social media account ID, profile photo and other data publicly available
In limited circumstances, we also may collect:
- Data about family members and companions, such as names and ages of children
- Biometric data such as digital images, and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our properties.
- Guest preferences and personalised data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit.
If you submit any Personal Data about other people to us or our Service Providers, third parties contracted by Firmdale Hotels to provide services as part over our overall Services, such as making a reservation for another individual, you represent that you have the authority to do so and you permit us to use the data to fulfil your request for our Services.
How We Collect Personal Data
We collect Personal Data in a variety of ways:
- Online Services: we collect Personal Data when you use our online services to make a reservation or purchase goods and services, to communicate with us, to post to our social media pages, to sign up for our newsletter(s) or participate in any offers or surveys.
- Visiting and Contacting Our Hotels: we collect Personal Data when you visit our hotels and use our services including accommodation, bars and restaurants, meeting and events facilities, gym and spa.
- Making Bookings and Reservation at Our Hotels: We collect Personal Data when you make a reservation by telephone or communicate with us by email or facsimile for any of our guest services. These communications may be recorded for purposes of quality assurance and training.
- Internet-Connected Devices: We collect Personal Data from internet-connected devices used in our properties to fulfil our legal obligations e.g. compliance with anti-terrorism legislation.
Collection of Other Data
“Other Data” is data that generally does not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveals your specific identity or relates to an individual, we will treat Other Data as Personal Data. Other Data include:
- Browser and device data
- Data collected through cookies and other technologies
- Demographic data and other data provided by you
- Aggregated data
How We Collect Other Data
We collect Other Data in a variety of ways:
- Your browser or device: We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly.
- Cookies: We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing emails. We also use cookies to track responses to online advertisements and marketing emails.
If you do not want data collected with cookies, you can learn more about controlling cookies at:https://www.learn-about-cookies.com/
You can choose whether to accept cookies by changing the settings on your browser. If, however, you do not accept cookies, you will experience inconvenience in your use of the Online Services. For example, you will not be able to make room reservations or use Shop Kit Kemp services. We will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs. At this time, we do not respond to browser “Do-Not-Track” signals. - Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.
- Google AdWords: We may use Google AdWords, a web analytics and search engine advertising campaign management service. Google AdWords uses cookies, web beacons, and other means to help us analyse how users use the site. You may find Google's Privacy Policy at https://www.google.com/intl/en/privacypolicy.html.
- Analytics. We collect data through Google Analytics, which use cookies and technologies to collect and analyse data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy// and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
Aggregated Data. We may aggregate data that we have collected, and this aggregated data will not personally identify you or any other user.
Use of Personal Data and Other Data
We use Personal Data and Other Data to provide you with Services and to develop new services. In some instances, we will request that you provide Personal Data to assist us in delivering our services to you. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.
We use Personal Data and Other Data for our legitimate business interests including delivering the Services you request such as hotel, restaurant, meetings and events and spa reservations: including the associated payment processing, administration, reservation confirmations, pre-arrival messages and delivery of services.
We will use Personal Data and Other Data to manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.
Personal Preferences: We will use your Personal and Other Data to deliver a personalised experience:
- Customising your experience when you visit our hotels;
- Sending you tailored marketing communications and offers;
- Inviting you to participate in periodic surveys and customer satisfaction surveys.
Business Purposes: We use Personal Data and Other Data for:
- Data analysis, audits, security and fraud monitoring and prevention. This includes the use of closed circuit television, door access cards, and other security systems;
- Enhancing, improving or modifying our Services, identifying usage trends, and developing new goods and services;
- Processing payment and collection for services rendered;
- Determining the effectiveness of our promotional campaigns;
- Operating and expanding our business activities.
Disclosure of Personal Data and Other Data
Firmdale Hotels aims to delivery exceptional service to you, and to do so we share Personal Data and Other Data with:
- Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these business partners, we are able to make personalised services available to you. For example, this sharing enables spa, concierge and other outlets at our properties to provide you with services.
- Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Policy. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services.
- Corporate Structure: we may disclose or transfer your Personal Data and Other Data to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Firmdale Hotels.
Other Uses and Disclosures
We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of Firmdale Hotels, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Third Parties
This Privacy Policy does not address, and Firmdale Hotels are not responsible for the privacy, data or other practices of any Business Partners or any third party operating any site or service to which the Services link. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us. We have no control over, and are not responsible for, any third party’s collection, use and disclosure of your Personal Data.
We are not responsible for the data collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through our Social Media Pages.
Choices
You have choices when it comes to how we use your data and we want to ensure you have the information to make the choices that are right for you.
If you no longer want to receive marketing-related emails, you may opt out by following the instructions in any email you receive from us.
Your Rights in Relation to Your Personal Data
You have the right at any time:
- to enquire about the personal data stored, their provenance, and recipients thereof, as well as the scope and purpose of the data processing;
- to have any incorrect data corrected;
- to object to the processing of your data;
- to have Personal Data and including your personal preferences erased provided that the data is not required by Firmdale Hotels to fulfil a contract for goods and services or has to be retained for legal reasons;
- to have a copy of your data in electronic format for purposes of transmitting it to another company.
If you wish to exercise any of your rights, please contact us stating which of your rights you wish to exercise at dmo@firmdale.com, or by mail:
Firmdale Hotels
Data Management Office
18 Thurloe Place
London
SW7 2SP
United Kingdom
For your protection, we only fulfil requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will comply with your request as soon as reasonably practicable.
Retention
We will retain your Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)
Sensitive Personal Data
Firmdale Hotels will only request Sensitive Personal Data to safeguard a guest’s or its own interests. Examples are a guest’s health when using the Spa, allergy information that the hotel should be made aware of or identity information required for legal purposes or to prevent fraud.
The Processing of Children’s Data
Firmdale Hotels Services are not directed to children under the age of thirteen (13); although of course children accompanied by their parents, guardians or responsible adult are welcome at Firmdale Hotels.
A Parent of Legal Guardian must provide any Personal Data or Sensitive Personal Data to Firmdale Hotels if they wish Firmdale Hotels to deliver tailored services to their Child; for example, remembering a birthday or catering for allergies.
Security
Firmdale Hotels has in place strict security procedures to protect information. We protect your personal information during transmission by using Secure Sockets Layer software, which encrypts the information that you provide online at our website. We will use commercially reasonable efforts to protect your information that you provide to us directly and how it is stored and processed. However, the Internet is not a secure environment and we cannot guarantee the security of information you send to us via email, VOIP, or phone. We will also continue to assess new technology for protecting information and upgrade our information security systems when appropriate.
Further, we permit only authorized Firmdale employees and third parties to access any personal information. If an employee misuses personal information, we may take disciplinary action, up to and including termination of employment. If any third party individual or organization misuses personal information, we will take action, up to and including termination of any agreement between Firmdale and that individual or organization.
Cross-Border Transfer
Firmdale Hotels operates hotels in the United Kingdom and United States of America. Sharing data cross-border allows us to deliver you an exceptional service in whichever hotel you visit. As a result, we will, subject to law, transfer Personal Data and Other Data collected in connection with the Services between UK and USA where data protection standards may differ from those in the country where you reside. By making a reservation or visiting or staying at a Firmdale Hotel you understand that we may transfer your Personal Data between the UK and USA.
In certain lawful circumstances, courts, law enforcement agencies, regulatory agencies or security authorities will be entitled to access your Personal Data.
Updates to This Privacy Policy
The “Published” date at the top of this page indicates when this Privacy Policy was last revised. Any changes become effective from this date. Your use of our Services following these changes indicates that you accept the revised Privacy Policy. If you wish to review the version of the Privacy Policy effective immediately prior to this version, please contact us at dmo@firmdale.com.
Contacting Us
If you have any questions about this Privacy Policy, please contact us at dmo@firmdale.com, or by mail:
Firmdale Hotels,
Data Management Office,
18 Thurloe Place
London
SW7 2SP
United Kingdom.
Email communications are not always secure, so please do not include any credit card or Sensitive Data in your emails to us.
The Supervisory Authority
Should you wish to lodge a complaint regarding an alleged infringement of the data protection laws, The Supervisory Authority for the United Kingdom is:
The Information Commissioner’s Office
Helpline: +44 (0) 303 123 1113
https://ico.org.uk/concerns/
Note: we would recommend in the first instance, contacting us about any complaint so we may be able to resolve any matter.