This Privacy Policy sets out how we collect and use your personal information and what your individual data protection and privacy rights are. Who is Responsible for Processing Your Personal Data? Andras House Ltd is the Data Controller. This is the legal entity responsible for how your personal data is collected, stored and processed. Andras House Ltd operates several different businesses to which this privacy policy relates. These brands are Holiday Inn, Holiday Inn Express, Ibis City Centre, Ibis Queens Quarter, Crowne Plaza, Cordia Serviced Apartments and Bodyscape.
When you share your personal information with us, you have a right to expect that information to be treated with total confidentiality. Therefore, it is our responsibility to manage your personal data that you provide to us with care and in accordance with all data protection legislation and industry best practice. Whether you have supplied your personal details in person, online, by phone, by email or in a letter, we will never use them without a lawful reason to do so. We will use your personal data for the purposes for which they were initially requested and as fully explained in this Privacy Policy. It is your responsibility to ensure that your personal data provided to us is accurate and up to date.
Using your personal data during and after your service: A database system will retain your booking information for a minimum of 12 months and serve as a Visitors Register. We will retain your booking form in paper format for a minimum of 90 days after which stage it will be securely destroyed.
At various times, we will be obliged to ask you, as an Andras House customer, for information about you and/or members of your family, such as:
Contact details (for example, last name, first name, telephone number, email)
Personal information (for example, date of birth, nationality)
Information relating to your children (for example, first name, date of birth, age)
Your credit card number (for transaction and reservation purposes)
Your membership number for brand loyalty programmes.
When is your data collected? Personal data may be collected on a variety of occasions:
Checking-in and paying / Requests,
Complaints and/or disputes
Participation in marketing programmes or events:
Signing up for loyalty programmes
Participation in customer surveys (for example, the Guest Satisfaction Survey)
Online games or competitions
Subscription to newsletters, to receive offers and promotions via email
Connection to Andras House websites (IP address, cookies)
Connection to hotel Wi-Fi networks
Online forms (online reservation, questionnaires, Andras House pages on social networks, network login devices such as Facebook login etc.).
We may use your personal data for all general service communications including sending your statement & booking confirmation. We may need to do this for the performance of the contract.
Processing card payments: We process all card payments in line with our obligations under the PCI-DSS regulations. Whenever you provide your card details to us either online or over the phone, we will encrypt the payment details before sending to our card payment and banking provider. If you pay over the phone, we will mask any card data that you provide so that this is not visible to our customer advisors as well as stopping card data from being recorded in our Call Recordings. This is regularly monitored for quality assurance as part of our PCI-DSS obligations. Any card details provided by customers via paper order forms, such as Third-Party Authorisation forms will be immediately, and securely, destroyed once processed. If you have any queries or complaints with regards to the operation of your credit card, please contact the hotel directly in the first instance so we can deal with your complaint as quickly as possible. We will need to access your personal data and account history to verify your identity for security reasons and deal with the details of your complaint. Details of any complaints received will be logged and recorded so they can be dealt with accordingly.
We will obtain your consent to send you details of our latest products and promotions via Email Marketing in a few ways. We will obtain your consent when you register your details with us, sign up to our email newsletters, enquire about a service, or enter a competition. We hold your personal data for the purposes of direct marketing to you for a minimum period of two years from the date of last contact. If you continue to use our services you will remain on the list until you request to be removed. You can unsubscribe at any time by clicking the link in any email correspondence.
We would like to keep you informed about our latest product offers and promotions using the email address you provide to us. To do this, we will ask you to opt-in to receive marketing emails when you first register for Wi-Fi at one of our hotels, sign up to our email newsletters, enquire about a service, or enter a competition. You can unsubscribe at any time by clicking the link in any email correspondence.
We will not use your telephone number to market to you. We will request your telephone number for contact related specifically to the service provided.
We may use your name and address to send you personalised marketing mails in the post. We have a legitimate business interest to send you information about our products and offers in the post as we know that many of our customers like to browse through brochures or offers prior to booking with us.
We will use social media platforms to send you online targeted marketing information about our product offers and promotions. We have a legitimate business interest to share product information via social media which we believe is of relevance to you; to do this we use paid services offered by various platforms, as well posting on our business page. Should you wish to exercise your right to stop seeing posts from the business page you can unfollow the page. For paid targeted marketing, you should review the privacy settings on your social media account.
As a valued customer, we may use your personal data to contact you by email after you have used one of our services to ask you to take part in a customer satisfaction survey. We will share your personal contact details with our brand partners who may carry out these service improvement programmes on our behalf. We have a legitimate business interest in contacting our customers in this way and will always treat your involvement in any service improvement programme, and associated personal data, in confidence. Should you not wish to participate in our service improvement programme, you can simply ignore or decline to participate at the point of contact.
You may wish to access a copy of the personal data we hold about you – known as a Subject Access Request. You can do so by ringing, writing to or emailing the Data Protection Officer using the details above. We will respond to your Subject Access Request as soon as possible and, in any event, within the statutory 30 days. However, if we need more information from you to verify your identity, which we must do to ensure we disclose your personal data to the right person, the 30-day response period will only commence from the time that we have validated your identity. Please be aware that for security reasons we do not usually provide details of any bank details that we hold against your account(s). Please speak to the Data Protection Officer should you need this additional information.
If you believe we have made an error as to the personal data we hold about you, please speak to any agent within the relevant hotel(s) who can rectify this for you. Should you wish to discuss this matter further, please contact the Data Protection Officer.
You have the right to request your personal data to be permanently deleted from our records and systems to avoid any further communication with you. Your request will always be considered in light of the legal bases that we hold, store and process your personal data and the purpose that we collected your data. Where the legal bases permits, we will carry out your instruction without undue delay. Please note, however, that where we have a legal or contractual obligation to hold your personal data, we may not be able to carry out your request but we will explain this fully to you. Please address any request to delete your data to the Data Protection Officer using the contact information above.
Should you believe that we are processing your personal data in a way that you did not understand or agree to and wish to restrict such processing, please speak to the Data Protection Officer who will be able to carry out a review and make any necessary adjustments.
You have the right to object to certain types of processing of your personal data. We will always make it clear at the outset of any new arrangement with you how we are going to process your personal data. Should you wish to object to such processing, we will give you the option to opt out. However, should you wish to discuss this matter further, please speak to the Data Protection Officer.
Due to the restricted design of the hotel databases it is technically feasible to extract and transfer information to another party. In the event, that you wish to move your personal data that we hold on you to another organisation, please contact the Data Protection Officer who will be able to advise.
You have the right to be informed about the collection and use of your personal data. This is commonly known as a ‘privacy statement’ or ‘privacy policy’. We will provide you with the information about how we collect and use your data in various means, such as by ‘just in time’ notice provided to you at the time of collecting your personal data and via this Privacy Policy. Our Privacy Policy is regularly reviewed in line with our business processes. Any changes to this Privacy Policy will be communicated via email, updated on our various websites and a printed copy will be available at each of our hotel locations. You can ask for a printed copy of our Privacy Policy by contacting the Reception of the hotel or by contacting the Data Privacy Officer.
You have a right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have a complaint with how you believe your personal data has been handled.