Using your personal data during and after your service: A database system will retain your booking information for a minimum of 12 months and serve as a Visitors Register. We will retain your booking form in paper format for a minimum of 90 days after which stage it will be securely destroyed.
At various times, we will be obliged to ask you, as an Andras House customer, for information about you and/or members of your family, such as:
Contact details (for example, last name, first name, telephone number, email)
Personal information (for example, date of birth, nationality)
Information relating to your children (for example, first name, date of birth, age)
Your credit card number (for transaction and reservation purposes)
Your membership number for brand loyalty programmes.
When is your data collected? Personal data may be collected on a variety of occasions:
Checking-in and paying / Requests,
Complaints and/or disputes
Participation in marketing programmes or events:
Signing up for loyalty programmes
Participation in customer surveys (for example, the Guest Satisfaction Survey)
Online games or competitions
Subscription to newsletters, to receive offers and promotions via email
Connection to Andras House websites (IP address, cookies)
Connection to hotel Wi-Fi networks
Online forms (online reservation, questionnaires, Andras House pages on social networks, network login devices such as Facebook login etc.).
We may use your personal data for all general service communications including sending your statement & booking confirmation. We may need to do this for the performance of the contract.
Processing card payments: We process all card payments in line with our obligations under the PCI-DSS regulations. Whenever you provide your card details to us either online or over the phone, we will encrypt the payment details before sending to our card payment and banking provider. If you pay over the phone, we will mask any card data that you provide so that this is not visible to our customer advisors as well as stopping card data from being recorded in our Call Recordings. This is regularly monitored for quality assurance as part of our PCI-DSS obligations. Any card details provided by customers via paper order forms, such as Third-Party Authorisation forms will be immediately, and securely, destroyed once processed. If you have any queries or complaints with regards to the operation of your credit card, please contact the hotel directly in the first instance so we can deal with your complaint as quickly as possible. We will need to access your personal data and account history to verify your identity for security reasons and deal with the details of your complaint. Details of any complaints received will be logged and recorded so they can be dealt with accordingly.
We will obtain your consent to send you details of our latest products and promotions via Email Marketing in a few ways. We will obtain your consent when you register your details with us, sign up to our email newsletters, enquire about a service, or enter a competition. We hold your personal data for the purposes of direct marketing to you for a minimum period of two years from the date of last contact. If you continue to use our services you will remain on the list until you request to be removed. You can unsubscribe at any time by clicking the link in any email correspondence.
We would like to keep you informed about our latest product offers and promotions using the email address you provide to us. To do this, we will ask you to opt-in to receive marketing emails when you first register for Wi-Fi at one of our hotels, sign up to our email newsletters, enquire about a service, or enter a competition. You can unsubscribe at any time by clicking the link in any email correspondence.
We will not use your telephone number to market to you. We will request your telephone number for contact related specifically to the service provided.
We may use your name and address to send you personalised marketing mails in the post. We have a legitimate business interest to send you information about our products and offers in the post as we know that many of our customers like to browse through brochures or offers prior to booking with us.
We will use social media platforms to send you online targeted marketing information about our product offers and promotions. We have a legitimate business interest to share product information via social media which we believe is of relevance to you; to do this we use paid services offered by various platforms, as well posting on our business page. Should you wish to exercise your right to stop seeing posts from the business page you can unfollow the page. For paid targeted marketing, you should review the privacy settings on your social media account.
As a valued customer, we may use your personal data to contact you by email after you have used one of our services to ask you to take part in a customer satisfaction survey. We will share your personal contact details with our brand partners who may carry out these service improvement programmes on our behalf. We have a legitimate business interest in contacting our customers in this way and will always treat your involvement in any service improvement programme, and associated personal data, in confidence. Should you not wish to participate in our service improvement programme, you can simply ignore or decline to participate at the point of contact.
You may wish to access a copy of the personal data we hold about you – known as a Subject Access Request. You can do so by ringing, writing to or emailing the Data Protection Officer using the details above. We will respond to your Subject Access Request as soon as possible and, in any event, within the statutory 30 days. However, if we need more information from you to verify your identity, which we must do to ensure we disclose your personal data to the right person, the 30-day response period will only commence from the time that we have validated your identity. Please be aware that for security reasons we do not usually provide details of any bank details that we hold against your account(s). Please speak to the Data Protection Officer should you need this additional information.
If you believe we have made an error as to the personal data we hold about you, please speak to any agent within the relevant hotel(s) who can rectify this for you. Should you wish to discuss this matter further, please contact the Data Protection Officer.
You have the right to request your personal data to be permanently deleted from our records and systems to avoid any further communication with you. Your request will always be considered in light of the legal bases that we hold, store and process your personal data and the purpose that we collected your data. Where the legal bases permits, we will carry out your instruction without undue delay. Please note, however, that where we have a legal or contractual obligation to hold your personal data, we may not be able to carry out your request but we will explain this fully to you. Please address any request to delete your data to the Data Protection Officer using the contact information above.
Should you believe that we are processing your personal data in a way that you did not understand or agree to and wish to restrict such processing, please speak to the Data Protection Officer who will be able to carry out a review and make any necessary adjustments.
You have the right to object to certain types of processing of your personal data. We will always make it clear at the outset of any new arrangement with you how we are going to process your personal data. Should you wish to object to such processing, we will give you the option to opt out. However, should you wish to discuss this matter further, please speak to the Data Protection Officer.
Due to the restricted design of the hotel databases it is technically feasible to extract and transfer information to another party. In the event, that you wish to move your personal data that we hold on you to another organisation, please contact the Data Protection Officer who will be able to advise.
You have a right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have a complaint with how you believe your personal data has been handled. For more information, please visit https://ico.org.uk/concerns