Security and Privacy Notice
Bournemouth West Cliff Hotel
The privacy and security of your personal information is extremely important to us. Please read this privacy notice carefully, as it explains how and why we use your personal data, to make sure you stay informed, so you can be confident when you share your information with us.
The purpose of this privacy notice is to inform you on how your personal data is used here by us at the Bournemouth West Cliff Hotel when you are a guest at our hotel.
1) Who We Are
We are the Bournemouth West Cliff Hotel, Durley Chine Road, Bournemouth, Dorset BH2 5JS, which is owned by Boundless by CSMA.
In this policy whenever you see the words ‘we’, ‘us’, ‘our’, ‘Boundless’ or ‘Bournemouth West Cliff Hotel’, it refers to Boundless by CSMA, a trading name of Motoring & Leisure Services, a subsidiary of the Civil Service Motoring Association Limited (registered company number 02813598) and we are authorised and regulated by the Financial Conduct Authority.
- Email: firstname.lastname@example.org
- Post: Guest Services, Boundless, Britannia House, 21 Station Street, Brighton BN1 4DE
- Telephone: 01202 751 000
We have a Data Protection Officer, Andy, who is also happy to answer any questions or concerns you might have and can be contacted directly at email@example.com.
2) Our commitment to you
The security of personal information is extremely important to us and we are committed to protecting and respecting your privacy. In this notice we aim to be honest and clear about how we handle the information we collect from you or create about you. We will detail how we collect, use and safeguard your personal information and any conditions under which we may need to share personal information.
We will also cover how information may be used for marketing and communication activities, your choices in this regard, your privacy rights and how the law protects you.
We’ll never sell your personal data and will only share it with organisations we work with when it’s necessary and the privacy and security of your data is assured.
3) What personal data do we collect?
Personal data is any information that can be used to identify an individual personally, that is collected, stored and used by us. We’ll only collect the personal data that we need, and when we do we are subject to the General Data Protection Regulation (GDPR) which applies across the European Union (including the United Kingdom). We are responsible for your data as a ‘controller’ of any personal data we collect for the purposes of those laws.
3a) Personal data provided by you
This includes information you give when interacting with us, for example when you make a booking, create an online account, make an enquiry or stay at our hotel. Data we collect includes:
- Name, address, telephone number, email address, credit / debit card details when you either making a booking or create an online account.
- Your comments, views and opinions regarding your experience or stay
- Name and contact details when making an enquiry
- Name and contact details when booking for afternoon tea or to use the restaurant
There maybe be other times that we process your information – please refer to our other privacy notices for further information:
- Leisure Club & Spa
- Gift Vouchers
There maybe be times that we collect additional information about a health-related matter. In some cases, we may need to create a Personal Emergency Evacuation Procedure with you (PEEP) which is a document that details any assistance that maybe required in an emergency. This will be done with trained hotel staff upon arrival at the hotel.
3b) Personal data we automatically collect
We may automatically collect the following information from your use of the hotel website:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier.
- Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to, scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number
- The terms that you use to search our website.
When using the hotel car parks, your vehicle registration number is captured automatically through vehicle recognition cameras as well as CCTV. This is run by a 3rd party company called Parkineye and they are the data controller of vehicle data.
3c) Personal data collected by your involvement with us
Our hotel uses CCTV cameras in a number of public locations for safety and security monitoring purposes. All guests and visitors will therefore have their images captured by these cameras but the information is deleted after a short period in line with our CCTV policy (30 days).
In certain cases, some third parties may share details of your purchase with us if you make a booking through third part. You should check their privacy notice at the time of booking.
4) How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the Data Protection Act 2018, GDPR and the Privacy of Electronic Communication Regulations 2003, and any successor legislation to these.
Under these data protection laws, we can only use your personal data if we have a proper reason for doing so, such as:
- to comply with our legal and regulatory obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
If we are asked by the police, law enforcement agency or any other regulatory or government authority investigating suspected illegal activities, we may need to disclose and exchange information with that authority to comply with our legal and regulatory obligations.
Below are the key reasons we may process your data:
|Ref||Personal Data||Point of Collection||Purpose of processing||Lawful Basis|
Name, address, email address, telephone number
|When making a booking
Creating an online account
|- Communicate with you in regard to a booking, manage reservations, accommodation requests and other hotel services
- Manage your stay with us
|Carrying out our contractual obligations|
Credit / Debit card details
|Making a reservation
Use of facilities
|- Manage your reservation, accommodation requests
- Complete your check-in/check-out, process payments
Carrying out our contractual obligations
Arrival / departure dates, room details
|When making a booking||- Manage your booking and your stay with us
- Manage your use of the restaurant
Carrying out our contractual obligations
Vehicle registration number
|When entering or leaving our car parks||- Manage our car parking facilities
- Ensure the safety of all the vehicles using our car park
- Combat unauthorised parking
Carrying out our contractual obligations
Name, email address
|Your questions and comments or complaints you make about our hotel||- Collect feedback about the service we have provided
- Make improvements and monitor customer experience
Name, contact information
|Making a reservation at the hotel (eg for Afternoon Tea)||- Provision of services||Carrying out our contractual obligations|
|g||Contact Detail Name, email address||Registering to use our free wifi||- Provision of services||Carrying out our contractual obligations|
Name, contact details
|Making a general enquiry||- To respond to your requests||Legitimate Interests|
|I||Boundless membership number||At time of booking||- To validate membership||Carrying out our contractual obligations|
|When making a booking, purchase of gift vouchers or from our website.||- Opting into our mailing list||Consent – opted into.|
|K||Name, health related information (though not specifics)||Upon arrival when / if a PEEP is required||- Required||Vital Interests -|
There maybe be other times that we process your information – please refer to our privacy notices for further information:
- Leisure Club & Spa
- Gift Vouchers
5) Updating your data and marketing preferences
We want to keep our customers up to date with information about special offers, benefits and improvements to our facilities and services.
When you engage with our marketing activities, either electronically on line via website or social media, or in person at the hotel, we will ask you if you want to opt-in to receive this type of promotional information (as described in 4j). If you provide your consent to this, you may opt out at any time.
If you decide you do not want to receive this marketing information, you have the right to ask us to not process your personal information for marketing purposes.
We reserve the right to contact our hotel customers as necessary to fulfil the obligations and administration of our services. We will also communicate as deemed appropriate by boundless any changes to the product, services ort facilities of the hotel which we feel you should be aware of.
6) Cookies and our Website
The hotel website is developed and maintained by Then Hospitality, who we have contracted as a Data Processor to run the website.
7) Keeping your personal data
We will only use your information for as long as it is required for the purpose it was collected for. If we collect your personal information, the length of time we retain it is determined by a number of factors, including the purpose for which we use that information and our obligations under other laws.
We will retain your data for 7 years in accordance with the Limitation Act 1980. This acts states either you or we may bring a claim for breach of contract within six years of the event giving rise to a breach. In order that we may defend or bring a breach of contract claim (and to comply with disclosure requirements) we keep your account record for 7 years. This period takes into account the 4-month period during which a claim form, issued on the last day of the limitation period, remains valid for service and for any extension for service which may be granted by the court.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
If you have an online account that has not been used for more than 18 months, the account will be deleted.
CCTV images are not kept for more than 30 days.
Where a PEEP has been created, we will retain a paper copy of this for 3 years. If a PEEP is in relation to a child, then it will be retained up until the child is 18 years and a further 3 years after that.
8) How we secure your data
We maintain physical, electrical and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. We have taken technical and organisational measures to secure your data, including:
- This website has a secure https:// address (URL). This means that a SSL certificate is in place so that if you submit any data via the website, then your information is encrypted whilst it is being transmitted to the applicable database or email server
- We limit access to your personal data to those who have a genuine business need to access it. Only employees who need the information to perform a specific job are provided with access to your data. Those processing your data will do so only in an authorised manner and are subject to a duty of confidentiality. Contracts will be in place to protect any personal data.
- All our staff complete mandatory information security and data protection training on employment and annually thereafter to reinforce responsibility and requirements set out in our information security policies.
- We conduct Privacy Impact Assessments in accordance with Data Privacy guidelines
- We implement appropriate measures and controls, including monitoring and physical measures, to the processing and storage of data.
- We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
- We require, through the use of contract and security reviews, our third party vendors and providers to protect any personal information with which they are entrusted in accordance with our own policies and procedures
9) Disclosing your information to third parties
When we allow third parties acting on behalf of Boundless to access your information, we will always have complete control of what they see, how long they see it and what they are allowed to do with it by imposing strict contractual obligations on them such as data sharing agreements. We do not sell or share your personal information for other organisations to use.
Personal data collected and process by us may be shared with the following groups where necessary:
- Boundless employees and hotel staff
- Third party cloud hosting and IT infrastructure providers who host the website and provide IT support in respect of the website.
Also, under strict controlled conditions:
- Service providers providing services to us
10) Where your personal data is held
Your personal data is primarily held in our data bases which are Microsoft systems located in the EU. Your data may be held at our hotel, third party agencies, services providers, representatives and agents as described above. All systems are cloud based with servers located within the European Economic Area and we do not pass your information outside of the EEA.
11) Your rights
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal information (the right of access)|
|Rectification||The right to require us to correct any mistakes in your personal information|
|To be forgotten||The right to require us to delete your personal information—in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal information—in certain circumstances, for example, if you contest the accuracy of the data|
|Data portability||The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations|
|To object||The right to object:
—at any time to your personal information being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal information, for example, processing carried out for the purpose of our legitimate interests.
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
|Right to withdraw consent||If you have given us your consent to use your personal information, you can withdraw your consent at any time. This might impact our ability to provide goods and services to you|
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- Send a written request by either email or letter to our Data Protection Officer (please see ‘who are we’)
- email, call or write to our Data Protection Officer (please see ‘who are we’)
- let us have enough information to identify you;
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
12) How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
We’ll amend this privacy notice from time to time to ensure it remains up to date and reflects why we collect and use your personal data. Please visit our website to keep up to date with any changes. The current version will always be posted on our website – www.bounemouthwestcliffhotel.co.uk
Do you need extra help?
If you would like this notice in another format (for example, large print or braille), please contact at firstname.lastname@example.org or telephone: 01202 751000