At all times, we keep our privacy practices and the terms of this policy under review to ensure your personal data is processed as securely as possible and in accordance with applicable laws. This policy was last updated on the date given above. Any changes to this policy will be posted on our Sites and, if possible, emailed to you.
Address: Grosvenor House Suites, Park Lane, London W1K 7TN
You may also contact our DPO at: Andrew.Henning@grosvenorhousesuites.com
Personal data, or personal information, means any information about an individual from which that person can be identified. To provide you with the Services and/or the Sites, we must collect, store, transfer, analyse and otherwise process certain of your personal data. This policy describes what personal data we process and why.
The personal data we process includes:
Name and contact information. For us to provide the Services and for other purposes, we require certain information about you including your first name and surname, postal address, email address and phone number. We will use the personal data for several purposes including securing your reservation, sending you communications with regards your reservation, verifying your identity, providing you with customer support, sending marketing communications via email, direct mail, text and social media (where permitted), processing payments, and otherwise where necessary to provide you with the Services or fulfil any requests from you.
Account data. If you would like to create an account to access our Services more efficiently, we will require certain personal data from you to do this, including your name, email address and a password. You may also choose to provide additional data to your account so we can better get to know you (for example preference data, as described below).
Other reservation data. When purchasing and using our Services, in addition to the above, we may also ask for other personal data if required or permitted by applicable law including nationality, date of birth and gender. This data may be optional or required but we will clearly let you know when we ask you for it.
– Passport or other proof of ID. When purchasing and using our Services, in addition to the above, we may also ask for a copy of your passport or other photographic ID, such as a driving licence. This is so we can confirm you are the person who made the reservation to use our Services and, where applicable, to comply with applicable laws.
– Preference data. We want to ensure your use of our Services is the best it can be and therefore we like to tailor your experience to the best of our abilities. To do so, we need to know more information about you, what you like, what you don’t like, and anything else which we should know to make your use of the Services more enjoyable. This may include, for example, your room preference, whether you have any dietary requirements, whether you have any allergies, whether you have any disabilities which may or may not make require special assistance when using our Services, or your preferred language.
– Service usage data. Once you have made a reservation to use our Services, we will collect other data which could identify you related to your use of the Services. This includes, for example, the room number you stay in, your arrival time, your check-out time, and any additional Services you use while staying at our property including booking a table at one of our restaurants.
– Additional guest data. We require you provide us with the names of all persons staying under your reservation. This is so we can keep an accurate record of who is using our Services at any one time for health and safety reasons and to ensure compliance with applicable laws. The guests may also be required to provide other data included in this list and may also choose to provide additional data (such as preference data) so they can experience a more tailored Service.
– Payment data. To purchase the Services, we will require payment card information from you.
– Vehicle data. If you choose to take advantage our parking Services, we will need to know the registration number of your vehicle to ensure you can fully utilise such Service. We will also need to know the duration of time you intend to utilise such Service.
– Corporate data. If you are using our Services for work purposes, we may collect information with respect to your employment, namely the name of your employer. Your employer may also have a corporate account with us and may provide us with information about you.
– Images or footage collected by CCTV. We use CCTV at our properties to ensure all of our guests, visitors and staff are kept safe and secure. CCTV cameras are only used on our properties where it is appropriate to do so.
– Query or complaint data. Should you wish to ask us a query or make a complaint about our Services or Sites, such personal data will also be automatically added to your account.
– Customer ratings and comments. If you choose to give us a rating and/or any comments, this will be considered your personal data. We may, depending on the circumstances, record your name and email address with your rating and/or comment.
– Technical, usage and cookie data. We may collect information about your use of the Sites, including how you interact with the Sites and how often you use the Sites. We do this to better understand how to provide the Sites, what our users like about our Sites and what our users don’t like about the Sites. Such information may include, if applicable, your preferences, such as your language preference, internet protocol (IP) address, browser type and version, browser plug-in types and versions.
– Device information. We may collect information about the device you use to access the Sites including the hardware model, the mobile network, and the time zone setting.
– Third party data. We may receive certain data about you from third parties including our advertising partners, social media providers, airline partners or travel agents. This data will be used to provide you with the Services.
– Special category data. We may collect certain special category data of you if necessary for the performance of our Services or otherwise. This may include, for example, data regarding your health.
We use your personal data for the following reasons:
– to create your account;
– to provide you with Services, including:
– to allow you to make a reservation at one of our properties and use such reservation;
– to keep you updated with regards your reservation and to allow you to change your reservation in advance;
– to allow you to set up an account;
– to verify your reservation and check you in;
– to tailor your experience of the Services where possible;
– to process any payments;
– to make any bookings for Services at our properties such as in one of our restaurants;
– to allow you to use your parking Services; and
– to check you out once your stay with us is over;
– for anti-fraud and risk identification and management purposes. We use your personal data to comply with legal obligations relating to fraud and other financial crimes, and to ensure you, your personal data and your finances are protected;
– to communicate with you about your account, including with respect to any potential fraudulent activity;
– to send you marketing materials via email, direct mail, text and social media, including in relation to other products and services provided by our group companies;
– to respond to any of your queries; and
– to improve and customise our Services and Sites.
We only process your personal data when it is lawful for us to do so. Certain laws requires us to have a lawful ground when undertaking a processing activity. We rely on the following lawful grounds under applicable law to process your personal data:
– if you provide your consent, for example with respect to receiving marketing communications;
– compliance with a legal obligation to which we are subject, for example to health and safety laws;
– to protect your vital interests or those of another natural person, for example if you suffer an injury while at one of our properties; and/or
– the legitimate interests pursued by us or by a third party as listed below, subject at all times to us ensuring your rights and freedoms do not outweigh the pursued interests.
The legitimate interests we pursue are:
– to constantly improve and customise our Services;
– to tailor our Services;
– to ensure the safety and security of our Service and Site users and third parties, and to promote such safety and security; and
– to secure our Sites from harmful acts such as cyber-security breaches.
When processing special category data, we may rely on the following additional lawful grounds:
– your express consent;
– processing is necessary to protect your vital interests or those of another person;
– processing relates to personal data which are manifestly made public;
– processing is necessary for the establishment, exercise or defence of legal claims;
– processing is necessary for reasons of substantial public interest.
We may share your personal data in the following circumstances and at all times in accordance with applicable laws:
– we may share your personal data with your consent;
– we may share your personal data with certain service providers, partners or group companies that facilitate and support us in providing the Services and Sites, including in relation to carrying out promotions, storing information or undertaking promotions;
– we may share your personal data with certain service providers or group companies to analyse our Services and Sites so we can improve and provide the best Services and Sites to you and others;
– we may share your personal data if we are required to respond to law enforcement, officials, regulatory agencies and other lawful requests or legal processes, or to comply with a legal obligation to which we are subject;
– we may share your personal data with if we undergo a merger, acquisition or other form or reorganisation and pursuant to such, a third party will become the controller of your personal data; and/or
– we may share your personal data with group companies if you request a product or service provided by one of our group companies, or if one of our group companies provides us with services which relate to the provision of the Services to you.
Please note that if we are required and permitted by law to transfer any of your personal data to a country outside that in which we collected it, we will do so in accordance with the applicable data privacy legislation. This may mean your personal data is transferred to a country outside the UK or the EU, such as to the U.S. The lawful requirements will depend on the flow of personal data, meaning it will depend on whether the sharing of personal data is cross-border and which countries are involved. At all times, we will ensure an essentially equivalent degree of protection is afforded to your personal data outside the country in which you are based. We generally do this by relying on the standard contractual clauses for transfers of personal data to third countries which have been approved by the European Commission and the Information Commissioner’s Office (the UK data protection authority).
We take your privacy very seriously and work hard to protect your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place appropriate security measures to prevent this from happening, for example we use encryption tools and password protected access to certain documents.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties (as listed above) who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In certain circumstances and subject to certain jurisdictional restrictions, you may have the right to:
– Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
– Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
– Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
– Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
– Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios.
– Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
– Withdraw consent at any time where we are relying on consent to process your personal data.
– Complain to the appropriate regulator for any data protection issues. We would, however appreciate the chance to deal with your concerns before you approach the regulator so please contact us in the first instance.
To exercise one of the above rights, please contact us using the details provided above.
We may need to request specific information from you to help us confirm your identity and ensure you are able to exercise the right you wish to exercise. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.