fbpx
 

Privacy Policy

  1. Introduction
  2. Who we are and how to contact us
  3. What Does This Privacy Policy Cover
  4. What Personal Data do we collect
  5. How do we collect your Personal Data
  6. Cookie Usage
  7. Sharing your Personal Data
  8. Data Protection and Security Measures
  9. How We Protect Your Personal Data
  10. Data Collection and Processing
  11. How long do we keep your Personal Data
  12. Children’s Privacy
  13. What are your rights regarding your Personal Data
  14. Automated Decision Making and Profiling
  15. Marketing
  16. Changes to the Privacy Policy
  17. If You Fail to Provide Personal Data
  18. Glossary
  19. Complaint Procedures

 

 

  1. Introduction

Welcome to the 2 Chesham Hotel’s privacy policy. At 2 Chesham Hotel, a division of Tulip Hotels Limited, we respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website, regardless of where you access it from, and will explain your privacy rights and how the law protects you.

This privacy policy is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.

  1. Who We Are and How to Contact Us

 

  • Purpose of This Privacy Policy

This privacy policy aims to give you information on how Tulip Hotels Limited, including 2 Chesham Hotel, collects and processes your personal data through your use of our website, including any data you may provide when you make a reservation or interact with us. This website is not intended for children, and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy notices or fair processing policies we may provide on specific occasions when we are collecting or processing personal data about you. This privacy policy supplements other notices and privacy policies and is not intended to override them.

  • Controller

Tulip Hotels Limited is the controller and responsible for your personal data (collectively referred to as “Tulip Hotels Limited,” “we,” “us,” or “our” in this privacy policy). We have appointed a Data Protection Officer (DPO) who oversees questions regarding this privacy policy. If you have any questions, including requests to exercise your legal rights, please contact the DPO using the details set out below.

  • Contact Details

If you have any questions about this privacy policy or our privacy practices, please contact our DPO in the following ways:

  • Full Name of Legal Entity: Tulip Hotels Limited
  • Email Address: [email protected]
  • Postal Address: 2 Chesham Street, Belgravia, London SW1X 8DT

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.

  1. What Does This Privacy Policy Cover?

Our long-term vision is to be the preferred choice for guests, property owners, and talented professionals. Privacy and data protection are central to our mission, and we are committed to respecting your privacy rights, honoring your preferences, and managing your Personal Data with the highest level of care.

This Privacy Policy is crafted to offer you clear and comprehensive insights into our privacy practices and principles, presented in an accessible and straightforward manner. The policy outlines how we collect, process, and protect your Personal Data in the following contexts:

  • When you make a reservation at one of our hotels
  • During your stay at one of our hotels
  • When you interact with us through our website or other platforms, including social media

By using our services or agreeing to this Privacy Policy—such as by booking a room or staying with us—you consent to our collection and use of your Personal Data as described herein. Please note that separate privacy policies apply to all human resources-related matters.

  1. What Personal Data Do We Collect?

Personal Data, or Personal Information, refers to any data or combination of data that can identify you either directly or indirectly. This encompasses a range of information collected to facilitate and enhance your interactions with us. Specifically, we may collect:

  • Identification Information: Your full name, date of birth, and gender
  • Contact Details: Email address, telephone number, and postal address
  • Payment Information: Credit card details and billing information necessary for transaction processing
  • Reservation and Service Details: Information related to your bookings, preferences, special requests, and service interactions
  • Demographic Information: Age, occupation, and other characteristics relevant to tailoring our services to your needs

We may also collect, use, store, and transfer different kinds of personal data about you, grouped as follows:

  • Identity Data: Includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender.
  • Contact Data: Includes billing address, email address, and telephone numbers.
  • Financial Data: Includes bank account and payment card details.
  • Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: Includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data: Includes information about how you use our website, products, and services.
  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

  1. How Do We Collect Your Personal Data?

The collection of your Personal Data is contingent upon your interactions with us and occurs through various means:

  • Information You Provide Directly: We gather information that you voluntarily submit to us through our website, during your stay at our hotels, or via other direct interactions. This includes details entered during reservations, special requests, or communication with our staff. While you have control over the extent of information shared, please note that omitting required details may restrict your ability to complete certain activities, such as finalizing a reservation.
  • Information Collected Automatically: We automatically collect and log information when you access or use our website. This includes data related to your browsing activities and interactions with our site. For a detailed explanation of how we manage cookies and similar technologies, please refer to our Cookie Policy.
  • Information from Third-Party Sources: We may obtain Personal Data from external sources, including travel booking platforms, travel agents, credit card companies, and publicly available databases. This information helps us enhance your experience and ensure the accuracy and completeness of your data.
  • Purposes for Which We Will Use Your Personal Data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity

Type of Data

Lawful Basis for Processing

Below table contains 3 types of information: Purpose/Activity, Type of Data, and Lawful Basis for Processing

To register you as a new customer

(a) Identity

(b) Contact

Performance of a contract with you

To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

To research, filter and verify prospective experts and industry experts, and to screen for potential conflicts of interest in order to assess and recommend their appropriateness for a particular client project and to meet applicable legal, regulatory and compliance requirements

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

Performance of a contract with you

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

To enable you to partake in a prize draw, competition or complete a survey

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests

(to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table above.

  • International Data Transfers

For transfers of Personal Data from the European Economic Area (EEA) to jurisdictions outside the EEA, we implement appropriate safeguards, including:

  • Standard Contractual Clauses: We utilize standard contractual clauses approved by the European Commission, which provide a robust framework for ensuring the protection of your data in compliance with Articles 46 and 49 of the General Data Protection Regulation (GDPR).
  • Additional Safeguards: Where necessary, we apply other relevant measures to ensure your Personal Data remains secure and that your privacy rights are maintained.

For detailed information about our data transfer practices and the specific safeguards we use, please contact us through our Privacy Center.

  1. Cookie Usage

Our website uses cookies to enhance your browsing experience and personalize content. Cookies are small text files stored on your device, helping us remember your preferences and improving functionality.

  • Types of Cookies We Use

Persistent Cookies: Remain on your device to remember preferences for future visits.

Session Cookies: Temporary cookies that expire when you close your browser, enabling essential website functions.

  • Purpose of Cookies

Analytics: Tools like Google Analytics and Hotjar help us understand website usage and improve performance. Learn more about these services at Google’s Privacy Policy and Hotjar’s Cookie Policy.

Functionality: Store information like order history and preferences to facilitate website navigation.

  • Third-Party Cookies

We may use third-party cookies to enhance website performance and deliver targeted content.

  • Managing Cookies

You can manage or disable cookies via your browser settings. Note that this may impact website functionality.

  • Your Consent

By using our website, you consent to our use of cookies in line with the UK GDPR and PECR. You can adjust your cookie preferences at any time.

 

  1. Sharing Your Personal Data

When sharing your Personal Data, we ensure that third-party recipients adhere to stringent security measures:

  • Within Tulip Hotels Limited: Your data may be shared among affiliated entities to facilitate services and operational efficiency. This includes departments and partners involved in IT, commercial operations, marketing services, medical services (if applicable), and legal services (if applicable).
  • With Partner Hotels: We may share your Personal Data with hotels where you have made reservations to support your stay and manage our contractual obligations. This includes handling benefits associated with loyalty programs or guest preferences.
  • With Third-Party Service Providers: We engage trusted third parties for various operational purposes, such as customer support, digital services, IT maintenance, and marketing. These providers access only the data necessary for their specific roles, including IT subcontractors, banks, credit card issuers, external legal advisors, dispatch services, and printing companies.
  • Compliance and Legal Obligations: Your Personal Data may be disclosed to regulatory, statutory, governmental, or other relevant authorities as required or permitted by law, legal processes, or litigation.
  1. Data Protection and Security Measures

At Tulip Hotels Limited, your Personal Data is our top priority. We use a range of security measures to protect your information from unauthorized access, loss, or damage. This includes:

  • Physical Security: Secure facilities with restricted access and surveillance.
  • Technical Security: Encryption, firewalls, and regular system updates to prevent unauthorized access.
  • Organizational Measures: Restricted access to data, employee training, and incident response procedures.

We are dedicated to maintaining the highest standards of data protection to keep your information safe.

  • Data Breaches

Despite our best efforts, data breaches can occur. In the event of a data breach, we follow the procedures outlined below to manage and mitigate the impact:

  1. Notification: Should a breach affect your personal information, we will notify you as soon as possible. Our notification will include details about the breach, the data affected, and any actions you should take.
  2. Scope and Investigation: We will conduct a thorough investigation to determine the extent of the breach, including which data was compromised and how it happened. Our goal is to understand the breach fully and prevent future incidents.
  3. Data Security: We will take immediate steps to secure our systems and data. This includes updating our security measures and practices to address any vulnerabilities that were exploited.
  • Potential Consequences

A data breach may lead to various consequences, such as identity theft, unauthorized access to accounts, or other misuse of personal data. We will provide guidance on steps to mitigate any risks.

  • Your Rights

If your personal information is affected by a data breach, you have the right to:

  • Receive timely notification of the breach and its potential impact.
  • Access support and advice on protecting yourself from further harm.
  • Lodge a complaint with the relevant data protection authority if you believe your data has been mishandled.
  1. How We Protect Your Personal Data

We are committed to safeguarding your Personal Data with rigorous security measures. Here’s how we protect your information:

  • Security Protocols: We use industry-standard security measures to ensure your data remains confidential and intact. This includes secure protocols for data transmission over untrusted networks.
  • Restricted Access: Only authorized personnel and service providers who need access for legitimate business purposes can view your Personal Data.
  • Ongoing Protection: We implement comprehensive security practices to guard against unauthorized access, use, modification, and disclosure.
  • Physical Security: Our facilities use secure filing cabinets and other industry-standard measures to protect physical records.

Despite these efforts, it’s important to note that due to the global nature of the Internet, absolute security cannot be guaranteed.

  1. Data Collection and Processing

At Tulip Hotels Limited, we are committed to maintaining transparency in our data collection and processing practices. Here’s how we manage your Personal Data:

  • Purpose Limitation: We collect and process Personal Data solely for specific, well-defined purposes outlined in this policy. This ensures that data collection is relevant and adequate for our operational needs.
  • Data Collection Practices: We gather only the Personal Data necessary for our activities, and we implement measures to maintain its accuracy and ensure it is kept current.
  • Data Retention: Personal Data is retained only for the duration necessary to fulfill its intended purpose and in accordance with applicable legal and regulatory requirements.
  • Your Rights: You have the right to access, amend, correct, or request the deletion of your Personal Data. For any inquiries or to exercise these rights, please contact us at [email protected].

By adhering to these principles, we aim to ensure that your data is handled with the utmost care and in compliance with relevant laws and regulations.

  1. How Long Do We Keep Your Personal Data?

At Tulip Hotels Limited, we retain your personal data only for as long as necessary to fulfil the purposes outlined in our “List of Personal Data Processing Activities.” After our contractual relationship ends, we retain your data only if required or permitted by law. Our retention periods are guided by:

  • Purpose of Processing: Data is retained solely for the duration necessary to fulfil the specific purpose for which it was collected.
  • Legal and Regulatory Requirements: Adherence to applicable laws and regulations, including those related to tax, accounting, and legal obligations.
  • Ongoing Relationships: Data related to active memberships, marketing preferences, or website interactions is retained as long as the relationship remains active.
  • Your Requests: We honor specific requests for data deletion in accordance with applicable laws.
  • Legitimate Interests: We may retain data to manage our rights and defend against claims.
  • Retention Periods for Different Types of Data
  • Reservation Data: Data related to reservations and transactions is retained for [e.g., 5 years] to comply with legal and regulatory requirements and to manage any potential disputes or follow-up communications.
  • Marketing Lists: Personal data collected for marketing purposes is kept for [e.g., 2 years] from the date of collection. Upon unsubscribing from our marketing communications, your data will be promptly removed from our marketing lists.
  • Account Information: Data linked to user accounts, including login details and preferences, is retained for as long as your account remains active. If you close your account, we will delete your data after [e.g., 1 month], unless a longer retention is required for legal or compliance reasons.

When your personal data is no longer needed, we ensure it is securely deleted or anonymized to protect your privacy.

  1. Children’s Privacy

 

  • Commitment to Protecting Children’s Data

At Tulip Hotels Limited, we prioritize the protection of children’s personal data. We do not knowingly collect personal data from individuals under 16 without parental consent.

  • Data Collection and Use

Consent Requirement: We obtain explicit parental consent before collecting or processing data from children under 16.

Purpose and Use: Data collected from children is used only for providing our services and is not shared with third parties without parental consent.

  • Parental Rights and Actions

Access and Control: Parents and guardians have the right to access, correct, or request deletion of their child’s data. Contact us at [contact information] to exercise these rights.

Report Issues: If you suspect your child’s data has been collected without consent, please inform us immediately so we can take appropriate action.

  • Contact Us

For questions or concerns regarding children’s privacy, please reach out to us at [email protected].

  1. What Are Your Rights Regarding Your Personal Data?

At Tulip Hotels Limited, we are committed to respecting and upholding your data protection rights under applicable laws, including the EU General Data Protection Regulation (GDPR). You have the following rights concerning your Personal Data:

  • Information: You are entitled to clear and transparent information about how we use your Personal Data, as detailed in this Privacy Policy.
  • Rectification: You can request corrections to any incomplete or inaccurate Personal Data we hold about you.
  • Deletion: You may request the deletion of your Personal Data, subject to legal exceptions and obligations.
  • Withdrawal of Consent: If we process your data based on your consent, you can withdraw this consent at any time via unsubscribe links or by contacting us directly.
  • Access: You have the right to access and obtain a copy of your Personal Data, subject to certain exceptions.
  • Restriction: You may request that we limit the processing of your Personal Data under specific circumstances.
  • Portability: You can request to receive your Personal Data in a structured, commonly used format and transfer it to another data controller where feasible.
  • Objection: You have the right to object to the processing of your Personal Data, particularly when it is based on legitimate interests or used for direct marketing purposes.

These rights are designed to protect your privacy and give you control over your Personal Data. For any questions or to exercise these rights, please contact us at [email protected].

  1. Automated Decision Making and Profiling

Automated Decision-Making

At Tulip Hotels Limited, we may employ automated decision-making and profiling techniques as part of our services. Automated decision-making refers to processes where decisions are made without human intervention, based on data collected about you.

  • Purposes of Automated Decision-Making

Our use of automated decision-making serves several key purposes:

Personalization: To enhance user experience by providing customized recommendations, offers, and content based on your preferences, behaviors, and interactions with our services.

Operational Efficiency: To streamline operations such as reservation management, fraud detection, and customer service, thereby improving overall efficiency and accuracy.

  • Your Rights and Options

You are entitled to specific rights regarding automated decision-making and profiling:

Transparency: We strive to be transparent about the logic and criteria used in automated decision-making processes that significantly impact you.

Right to Object: You have the right to object to decisions based solely on automated processing, including profiling, if such decisions have a legal or similarly significant effect on you. If you wish to exercise this right, please contact us using the information provided in this policy.

Request Human Intervention: You can request human involvement in decisions made through automated processes and provide your perspective on such decisions.

  • How to Exercise Your Rights

To inquire about or exercise your rights related to automated decision-making and profiling, or to seek further clarification, please reach out to us at [email protected]. We will review and respond to your request in accordance with applicable data protection regulations.

  1. Marketing

We strive to keep you updated on the latest products, services, and offers from Tulip Hotels Limited that may be of interest to you. If you have opted in to receive marketing communications, you can withdraw your consent at any time. You have the right to request that we cease all marketing communications directed to you.

To opt out of receiving marketing emails or other communications, please contact us at [email protected], or use the unsubscribe link provided in the footer of our marketing emails.

  1. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. Significant modifications will be announced via this Website or through other communication channels we typically use to reach you. Changes will take effect immediately upon posting, unless a different effective date is specified.

  1. If You Fail to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

  1. Glossary
  • Legitimate Interest: This means the interest of our business in conducting and managing our operations to provide you with the best service/product and the most secure experience. We ensure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
  1. Complaint Procedures

At Tulip Hotels Limited, we are committed to addressing any concerns or complaints regarding the handling of your personal data. You can submit a complaint through the following channels:

Email: Send your complaint to [email protected]. Please include detailed information to help us understand and address your concerns effectively.

Postal Address: Mail your complaint to 2 Chesham Street, Belgravia, London SW1X 8DT. Include your contact details and a description of the issue.

  • Complaint Handling Process

Acknowledgment: We will acknowledge receipt of your complaint within [e.g., 5 business days]. Our acknowledgment will confirm that we have received your complaint and are beginning to review it.

Investigation: Our team will conduct a thorough investigation into the issue. We aim to resolve complaints within [e.g., 30 days], though more complex cases may require additional time. We will keep you updated on the progress of your complaint.

Resolution: Once the investigation is complete, we will notify you of our findings and any actions taken in response to your complaint. We strive to provide a clear explanation and resolution.

  • Notification and Follow-Up

After resolving your complaint, we will inform you of the outcome and any steps we have taken to address the issue. If you are dissatisfied with our resolution, you may escalate the matter to the Information Commissioner’s Office (ICO).

  • Escalation to Supervisory Authority

If you believe your complaint has not been adequately addressed, you have the right to contact the ICO or visit their website at ICO website for further information and assistance. Here are contact details:

Information Commissioner’s Office:
Wycliffe House, Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

CONTACT US