Privacy Policy

#222020.png
 
 

Privacy Policy

1 INTRODUCTION

1.1 This is the privacy notice of Place Apart Ltd, a company registered in the United Kingdom, (Company Number 09490385) whose registered address is at 41 White Church Lane, London, England, E1 7QR (the Company, our, we, us), and sets out how we collect and process your personal data. This privacy notice also provides certain information that is legally required and lists your rights in relation to your personal data. Please read this privacy notice to understand how we may use your personal data.

1.2 This privacy notice relates to personal data that identifies “you” meaning: 

1.2.1 current or potential customers of the Company, our affiliates or our strategic partners, which may from time to time include guests at any of the hotels or other properties owned, operated or managed by us, any such affiliates or strategic partners (“Locations”);

1.2.2 current or potential suppliers to the Company or its affiliates;

1.2.3 where you or someone you work for is a counterparty in a transaction involving the Company or any of Locations; or

1.2.4 where your personal data is otherwise collected in the ordinary course of the Company’s business.

If you are a prospective, current or former director, employee, consultant, secondee, work experience student, temporary worker, contractor of the Company or any other Company staff, a separate privacy notice applies to you instead. 

1.3 This privacy notice applies where the Company is a controller of your personal data for the purposes of applicable law – this is where we decide how and why your personal data is processed.

1.4 The Company may also publish other privacy notices in specific circumstances and this privacy notice may vary from time to time (as may be permitted by applicable law), so please check it regularly. 

2 HOW TO CONTACT US

If you need to contact us in connection with our use or processing of your personal data, or gain access to it then our contact details are Sebastian Drabinski on sebastian@thegate-london.com.

3 CATEGORIES OF PERSONAL DATA WE COLLECT

3.1 The categories of personal data about you that we may collect, use, store, share and transfer are: 

3.1.1 Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, marital status, title, date of birth and gender, passport, visa and other similar regulatory or official information and your contact details such as your billing address, delivery address, email address and telephone numbers;  

3.1.2 Advertising Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests; 

3.1.3 Information Technology Data. This includes personal data which relates to your use of our or our affiliates’ and strategic partner websites, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;

3.1.4 Account and Profile Data. This includes personal data which relates to your account or profile on our or our affiliates’ and strategic partner websites, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;

3.1.5 Economic and Financial Data. This includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;

3.1.6 Sales Data. This includes personal data which relates to the transactions you have conducted with us, our affiliates, strategic partners or third party intermediaries (e.g. travel agents), such as details about payments to and from you and other details of products and services you have purchased from us;

3.1.7 Audio and Visual Data. This includes personal data which is gathered using our CCTV or other recording systems in the form of images, video footage and sound recordings that is taken at any Locations or otherwise by us for promotional purposes;

3.1.8 Health Data. This includes personal data which is gathered for health and safety purposes including any accident report or claim log or any information you provide about allergies or other medical conditions during the booking process or in one of the Locations; and

3.1.9 Market Research Data. This includes personal data which is gathered for the purposes of market research, such as price comparison information.

3.2 We may also create personal data about you, for example, if you contact us by telephone to make a booking or to make a complaint, for example about our services or goods, then we may make a written record of key details of the conversation.

3.3 We may use CCTV, which is confined to public areas for a range of legitimate business purposes including for the personal safety of Staff, visitors and other members of the public and to act as a deterrent against crime. Data recorded by the CCTV system will be processed as personal data in accordance with this privacy notice. 

3.4 We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our or our affiliates’ websites. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

3.5 In addition, we may obtain certain special categories of your data / sensitive personal data, and this privacy notice specifically sets out how we may process these types of personal data. The special categories of data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. 

3.6 We do not collect any information about criminal convictions and offences.  

4 WHERE WE OBTAIN YOUR PERSONAL DATA 

4.1 We primarily collect your personal data from the following sources:

4.1.1 from information which you give to us directly, including but not limited to: 

(a) information set out in any agreements, bookings or applications which you complete, along with any other forms and documents relating thereto; 

(b) any personal data provided by you by way of correspondence with us by phone, e-mail or otherwise;

(c) any personal data provided by you in person; and

(d) any personal data provided by you when you request information on ours or our affiliates’ products or services or for other marketing to be sent to you, where you enter into a competition or promotion, or where you complete a survey from us or one of our affiliates or give any of us feedback.

4.1.2 from any third party sources which may include:

(a) our affiliates, including those entities which own or manage any hotels or other properties;

(b) our strategic partners, including entities connected with the hotel brands with whom we work from time to time;

(c) travel and other booking agents and intermediaries;

(d) advertising networks;

(e) insurance companies;

(f) legal and/or other advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act;

(g) credit reference agencies; 

(h) search information providers;

(i) information collected via websites (including cookies and IP addresses) and emails;

(j) analytics providers, data brokers or aggregators;

(k) providers of technical, payment and delivery services; 

(l) providers of social media platforms, for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter; and

(m) publicly available sources; and/or

4.1.3 via automated technologies, such as CCTV or other recording systems, cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies.  

4.2 Where we are based in the UK, processing data of individuals within the EEA, we will where required appoint a representative (which may be a group company) within the EEA in accordance with applicable law.

4.3 Where we are based in the EEA, processing data of individuals within the UK, we will where required appoint a representative (which may be a group company) within the UK in accordance with applicable law.

5 WHY WE COLLECT YOUR PERSONAL DATA

Purposes of processing

5.1 We collect personal data about you in order to: 

5.1.1 perform our contractual obligations to you. This would include:

(a) processing and performing any bookings and orders placed by you; 

(b) orders placed by us where you are a supplier;

(c) making or receiving payments, fees and charges; and 

(d) collecting and recovering money owed.

5.1.2 manage our relationship with you including:

(a) to send you important notices such as communications about changes to our terms and conditions and policies (including this privacy notice); 

(b) to provide you with important real-time information about bookings you have made with us, our affiliates, strategic partners or third party intermediaries (e.g. a change of time or location due to unforeseen circumstances);

(c) to send you information you have requested;

(d) to deal with your enquiries; and 

(e) to ask you to leave a review or feedback on us or our affiliates;

5.1.3 administer ours and our group’s business and carry out business activities; 

5.1.4 make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising;

5.1.5 communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions;

5.1.6 for internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences;

5.1.7 protect our business including to deal with any misuse of our or our affiliates’ websites and to comply with our security policies at the Locations; 

5.1.8 use your personal data to comply with our own legal and industry obligations e.g. to comply with health and safety requirements, or to assist in a police investigation; 

5.1.9 enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties; 

5.1.10 detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same);

5.1.11 finance, restructure, sell, make ready for sale or dispose of our or our affiliates business, or any of the Locations, in each case in whole or in part including to any potential buyer or their advisers; 

5.1.12 use our knowledge of any health-related personal data you disclose to us in the event of illness or injury or some other related emergency or to record any accident or injury or other incident you may suffer when visiting any of our Locations; and

5.1.13 investigate and defend any third-party claims or allegations.

Lawful grounds for processing 

5.2 Where we may rely on consent

5.2.1 For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

5.2.2 In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 1 to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.

5.3 Other legal bases we may rely on

5.3.1 Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:

(a) the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);

(b) the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;

(c) processing is necessary for the establishment, exercise or defence of legal claims; or

(d) the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include : 

(i) the provision of goods and services;

(ii) the recovery of debt;

(iii) the security of our IT network;

(iv) the prevention of fraud;

(v) marketing of goods and services and promotion of our and our affiliates’ businesses;

(vi) the reorganisation or sale or refinancing of our or our affiliates’ business, any of the Locations or a group restructure;

(vii) the study in how to develop and the update of our products and services; 

(viii) the development of our business strategy;

(ix) protecting our business and property.

(e) the processing is necessary in order to protect the vital interests of an individual e.g. where there is a medical emergency at one of our premises;

Extra conditions for sensitive  personal data

5.4 Where we are processing your special category personal data (comprising data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; data concerning sex life, sexual orientation or health; biometric data for purpose of uniquely identifying a natural person; or genetic data) one of the following conditions will also apply:

5.4.1 you have given your explicit consent to the processing;

5.4.2 the processing relates to personal data which are manifestly made public by you;

5.4.3 the processing is necessary for the establishment, exercise or defence of legal claims;

5.4.4 the processing is necessary for archiving purposes in the public interest; scientific or historical research purposes or statistical purposes;

5.4.5 the processing is necessary to protect an individual’s vital interests where the individual cannot give consent; or 

5.4.6 the processing is necessary for reasons of substantial public interest ;

6 SHARING PERSONAL DATA 

6.1 We may share your personal data with: 

6.1.1 our affiliates;

6.1.2 our strategic partners;

6.1.3 third party intermediaries;

6.1.4 third party data processers who may process data on our behalf to enable us to carry out our usual business practices;

6.1.5 taxation, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;

6.1.6 external professional advisers such as accountants, bankers, insurers, auditors and lawyers; 

6.1.7 law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;

6.1.8 third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; and

6.1.9 third parties which are considering or have decided to acquire some or all of our or our affiliates’ business, assets or shares, a Location, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation).

6.2 Where we appoint a third party processor, we will ensure that there is an appropriate agreement in place with such third party. Where such entities act as data controllers, they will be under an obligation to process your personal data in accordance with applicable laws.

6.3 Third party recipients of your personal data may, in turn, process your personal data abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism or otherwise to satisfy their regulatory requirements.  

6.4 Where  we transfer your personal information outside of the UK, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

6.4.1 the country to which we send the personal information may be approved as providing adequate protection for personal data; or

6.4.2 by utilising a contract based on “model contractual clauses” approved by an appropriate regulatory authority.

6.5 In other circumstances, the law may permit us to otherwise transfer your personal information outside of the jurisdiction in which we are located. 

6.6 If you would like further information about the safeguards we have in place to protect your personal information, please contact us by email to Sebastian Drabinski on sebastian@thegate-london.com.

7 RETENTION OF PERSONAL DATA

7.1 Your personal data will be retained as long as required (which will be kept under review from time to time and in accordance with our data retention policies and procedures):

7.1.1 for the purposes for which the data was collected;

7.1.2 in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or

7.1.3 as required by applicable laws or regulatory requirements.

7.2 We endeavour to store your personal data securely in accordance with accepted market standards.

7.3 Whilst we have taken every reasonable care to ensure the implementation of appropriate technical and security measures, we cannot guarantee the security of your personal data over the internet, via email or via our websites nor do we accept, to the fullest extent permitted by law, any liability for any errors in data transmission, machine, software or operating error or any other cause. 

8 ACCURACY

It is important that the personal data we hold about you is accurate and current. We take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you.  Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

9 ACCESS TO AND CONTROL OF PERSONAL DATA

9.1 You have the right, under certain circumstances and subject to the application of applicable law, to the following rights in respect of personal data: 

9.1.1 right to access and port personal data; 

9.1.2 right to rectify inaccuracies in personal data;

9.1.3 right to restrict the use of personal data;

9.1.4 right to request that personal data is erased; and

9.1.5 right to object to processing of personal data.

9.2 You also have the right to lodge a complaint with to the supervisory authority for data protection issues with authority over the jurisdiction in which the Company is located.  For the Company this authority is The Information Commissioner's Office (ICO).

9.3 Where we have relied on consent to process the personal data, you have the right to withdraw consent at any time by contacting us via the contact details below.

9.4 In certain circumstances the provision of personal data by you is a requirement to comply with the law. Save where this is the case, it is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are likely to be that we may not be able to perform to the level you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so.

 
Book