City Room Ltd,
Head Office: 13 Charles II Street (5th Floor), London, SW1Y 4QU, United Kingdom.
Telephone: +44(0)203 750 3600
If you need to contact us about this policy or other data protection-related queries, please contact our Privacy Manager by post or telephone. You may also email us on dataprotection@residenthotels.com
City Room Ltd. act as the Data Controller for the personal information we process, unless stated otherwise.
When you book our hotels or services or purchase our products you inherently trust us with your personal information. When we process your personal information, we must meet the requirements of UK Data Protection legislation. The legislation sets out requirements for data processing carried out by organisations operating within the UK. It also applies to organisations outside the UK that offer goods or services to individuals in the UK.
This Privacy Policy is designed to help you understand everything you need to know about what, why and how we process and protect your personal information. We hope you will take the time to read this document; we’ve tried to keep it as simple as possible, and we have provided some definitions of the common terms used when discussing data protection legislation.
We take our responsibilities for protecting your personal information very seriously. If there’s anything in this policy you don’t understand or if you want to ask any questions, please feel free to get in touch with us using the contact details at the beginning of this document.
To help you understand some of the terminology used in this policy we have listed the most common definitions taken from the General Data Protection Regulations below:
Data controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor: a processor is responsible for processing personal data on behalf of a controller. The UK GDPR places specific legal obligations on a processor.
Data subject: any living individual who is the subject of personal information held by an organisation.
Personal data: any ‘personal information’ relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special categories of personal information: sometimes called sensitive personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The information we collect from you has one purpose, to enable us to provide you with our hotel services and products; to do that we need to process your personal data such as your name, company, billing address, home address, telephone numbers, hotel and room number, email addresses, nationality etc. You may also use one of our third-party services to send information to us such as booking sites and secure card payment services.
We do not collect any special categories of information or ‘sensitive personal data’ about you (Guest) apart from medical or health information where you (Guest) have advised us of this to request special assistance or reasonable adjustment. We store this information to provide the assistance requested and the necessary assistance and information in case of an emergency evacuation.
For the protection of our guests and team, CCTV is in operation inside and around the perimeters of our hotels. Your image may be collected by the CCTV if you visit our premises. We process CCTV footage in accordance with surveillance regulations. If you want to understand more about how we process CCTV footage and protect the records, you can access our CCTV Policy on our website or request a copy from the Privacy Manager using the contact details at the beginning of this document.
We may use your personal information for different purposes, for example:
We may share your personal information for the above purposes, where we have a legitimate interest in processing that information, or we have a legal obligation to do so. Processing may include international transfers but only to countries which have equivalent data protection laws or under Standard Contractual Clauses as approved by the ICO. Any transfer of personal data by us or one of our appointed data processors shall take place only if the following conditions are complied with:
Government and law enforcement agencies: We may be required by law to share your data with other organisations, such as the government or law enforcement agencies:
This may include exchanging information with other companies and organisations for fraud protection and spam/malware prevention if required by law.
If we do so we will always do so securely, and we won’t share more than we need to.
Our service providers: (including their sub-contractors). We may share your information with third party businesses and service providers who are providing services and products on our behalf that requires them to process your information. We will always ensure they follow similarly high standards to those followed by the Resident Hotels Group through contractual obligations, and where necessary, we will undertake Third Party data protection audits.
A list of our third parties who we may share your information with can be found listed at appendix A of this policy.
In the unlikely event of a major issue with our IT network or infrastructure our ITC service provider may access the servers or devices where your data is stored to resolve the issue. Protection of your data is our priority and covered under our contract with the ITC service provider.
If City Room Ltd. is acquired by a third party, your personal data may be transferred to any such acquirer.
A “cookie” is a small piece of information sent by a Web server to store in a Web browser so that it can later be read back from that browser. We may use cookies to store some personal preferences for your future visits. Cookies allow us to recognise you more quickly; therefore, your time spent on our site can be more personalised and productive. You’ll find that cookies are an industry standard and are used at most major Web sites in much the same way we use them on our website.
We use Google Analytics to research user activities on our website, to enhance its performance and usability. While conducting this research Google places a first party session ‘cookie’ on your browser and collects information. As referenced above, the cookie is a small amount of information recording details of your visit to our website but does not personally identify you. The information collected is used to show us the total number of visits to our website from your web browser device and which parts of the site are used the most. It does not identify individuals, as it does not contain any personal data. This information helps us to develop our website and initiate improvements to the services. Use of cookies is standard in many websites.
If you would prefer, you can set your browser to disable cookies. You can find out how to make these changes to your browser at this site:
www.allaboutcookies.org/manage-cookies/.
The GDPR aims to give you more control of your data. It provides you with new and strengthened rights.
Right to access: you can ask us whether we’re processing your personal information, including where and for what purpose. You can also request an electronic copy of your personal information free of charge. If you require further copies of the information there may be a charge, where permitted by the legislation.
Right to restrict processing: in certain circumstances, you can ask us to restrict our use of your personal information.
Right to rectification: you can ask us to correct inaccurate personal information we hold about you.
Right to erasure (right to be forgotten): in certain circumstances, you can ask us to erase your personal information.
Right to data portability: you can ask us to provide you with a copy of your personal information in a commonly used electronic format so that you can transfer it to other businesses.
Right to object to automated decision-making: in certain circumstances, you can ask us not to make automated decisions about you based on your personal information that produce significant legal effects.
Right to lodge a complaint: you can lodge a complaint with the supervisory authority (ICO) but we ask that you allow us to see if we can resolve the problem first (See complaints and queries section).
This means you can at any time:
To exercise your rights please contact the Privacy Manager using the contact details at the beginning of this document
You have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected. We will require you to prove your identity with 2 pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.
We will need two forms of identification, which can be: passport, driving licence, birth certificate, utility bill (from last 3 months), current vehicle registration document or a bank statement (from last 3 months).
If you can advise of the specific information that you require, we can process your request more quickly. We will respond to your request within one month of you providing information that confirms your identity.
We will give you a description of your personal information we process, why we have it and who it is shared with. If requested, we will also provide it to you in a format that you can access easily.
If you wish to make a SAR request, please contact the Privacy Manager using the contact details provided at the beginning of this document and we will provide you with the necessary request documentation.
We will keep your personal information for as long as we have a relationship with you. Once our relationship has come to an end, we will only retain your personal information for a period that is calculated based on the type of information we hold and the purpose for which we hold it. We maintain a Retention of Records Schedule to communicate our record retention requirements to all relevant staff and ensure information is not retained for longer than necessary.
We only retain information that enables us to:
We are committed to protecting your personal information. We take appropriate technical and organisational measures to guard against unauthorised or unlawful processing of your personal information and against accidental loss or destruction of, or damage to, your personal information.
The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, please bear in mind that IT infrastructure and the internet cannot be guaranteed to be 100% secure
We have access security measures in place and restrict access to databases only to those who need access appropriate to their job role.
All personal information and details provided to book or access any of our services or products are stored on secure servers or in access controlled physical filing systems. We do not store credit card numbers or related identifying financial information on any of our servers.
Digital information and hard copy information is securely disposed of when no longer required. This is conducted in line with our Information Security Policy and procedure.
We try to meet the highest standards when collecting and using your personal information. For this reason, we take any complaints we receive about this very seriously. Please get in touch if you think we are using or collecting your personal information in an inappropriate way.
You can contact us using the contact details at the beginning of this document.
Should you feel unsatisfied with our handling of your personal information, and we have been unable to resolve the issue to your satisfaction, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO).
The ICO contact information can be found at https://ico.org.uk/global/contact-us/
We keep this policy under regular review. This privacy policy was last updated on 27th April 2023.
Third party processors used by City Room Ltd.
Processor Platform |
Why do we use them |
Link to their Privacy Policy |
Google Analytics |
To monitor website use. When you visit our website Google places cookies on your browser. |
http://www.google.com/policies/privacy/partners/. |
Guestline |
Room booking and guest services. |
https://www.guestline.com/privacy-policy-guestline/ |
Revinate |
Holds Guest information, feedback and used for marketing. |
https://www.revinate.com/privacy/ |
UpsellGuru |
Provides Guests with room upgrade services |
https://www.upsellguru.com/legal-privacy |
Shield Safety |
May store guest information if they have an accident at one of our hotels. |
https://shieldsafety.co.uk/ccprivacy/ |
Creditsafe |
We may use Creditsafe to perform due diligence checks on companies that have applied for an account with us. This includes credit worthiness and company checks that access director’s personal data.
|
https://www.creditsafe.com/gb/en/legal/transparency-notice/transparency-notice-business-information.html |