The Company operates Merewood Hotel, Briery Wood Hotel and Cragwood Hotel in the English Lake District. We offer hotel accommodation and event management activities (collectively the “Services”).
We have an online presence for marketing our Services (including a website) and retain certain pieces of personal data as defined by the data protection legislation, (including the General Data Protection Regulation or GDPR) in relation to our customers and prospective customers.
This statement is a privacy statement produced pursuant to GDPR which is designed to inform people using our Services and people accessing us via our online presence (“Users”) of how we collect, use and disclose personal data.
We take our data protection obligations very seriously and have produced a comprehensive suite of privacy notices for individual data processing activities, together with detailed policies setting out the individual rights of Users on things like data retention and storage, data security, breach reporting and compliance with GDPR.
Personal Data Collection and Use
In order to deliver our Services to Users, we may require you to provide us with certain information which the law regards as personal data. Very briefly, personal data is any data which might identify a living individual. This includes (but is not limited to) things like names, addresses, contact details and so on.
We do not use any personal data which we collect for marketing purposes. The personal data we gather is to allow us to properly provide the Services and/or to deal with any request for provision of the Services. In some situations, we also need to gather and use personal data to ensure compliance with any law or regulation to which we are subject including (but not limited to) compliance with our health and safety obligations. We also use your personal data in order to contact and identify you. Our reasons for processing your data and the lawful basis for processing that data under GDPR are set out in more detail in the individual privacy notices.
We will not share your personal data with anyone else except as set out in this policy statement or in any of our wider raft of GDPR policies.
Logging Personal Data online
If you access our Services or information about our Services online, we collect information that your browser sends to us automatically. This information is sometimes known as log data and may include information about your computer’s unique IP (Internet Protocol) address, together with details of the version of the browser you are using, the pages of any of our website that you visited, the time and date of those visits and the time you spent looking at each page. Retaining this data helps us improve our online presence and thereby improve our services.
Cookies are computer files containing small amounts of data that are gathered by websites which you visit when you are browsing online. They identify you anonymously, but when taken together with other sources of information, it is possible that some information contained in cookies might constitute personal data under GDPR. Cookies are sent to your browser from any website that you visit and are stored on your hard drive.
You will normally have the ability to disable cookies and you may also refuse to accept cookies when you visit our online platforms. However, you should be aware that if you refuse to accept cookies, it may impact on the functionality of websites and you may not be able to access all parts of the website or the Services.
Third Party Service Providers
From time to time, we may employ or engage third parties to help us deliver part of our Services, to deliver activities which are related to our Services or to help us analyse how our Services are being used and accessed. Where our requirements are such that we need to disclose personal data to these third party service providers so that they can carry out their tasks, we will make sure that we comply with the provisions of GDPR as regards data security.
Further information about data sharing is set out in our Data Sharing Statement.
Although we are committed to protecting your data and to complying with our extensive suite of data protection policies, you should be aware that data transmission is never 100% safe and that sometimes, notwithstanding our best endeavours, there may be breaches of data security. In that situation, we are aware of (and will comply promptly and in full) with our obligations to report breaches of data protection to you and, where necessary, to the relevant authorities.
When providing our Services, we may provide links to other service providers, either in hard copy form (such as on brochures or leaflets) or on online platforms such as our website. If you access any of these third parties through these links, you will be directed to those parties. You should be aware that we have no control over those third parties and that they are not part of our company. We cannot guarantee that third parties have appropriate data protection policies in place and by making links available, we are making no representation as to the security of your personal data should you choose to use those links. We would strongly recommend that in every case you check the data protection regime of any third party you may wish to link to. We cannot be held responsible for any issues which arise as a result of your use of such links.
We do not knowingly target our Services at children and neither do we collect information from children save in specific circumstances related to the provision of certain parts of our Services, which are covered in more detail in the relevant privacy notices and supporting documentation. In the unlikely event that we need to retain or process data relating to a child, we will ensure that the child’s parent or guardian has all the information they require in advance of data processing activity.
Changes to this Privacy Statement
We may update this privacy statement from time to time to reflect changes in law or changes in our data protection regime. Any changes will usually be effective immediately that an updated version of this privacy statement is issued.
If you have any questions or suggestions about this privacy statement or about any other aspect of our data protection regime, please do not hesitate to contact us at [email protected] marking your correspondence “Data Protection Query”. We will endeavour to respond to any request as soon as reasonably practicable.