ARTICLE 13 PRIVACY NOTICE
Data Protection Act 2018/General Data Protection Regulations UK (GDPR UK)
THIS PRIVACY NOTICE EXPLAINS HOW WE COLLECT AND USE YOUR INFORMATION WHEN YOU PLACE A BOOKING FOR SERVICES/ACCOMMODATION/GOODS AT THE LANDING HOTEL, BIGGIN HILL.
Biggin Hill Airport Hotels Ltd, T/A The Landing is committed to ensuring that your privacy is protected. This privacy notice explains how we use the information you provide when placing a booking for services/accommodation/goods. The Landing Biggin Hill will be the controller of your data.
THE LANDING BIGGIN HILL CONTACT DETAILS
The Landing Hotel
Churchill Way
Main Road
Biggin Hill
Bromley
TN16 3BH
enquiries@thelandinghotel.co.uk
Tel No 01959 578576
www.thelandinghotel.co.uk
THE PERSONAL INFORMATION WE COLLECT
We currently collect and process the following information: –
- Name
- Address
- E-mail address
- Contact Tel No
- Passport Number (only for non-UK residents)
- Passport place of issue
- Card payment details
- Car Registration Number (only for cars being parked in The Landing Car Park)
HOW WE GET THE PERSONAL INFORMATION AND WHY WE HAVE IT
All of the above personal information we process is provided to us directly by you for the following reason: –
We are collecting your personal data in order to provide you with the service/accommodation/goods you have booked. We need to collect your persona data for correspondence purposes and/or detailed service provision. This includes for the purposes of; processing, confirming, providing and charging for accommodation and restaurant reservations and our goods and services.
We may collect your data by phone, through our website or by e-mail.
Under the General Data Protection Regulation UK (GDPR), the lawful basis we rely on for processing this information is Contractual Obligation. This means that the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract with us.
For non-UK residents under “The Immigration (Hotel records) Order 1972” we are obliged to collect the passport number and place of issue of every person over the age of 16 years who stays at our premises.
Under the General Data Protection Regulation UK (GDPR), the lawful basis we rely on for processing this information is Legal basis. This means that the processing is necessary for compliance with a legal obligation to which we are subject.
Your passport number and place of issue not be shared but will be open to inspection by any constable or by any person authorised by the Secretary of State.
Your passport details will be retained for 6 years and are stored on the Guest Registration cards.
In order to provide you with a car parking space at a date and time of your choosing we will keep a record of your car registration number.
Under the General Data Protection Regulation UK (GDPR), the lawful basis we rely on for processing this information is Contractual Obligation. This means that the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract with us.
HOW WE STORE YOUR PERSONAL INFORMATION AND HOW LONG WE RETAIN YOUR DATA
Your hard copy data is securely stored on site at The Landing Hotel in locked offices and cabinets with access only to trusted employee’s and only used for the reasons stated in this privacy notice. We are required to retain your data for 6 years from the end of the current accounting period.
Your data will also be stored on our secure UK airport server.
Your booking will be made through Guestline Software & Services. Guestline will act as a processor of your data. This software enables The Landing Hotel to extract your data to deal with your accommodation/service booking. Guestline uses the Microsoft Azure Public cloud which adheres to 75+ data security and related compliance certifications including ISO9001, ISO27001 and PCI-DSS. More information can be found here – https://www.microsoft.com/en-us/trustcenter/compliance.
Every website is made up of files and The Landing website requires a hosting service to store them so that they can be viewed online. Files are uploaded onto a server and the company that owns the server then points the web address to the files. Our website is hosted by 123 Reg who’s server is based in the UK and the data is encrypted. If data is transferred by 123-Reg outside the UK by their affiliated companies of third parties they will rely on Standard Contractual Clauses (SCC’s) and rigorous privacy risk assessments. More information can be found here Data protection and privacy policy | 123 Reg (123-reg.co.uk).
WEBSITE COOKIES
Our website will use cookies. Cookies are small blocks of data created by a web server while you the user is browsing our website. These small blocks of data are placed on your computer or other device by the user’s web browser. Cookies are used to ensure that our website runs effectively. The only potential share of your data will be when you are completing the contact form and you will be asked to give consent at this point by checking a box. A list of our standard cookies are as below:-
Ordinary User Cookies
WordPress_test_cookie |
checking if cookies are enabled in browser, expires at end of session |
Wp_lang |
Checks language , expires at end of session |
Wp-settings (ID) |
Used when admin is editing or previewing website expires after a long time, not sensitive data |
wordpress_logged_in_[hash] |
Is used to indicate when you are logged in, and who you are (encrypted format). expires at end of session. |
wordpress_[hash] |
To store the authentication details on login. The authentication details include the username and double hashed copy of the password (encrypted format), expires at end of session |
WordPress_test_cookie |
checking if cookies are enabled in browser, expires at end of session |
wp-settings-{time}-[UID] |
Stores time zone, expires after a long time, not sensitive data |
Wp_lang |
Checks language , expires at end of session |
YOUR DATA SUBJECT RIGHTS
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email datamanager@bigginhillairport.com or use the information supplied in the ‘Contact Us’, section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
THE RIGHT TO BE INFORMED
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.
THE RIGHT OF ACCESS
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If answering requests is likely to exceed one calendar month, where we require additional time or (extended by 2 calendar months), or, in the case of repetitive requests, we reserve the right to request payment (for reasonable administrative costs) before processing the request, we will inform you.’
THE RIGHT TO RECTIFICATION
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
THE RIGHT TO ERASURE (‘THE RIGHT TO BE FORGOTTEN’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
Due to the complex nature of Consent and legal exemption, we are not always able to fulfil deletion (“Right to be Forgotten”) requests, and it is essential you understand this before accessing the service.
THE RIGHT TO RESTRICT PROCESSING
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:
- The accuracy of personal data is contested.
- Processing of personal data is unlawful.
- We no longer need personal data for processing, but the personal data is required for part of a legal process.
- The right to object has been exercised, and processing is restricted pending a decision on the status of the processing.
THE RIGHT TO DATA PORTABILITY
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of Consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
THE RIGHT TO OBJECT
You have the right to object to our processing of your data where;
a) Processing is based on legitimate interest;
b) Processing is for the purpose of direct marketing;
c) Processing is for the purposes of scientific or historic research; or
d) Processing involves automated decision-making and profiling.
DATA SECURITY
To prevent unauthorised access, maintain data accuracy and ensure the correct use of information, we have in place appropriate physical, electronic and managerial procedures to safeguard and ensure information supplied is held securely, in accordance with the Data Protection Act 2018 and the UK GDPR.
HOW TO COMPLAIN
If you have any concerns about our use of your personal information, you can make a complaint to us at London Biggin Hill Airport datamanager@bigginhillairport.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Livechat via ico.org.uk/livechat
Helpline number: 0303 123 1113
ICO website: www.ico.org.uk