Crowndell Consulting Limited
The identity and contact details of the data controller
This policy does not extend to any external websites which are linked to and from our websites. Please read the privacy policies of the other sites that you visit for information on their practices and privacy.
Our contact details
Questions regarding this policy and our privacy practices should be directed to email@example.com or by writing to The Marketing Team, The Plume of Feathers, Michell. TR8 5AX. You may also call us on (01872) 511126.
What does personal data mean?
Definitions and interpretations
• “I”, “our”, “us”, or “we” refer to the business, Crowndell Consulting Limited
• “you”, “the user” refer to customers or person(s) using this website
• UKGDPR means General Data Protection Regulation
• PECR means Privacy & Electronic Communications Regulation
• ICO means Information Commissioner’s Office
• Cookies mean small files stored on a user’s computer or device
The personal data processed
What personal information do we collect from you?
Depending on your use of our services or website, we may collect and process some of the personal information such as name, email address, address and telephone number, technical data and financial accounting transactions.
How do we collect this personal information from you?
• Information you provide to us when making a booking, reserving a table or making a purchase
• Information you provide to us in order to enter a competition or promotion via the website
• Information you provide to us when you communicate with us electronically for any reason
• Your credit card number (for transaction and reservation purposes)
• information you provide to us when you fill in forms on our website
• Information you provide to us when you fill in comments cards in our hotel and restaurant.
• Information you provide to us when you sign up to our loyalty scheme
In relation to children (under 16), information requested is limited to age and must only be supplied with a parent or guardian’s permission. Further information is voluntarily supplied by a parent or guardian with their permission.
We collect and process your data for the purpose of contacting you regarding your stay, data analysis and marketing efforts to improve our service to you. If you’ve never stayed with us but are on our marketing list, please scroll down to find out how we communicate with you.
Click here for more information about how we us cookies on our website.
The legal basis
Under the UKGDPR we control and process any personal data about you electronically using the following lawful basis:
• Consent; you have explicitly given us permission to contact you
• Contract; we are delivering a contractual service to you i.e.) you have made a reservation
• Legitimate Interest; please read our Legitimate Interest Statement
• Legal Obligation
Under the UKGDPR we use the legal basis Legitimate Interest to process your data for our marketing lists. Where we rely on this for processing your data, we have carried out a Legitimate Interest Assessment.
The retention period
Our data retention policy is dictated by the Data Protection Laws and is available for inspection by submitting a written request using the contact details provided in this policy.
We may also hold onto personal data to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse or to enforce our terms and conditions. We may also keep hold of your information as required for any relevant activity, or if it is outlined in any relevant contract you hold with us.
For a copy of our Data Retention Policy please email firstname.lastname@example.org.
How is your personal information used?
This information is recorded and can be sent to third-party processors for the purpose of data analysis. It is also used to improve our marketing efforts and for targeting specific services and products. We would never release your data to any third party for marketing or mailing purposes.
We may use your information to:
• Ensure you are having the most efficient and effective on and offline experience
• Enable you to participate in interactive features of the website
• Provide you with information relating to our website, product or our services that you request from us
• Provide you with information on other products that we feel may be of interest to you in line with those you have previously expressed an interest in via our website or social media
• Process a booking that you have made with us
• Meet our obligations arising from any contracts entered by you and us • Deal with entries into a competition
• Seek your views or comments on the services we provide
• Notify you about any changes to our website (including improvements) and service or product changes
• Send you communications that may be of interest to you. These may include information about stays, events, promotions, offers, job offers, information about the hotels and the surrounding area and replies to requests and booking enquiries/confirmation
• For our internal purposes including statistical or survey purposes, quality control, site performance and evaluation to improve our website
• Administer the website
• To notify you of products or special offers that may be of interest to you
• Apply rewards to returning customers
How do we use your personal data to communicate with you?
Our communications with you will fall under two categories:
• Non-marketing: where we will contact you about your reservation (booking confirmations etc)
• Marketing: where we will send you information about the hotels and restaurants that we deem relevant to you
We only collect certain data about you, as detailed above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third-party service provider of software/applications that allows marketers to send out email marketing campaigns to a list of users. You can unsubscribe at any time by clicking the unsubscribe link at the end of the email or contacting us at email@example.com. If you are one of our customers, you will have the option to opt out at time of purchase.
We only collect certain data about you, as detailed above. If we send you postal marketing, we will have screened the names and addresses against the Mail Preference Service and we will only send you marketing that is consistent with the context in which the information was provided and concerns a similar product or service. If you are one of our customers, you will have the option to opt out at time of purchase.
Who has access to your personal data and where is it stored?
To offer you the best service, personal data may be shared, or access may be given to authorised Crowndell Consulting Limited employees. In the case of an emergency, it may also include medical services or legal services if applicable. Employee that are given access to personal information will be trained and authorised to handle such data.
Data will never be sold or rented to third parties and they will not have access to your information for marketing purposes.
However, we do have some third-party service providers working on our behalf. We may pass on information to our third-party service providers for the purposes of completing tasks and providing services to you on our behalf (e.g., processing payments on our behalf and sending you a booking confirmation email). They will not have access to your information for their own direct marketing purposes, unless this has been requested by yourself or is required by law (in the case of preventing fraud or crime). Only the information necessary to complete the task is shared.
When you are using our secure online booking system, your purchase is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. Please contact us for information on secure transactions.
If you wish to obtain a list of all third-party processors, please email firstname.lastname@example.org
Working with third parties
Occasionally we might form a partnership with a likeminded company to bring you a competition. When entering a competition hosted by Crowndell Consulting Limited we will always ask you at the point of entry if you would like to join our marketing list. If the competition is hosted on a partner organisations website, you will also have the option to join our mailing list at the point of entry. You can unsubscribe at any time by following the link at the bottom of email or by emailing email@example.com.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. For example:
• Standards of security and protection are regularly updated as necessary to meet business needs and regulatory requirements
• We have measures in place to protect against the likes of accidental loss and unauthorised access, use, destruction or disclosure of data
• There are restrictions in place on access to personal information, both physically and on computer software systems, to enable data to be stored and transferred securely
• We have a data breach policy in place, to limit damage in the unlikely event of a UKGDPR breach
• All employees who require access to personal information in their daily role are required to undergo training on the correct method of handling data and other sensitive information •Steps are in place to ensure that employees act in accordance with our information security policies and procedures
Protecting personal data during international transfers
Information which you provide to us may be transferred to countries outside the European Union (“EU”), in order to fulfil the services offered to you on this website. In some cases, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you are agreeing to this transfer, storing, or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
Data subject rights
Under the UKGDPR your rights are as follows:
• the right to be informed.
• the right of access.
• the right to rectification.
• the right to erasure.
• the right to restrict processing.
• the right to data portability.
• the right to object; and
• the right not to be subject to automated decision-making including profiling.
You can read more about your rights in detail here. If you wish to exercise any of the rights set out above, please contact us on firstname.lastname@example.org. We do not use automatic decision making.
Data subject access request
There will be no fee to access any of your personal data or any of your other rights listed above. However, if requests are unfounded, excessive or repetitive, we may charge a reasonable fee. In this circumstance, we may also refuse to comply with your request.
In the case of a request to access personal information, we may need you to help us confirm your identity by supplying specific information about yourself. This is to ensure that only the person with the right to access the data is receiving it.
We handle subject access requests in accordance with the UKGDPR. We will try to respond to all legitimate requests within one month, though this could take longer if the request is unusually complex or there are several requests. In this instance, you will be notified, and we will keep you updated.
The right to withdraw consent
It is your choice if you do or do not wish to receive information from our venues. We will not contact you for marketing purposes unless you have previously opted in or you are a previous guest, and we are entitled to rely on legitimate interests as the lawful ground for processing your data.
If you no longer want to receive direct marketing communications from us, then you can change your preferences or completely unsubscribe.
Here’s how to stop receiving marketing communications:
• Click the ‘unsubscribe’ or ‘change preferences’ link at the bottom of marketing emails sent to you
• Email email@example.com or by writing to The Marketing Team, The Plume of Feathers, Michell. TR8 5AX. You may also call us on (01872) 511126.
Requests will be processed in a timely fashion.
The right to lodge a complaint with the ICO
You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.
We are registered with the ICO under the Data Protection Register. Our registration number is: A8413652.
CCTV information notice for Crowndell Consulting Limited
Crowndell Consulting Limited manages the operation of CCTV on both of its hotel, bar and restaurant sites, including around the entrance and exterior of the buildings. On visiting either venue, we may capture CCTV footage of you.
What is the CCTV footage used for?
The footage we record is used for the prevention and detection of crime and to protect public safety on our premises. We will only share CCTV footage where we are legally obliged to do so, or where we can do so under exemptions in the Data Protection Act – for example for the prevention or detection of crime.
Where is the CCTV?
Cameras operate at various locations around each site, with appropriate signage in place to inform the public that they be being recorded. This personal information may include your activities, your face, car registration details and other visual information about you which is recorded on our CCTV system.
Where is the CCTV footage stored?
CCTV footage is kept in a key-pad locked room and can only be accessed by authorised Crowndell Consulting Ltd Employees. The footage is then stored for up to 30 days, upon which time the data is automatically deleted.
When might footage be stored for longer?
Footage may be kept for longer than the standard retention time following requests from:
• The police and other law enforcement agencies: to carry out policing, assist investigations, trace missing people and investigate alleged criminal activities
• The security services: where relevant for matters of national security
• People who have been injured, attacked or had property damaged or stolen and their insurance providers: to assist them with any criminal or civil investigations or legal proceedings
• People who have been involved in road traffic accidents and their insurance providers: to assist with insurance claims, legal claims and investigations
• Private and other investigators: to aid their investigations
• Any relevant regulators: where we are required to do so by law or to assist with their investigations or initiatives, and this includes but is not limited to the ICO
This period can vary as it will depend upon the circumstances of the case, but for criminal or civil legal proceedings this could mean that the personal information is retained until after the legal case and any appeals have been concluded (which could be up to several years). Once no longer required, we will then delete the personal information.
Who do we share your data with?
We share your personal information with the following parties:
• Suppliers, service providers and advisors to us to manage and operate the CCTV system as our data processor and organisations that provide us with legal, property and insurance advice.
• Joint data controllers who may jointly operate and maintain the CCTV system with us.
We do not disclose personal information to anyone else except as set out above unless we have your consent, or we are legally obliged to do so. We do not sell your data.
What are your rights?
You have the right to see footage that you appear in and you can make this request by contacting Crowndell Consulting Limited via the details included at the top of this document.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
We endeavour to keep our records as up to date as possible. If want to your personal data held by us, please email at firstname.lastname@example.org, you can also write to: The Marketing Team, The Plume of Feathers, Mitchell, TR8 5AX.
Review of this policy
Resources & further information
• Overview of the UKGDPR – General Data Protection Regulation
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations 2003
• The Guide to the PECR 2003