Q Hotels logo

Customer Privacy Policy

OUR COMMITMENT TO PROTECTING YOUR PRIVACY
The QHotels Collection is committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations. We know that you care how information about you is used and shared. Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely.  

That means that the information we collect and use relating to you is information that we need in order to provide services to our guests, visitors and members, manage our business and carry out our obligations to public, law enforcement and regulatory authorities.

We do not hold information longer than we need to, we hold the information securely and where we dispose of it, we do so responsibly and safely.

WHY WE HAVE THIS PRIVACY POLICY 
The purpose of this Privacy Policy is to help explain what personal information we collect and use, what we do with it and what your rights are in relation to your personal information.

So this Privacy Policy describes:
1. The type of personal information that we may collect about you. This will depend on the nature of your stay with or visit to us or any membership of our leisure and golf clubs
2. How we may get this information
3. Why we have and use this information
4. The lawful basis we rely on to be able to process your information
5. Who we share your information with and why 
6. How we store your personal data and for how long 
7. Your rights in relation to your personal data and how to exercise them

“Personal data” or “personal information” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number). Before providing us with this information, we recommend that you read this Policy.

ABOUT THE QHOTELS COLLECTION 
The QHotels Collection is a selection of 19 hotels and resorts which combine:

  • Individual hotels and resorts operated by The QHotels Collection
  • As well as branded hotels and resorts from:
  • DoubleTree by Hilton
  • Delta by Marriott

Customer Personal Data will therefore be held, dependent on the booking and the hotel or resort, variously by The QHotels Collection and any brand owner.

Accordingly guests or customers of Hilton or Marriott should, in addition to reading this Privacy Policy, also read the relevant privacy policies or notices of these brands at:

 

1. WHAT TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
What this data is will depend on how you visit or contact us, when and on what basis. People visit or contact us for many reasons and these reasons can change over time. They are likely to visit or contact us for private or family purposes. But they may contact or visit us for business reasons. Any visit or contact may be about visiting us as a guest, dining with us, holding a special occasion with us, joining as a member or using our golf or leisure clubs, using the Spa, attending an event or conference or just using our facilities or pop in. You may have arranged this, or you may accompany someone else.

Accordingly, in this Privacy Policy, while we will try to be specific, we may on occasions refer to ‘customers’ as a way of encompassing all these types of relationships and uses of our facilities.

In order to enable us to welcome and accommodate you, we will need to be able use information relating to you, most of which will be provided by you to us. However, some may be provided to us by a third party such as a travel agency, booking website, hotel partners etc.

The principal types of personal data involved are:

Types of Personal Data

Description of this Type of Personal Data

Contact Details

This is your principal contact information and includes your name, telephone number, address and email address

Personal Information

This is the personal data that is provided by you to help us confirm your identity, provide you with services, enable parking (such as Vehicle Registration) or transport such as taxis and help with your visit. You may want to provide us with personal data that relates to preferences or needs. Or you may provide us with information relating to allergies, intolerances, or health or medical conditions including special needs - when we take this sensitive data from you we may ask you to give us specific consent to process that data.

Depending on the nature of your time with us, other information may be necessary to be used. This could include:

·        For hotel and event guests and visitors, it may include your Date of Birth, Nationality, Passport details (in relation to non-UK visitors), loyalty programme details, and your personal preferences

·        For leisure and golf club members, prospective members and users, it may include a membership number, further health details or history, or photo ID

Payment Information

This is the personal data that is provided by you directly or via a Booking Partner that enables us to take a payment from you for our services.  This may include payment card and bank details

Safety and Security Information

This is the personal data that we collect to help keep you safe within the hotel, facilities and grounds.  This may include CCTV images, lone worker recording or it may include information relating to accidents or injuries of yours or others

Feedback and Complaints Information

This is the personal data that you supply to us in relation to any feedback or complaints

Service Usage Information

This is the personal data that we may collect or use from your visit or use of our services or from calls and correspondence you have with us including in relation to gym, golf or spa services.  This can help us tailor our services to you and others either at the time or to enable us to improve services subsequently

Family/Party Data

This is the personal data that you supply us in relation to the people that you are with or in relation to whom you make a booking or reservation.  For those who are under the age of 18 we will normally limit the data we collect as much as possible

 

2. HOW DO WE GET THIS INFORMATION?
Usually, most information will have been provided by you to us. But in some circumstances, someone else may have. This could be a third party such as a Travel Agent, a booking service, a friend or contact who has made a booking, an event organiser or someone you’ve accompanied to visit us.

The data may be collected at various times and in various locations including any of the following:

  • When enquiries are being made about a potential stay, booking or visit
  • When someone makes a reservation or booking
  • At check in
  • When someone attends an event or comes to our facilities
  • When using the restaurant/room service
  • When using the concierge service
  • When using the leisure, golf or spa facilities
  • When using the communal hotel areas
  • When providing feedback or making a complaint

We may also collect data about you when you visit our websites.  We do this by using Cookies. For more details on what information we may collect from you when you visit our websites please see our separate Cookies Policy here.

 

3. WHY WE USE YOUR INFORMATION
The table below describes the purpose for collecting your data and the categories of data collected:

Purpose

Categories of Data Collected

To make a reservation or booking for you and enable you to pay us for our services

·        Contact Details

·        Payment Information

·        Personal Information

To enable us to communicate with you ahead of your arrival with relevant news and updates

·        Contact Details

·        Personal Information

To help you make bookings around the hotel for meals, spa, golf etc

·        Contact Details

·        Payment Information

·        Personal Information

To answer queries or help ensure we can tailor our services to your requirements before, during and after your visit

·        Personal Information

·        Service Usage Information

To help ensure we can keep you, your property and our workers reasonably safe and secure whilst you stay with us

·        Safety and Security Information

·        Contact Details

·        Personal Information

To help ensure we can manage your application to be a Leisure or Golf Club member

·        Contact Details

·        Payment Information

·        Personal Information

To help ensure you can exercise your benefits and rights as a Leisure or Golf Club member

·        Contact Details

·        Payment Information

·        Personal Information

To help ensure you can feed back to us important information about your experiences as our customer so we can resolve challenges and improve our services

·        Feedback & Complaints Information

To help us provide promotional, marketing and relevant information to you about services and offers from The QHotels Collection Group

·        Contact Details

·        Personal Information

To help ensure we can update your loyalty programme information

·        Personal Information

To provide the legal and regulatory authorities with specific information they appropriately request from us within their legal authority and to help ensure we are combatting Fraud and Financial Crime

·        Contact Details

·        Payment Information

·        Personal Information

To help us recover any debt that may be owed by you to us

·        Contact Details

·        Payment Information

·        Personal Information

A NOTE ABOUT MARKETING
We want to keep our customers up to date with information about special offers, benefits and improvements to our facilities and services.

We aim to keep existing or former customers or members updated about similar services to the ones they have already bought but we provide an opportunity to unsubscribe from communications at the time of booking or the taking of membership and thereafter whenever we contact them.

For potential customers and people making enquiries, we will ask you if you want to opt-in to receive promotional information such as special offers.  If you consent to receive marketing, you may opt out at a later date and we will provide opportunities to unsubscribe whenever we send a promotion. You can also request that we stop contacting you for marketing purposes by emailing [email protected], or via the unsubscribe link within any marketing Email or SMS which you receive. Please bear with us for a short period after sending an unsubscription request while your request is dealt with.

Otherwise, we will send information which is not marketing to customers and anyone on our mailing list about things like changes to facilities, any building work or administrative information that they may need relevant to a stay or visit including in relation to payments, availability of facilities, opening hours and other arrangements.

We may also engage in marketing with individuals on behalf of their businesses and organisations as we are allowed to do under the Privacy and Electronic Communications Regulations. Where this is the case, we will make it clear in any communication that we are contacting them on behalf of their business or organisation for the purposes of that entity. This kind of marketing does not require their consent. However we will enable them to say if they do not want to receive any further marketing on behalf of their business or organisation and we will unsubscribe them from any further such marketing.

The QHotels Collection will not share your information with outside companies for their marketing purposes. However please bear in mind that when you book through a third party booking service, they will have their own marketing preferences and approach which will be separate to ours.

 

4. THE LAWFUL BASIS WE RELY ON TO BE ABLE TO PROCESS YOUR INFORMATION 
The Data Protection regulations are very clear when they state, that in order to process your personal information, we need to do so on the basis of one of the 6 proscribed “lawful bases” (rationales).  The table below sets out which lawful basis we rely on to process your personal data for each purpose:

Lawful Basis for Processing

Purpose

Contract

·        To make a booking or reservation for you and enable us to provide those services to you

·        To enable us to bill you and for you to pay us for our services

·        To help ensure we can manage your application to be a Leisure or Golf Club member

·        To help ensure you can exercise your benefits and rights as a Leisure or Golf Club member

·        To help us recover any debts that may be owed to us by you

Legitimate Interests

·        To enable us to communicate with you ahead of your arrival with answering queries and providing relevant news and updates related to your reservation

·        To help you make further bookings and reservations etc around the hotel, such as for the spa or the restaurant

·        To help ensure we can tailor our services to your requirements before and after your stay with us

·        To help you access further services you may require including guest laundry, room service or deliveries you have ordered

·        To help ensure we can keep you and your property reasonably safe and secure whilst you stay with us including in relation to operating CCTV or helping secure exceptional valuables

·        To help us or medical or emergency services to follow up or assist with any medical or health event, accident or injury

·        To help ensure you can feed back to us important information about your experiences as our customer so we can resolve challenges and improve our services

·        To enable us to communicate with you about similar services that you may be interested in based on your stay with us

Consent

·        To help us provide promotional, marketing and relevant information to you about services and offers from The QHotels Collection Group

·        To help ensure we can update your loyalty programme information and operate our loyalty programme

·        To help ensure we can process special category data you need us to have to help tailor our services to you e.g. health information

·        To help us understand how customers use our websites via the use of Cookies

Legal Obligation

·        To validate the identity of overseas visitors in accordance with UK requirements

·        Managing and maintaining emergency evacuation arrangements for guests, visitors and members

·        Managing any data protection requests from guests, visitors and members

·        To provide the legal and regulatory authorities with specific information they appropriately request from us within their legal authority and to help ensure we are combating Fraud and Financial Crime

 

5. WHO WE SHARE YOUR INFORMATION WITH AND WHY
Protecting the personal data of our customers is very important to us and we do not sell this information to others. But in order to offer you the best service, we may, when appropriate or necessary share your personal data with third parties for the purposes outlined above. For example, we work with a number of trusted suppliers, agencies and businesses in order to provide you with the high-quality services you expect from us. We may need to share your personal data in order to work with a third party whom you have asked us to work with, such as in relation to transport or an event. Or we may need to send information to a third party for the purposes of supplying you with services and improving your stay or leisure club membership experience.

Some examples of the categories of third parties with whom we share your data are:

Third Party

Purpose

Brand owners

The QHotels Collection works with Hilton and Marriott hotels in order to make hotels and resorts from those providers available in The QHotels Collection portfolio. As part of doing this, The QHotels Collection may need to share personal information with them

Booking Service Providers

The QHotels Collection works with a number of trusted partners who take bookings for our hotels, spas, golf courses and restaurants.  This includes branded hotel partners such as Marriott and Hilton and web-based booking service partners

IT Providers

The QHotels Collection work with a number of businesses who support our website and other business systems.  This includes those Partners who provide data storage facilities to us

Marketing Services Providers

The QHotels Collection works with marketing companies who help us manage our electronic communications with you or carry out surveys and reviews on our behalf

Lone Worker Alarm and Monitoring

Providers of systems to enable alerts and monitoring to be activated in situations where Lone Workers need support or assistance

Payment Services Providers

The QHotels Collection work with trusted third-party payment processing providers and banks in order securely to take and manage payments

Regulators, Local Authorities and Law Enforcement Agencies

The QHotels Collection will, if required by law, release your personal information to law enforcement and government agencies, local authorities and regulators 

Fraud Prevention and Debt Management and Recovery Service Providers

The QHotels Collection may exchange information with other companies and organisations for verification of identity, fraud protection, credit risk reduction and debt collection

Business purchasers

As we continue to develop our business, we might sell or buy hotels, leisure clubs or golf clubs. In such transactions, hotel guest, leisure and golf club member information is generally one of the transferred business assets.  However, it remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the customer or member consents otherwise).  Also, in the unlikely event that The QHotels Collection or substantially all of its assets are acquired, personal information will be one of the transferred assets

 

6. HOW WE STORE YOUR PERSONAL DATA AND FOR HOW LONG 

WHERE IS YOUR INFORMATION STORED?
Your information is primarily stored on our IT and physical storage systems that are based primarily in the UK and in the European Economic Area (EEA).  

However, your data may be transferred outside of the UK & EEA and processed by staff and organisations outside of the UK & EEA in order to provide our services. Countries outside of the UK & EEA may not provide the same level of legal protection when it comes to your personal information. 

Any transfers outside of the UK & EEA will be conducted in accordance with UK GDPR, including the use of processors based in the United States. By submitting your data to us, you agree to this handling. We will base any sharing of data outside of the UK & EEA on the following: 

a) the transfer is necessary for the delivery of our services
b) the transfer will be based on the standard data protection clauses for transfer of personal data to countries outside of the UK & EU/EEA adopted by the European Commission

Note: some non-EEA countries are recognised by the European Commission as providing an adequate level of data protection to UK & EEA standards. You can read more about this at:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data.

 

HOW IS YOUR PERSONAL INFORMATION PROTECTED?
The QHotels Collection takes data security seriously. We take the appropriate technical and organisational procedures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorised access or disclosure.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal information back to you.

Our information security policies and procedures are aligned with widely accepted international standards. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

To this end, we have taken the following technical and organisational measures;

1. TECHNICAL MEASURES:

  • We have in place firewalls and encryption of computer and mobile device systems.
  • When personal data is transferred TLS encryption technology is used.
  • We have in place User ID / Password systems and procedures and Two Factor authentication on our internal systems as well as only permitting access from ‘Trusted Locations’

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when you transmit it via email; therefore, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

2. POLICIES & PROCEDURES:

  • We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
  • We place appropriate restrictions on the levels and type of access to personal information and have organisational measures such as user IDs / passwords to control staff access to personal data in line with their job requirements.
  • We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
  • We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies
  • We require privacy, information security, and other applicable training on a regular basis for our employees who have access to personal information and other sensitive data
  • We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
  • We require, through the use of contracts and security reviews, our third-party data processors to protect any personal information with which they are entrusted in accordance with our security policies and procedures

Where the The QHotels Collection engages third parties to process personal data on its behalf as its data processors, those third parties are required to do so in accordance with UK GDPR on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and company measures to ensure the security of data.

3. HOW LONG WE RETAIN YOUR PERSONAL DATA FOR 
If we collect your personal information, the length of time we retain it is determined by a number of factors. These include enabling us to fulfil any contract with you, to enable us to provide you with services, the purpose for which we use that information and any obligations we have. Our obligations will include requirements to retain information and records for specific reasons such as for tax, legal or regulatory purposes. How long we keep your personal information will depend on these factors. Where we hold your information for more than one purpose then we may need to retain it for the longest of the periods required. For example:

  • For up to 7 years for accounting, business reporting and audit purposes
  • For up to 3 years in the case of accident reporting
  • For the period of any membership of our golf or leisure clubs plus any period after that membership for which we are required to retain records which may be up to 7 years
  • For up to one month in relation to CCTV recording, the length of time being dependent on the system and storage of the individual hotel and which may be shorter than one month

In some cases we may need to keep personal information for longer if it is needed for the resolution of an outstanding matter such as litigation, any internal or external investigation, recovery of any debt, a complaint or handling a query.

In other areas, where we are not constrained by legal, tax or regulatory requirements, we may choose or be required to delete your personal information sooner such as if we no longer need it.

You have a right to request erasure of your personal information at any time. This is one of the rights explained below in Section 7. However, please note this is a qualified right and that we may not be able to delete all personal information where we are required to keep it such as for legal, tax or regulatory purposes.

4. DELETING AND DESTROYING YOUR PERSONAL DATA
Personal Data may be destroyed or deleted at the earliest of:

  • At the end of the period for which it is retained
  • When it is no longer required or
  • If the data is erased following a suitable request from the individual to have it deleted, exercising their right as we explain below

Where we delete or destroy Personal Data, it will be disposed of securely and carefully:

  • Personal Data stored electronically would be deleted using the standard data deletion method for each system; and
  • Personal Data stored in hardcopy form would be securely disposed of

 

7. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA AND HOW TO EXERCISE THEM
Under UK GDPR and the Data Protection Act 2018 you have certain rights over your personal information. The rights available to you depend on the lawful basis for processing your information. Accordingly some rights may not be exercisable in every instance. For example, where we are required by law or regulation to retain some data or records, it may not be possible for us to execute a request to delete that data.

We will respond as promptly as we can. In general we have one month in which to respond to your request from the day after the date on which we received your request, unless there are special circumstances, such as where you make a complex request or more than one request, where we may need extra time of up to two additional months.

Please remember that we may need to ask you for identifying information to verify your identity. We do this to protect your personal information and your interests. There is more detail on this below.

WHAT YOUR RIGHTS ARE
Your rights include the right to access your personal information, the right to correct your personal  information (if it is inaccurate or incomplete) and in some circumstances you have the right to restrict or stop the processing of your personal information. 

Where your personal information is being processed on the basis of your consent, you can withdraw this consent at any time. You also have the right to ask for your personal information not to be processed where it is being processed on the basis of a “legitimate interest”.

There are some circumstances in which you can request the deletion of your information and these include:

  • When the personal data is no longer necessary for the purpose for which it was originally collected or processed 
  • If your consent is being relied on as a lawful basis for holding the data, and you have withdrawn your consent 
  • Where legitimate interests are being relied on as the basis for processing and you object to the processing of your data, and there is no overriding legitimate interest to continue this processing 
  • Where the personal data is being processed for direct marketing purposes and you object to that processing 
  • The personal data has been processed unlawfully i.e. without an appropriate lawful basis 

You have the right to ask for your personal data to be transferred to another organisation where it is technically feasible and you have the right to get your personal data in a commonly used format, machine readable format such as a csv file. This right only applies: 

  • To personal data you have provided
  • To personal data that is held electronically
  • Where the processing is based on your consent or for the performance of a contract between us and you
  • When processing is carried out by automated means 

You can find further information on your data protection rights from the Information Commissioner's Office (ICO) at https://ico.org.uk/for-the-public/

EXERCISING YOUR RIGHTS
In order to exercise your rights in relation to your personal data please make contact as follows:

Third party branded hotels:
In relation to bookings relating to DoubleTree by Hilton hotels within The QHotels Collection, please contact our QHotels Collection Privacy Team at [email protected]

In relation to bookings relating to the Delta by Marriott hotels within The QHotels Collection, please contact The QHotels Collection Data Privacy Team at [email protected]

Individual QHotels Collection hotels, marketing and other data protection queries
In relation to individual QHotels Collection hotels, marketing and other data protection queries, please contact our QHotels Collection Privacy Team at [email protected]

If you’d like, you can write to us at: Data Privacy, Chesford Hub, Kenilworth, CV8 2LD, United Kingdom (UK)

If you would like to request to exercise any of your rights or if you have any queries related to accessing your personal information, correction, or your rights under UK GDPR including requiring a copy of the information we hold on you, we will provide this normally free of charge and within one month, except such as where a request may be manifestly unfounded or excessive or the request is complex or repeated. Please contact our Privacy Team if you wish to exercise any of your rights by emailing us at [email protected] 

For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You may be asked to provide further information to identify yourself. This may include other identifying information, or documentation such as a driver’s license or passport, along with your request.

If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to our Privacy Team as indicated above.

All requests will receive a response as swiftly as possible and in accordance with applicable law.

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected] 

You can also complain to the ICO if you are unhappy with how we have used your data.

Details of their contact information can be found at https://ico.org.uk/global/contact-us/ or you can contact them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113 
ICO website: https://www.ico.org.uk

 

8. FURTHER INFORMATION 
We may change or update this Privacy Policy from time to time, to reflect how we are processing your data. If we make significant changes, we will make that clear on our website, or by some other means of contact such as email, so that you are able to review the changes before you continue to use our services.

If you want further information about this Privacy Policy then please send your request to our Privacy Team at [email protected]