Privacy Policy

Castlebridge Hospitality values the privacy of our guests, partners, and visitors. We are committed to handling and processing personal data in compliance with the UK GDPR, the Data Protection Act 2018, and relevant regulations. This Privacy Policy provides a transparent overview of how Castlebridge Hospitality collects, uses, shares, and safeguards personal information when providing our hotel management services.

1. Data Controller and Data Protection Officer

Castlebridge Hospitality, acting as the data controller, is responsible for ensuring that personal data is managed in line with legal requirements. If you have questions or require further information about how we handle your data, please contact our Data Protection Team at [email protected].

2. Types of Personal Data Collected

Castlebridge Hospitality may collect the following categories of personal data:

– Identity Information: Full name, title, date of birth, and identification details
– Contact Information: Postal address, email address, phone numbers
– Financial Information: Credit/debit card details, billing information
– Booking and Reservation Information: Check-in/check-out dates, room preferences, special requests
– Guest Interaction Data: Feedback, reviews, and survey responses
– Website and Online Activity Data: IP address, browser type, and cookies for website experience enhancement

This data may be collected when you book a stay, sign up for newsletters, use our facilities, participate in loyalty programs, or interact with our website.

3. Purposes of Data Processing

We process personal data for specific purposes to provide our services and meet legal and operational obligations:
– To Manage Reservations: Processing and managing room bookings, handling cancellations or changes
– Service Customisation: Catering to specific guest preferences (e.g., dietary requirements, room arrangements)
– Marketing Activities: Sending promotional offers and information about our services with consent
– Legal and Regulatory Compliance: Adhering to tax, anti-fraud, and other legal requirements
– Operational Improvement: Analysing customer feedback to enhance service offerings

4. Legal Basis for Processing

Castlebridge Hospitality processes personal data based on the following legal grounds:
– Contractual Necessity: Processing necessary to fulfil booking and service agreements
– Legal Obligation: Compliance with applicable laws (e.g., tax laws, health and safety regulations)
– Consent: For marketing purposes or optional services
– Legitimate Interests: To enhance and provide personalised services while safeguarding privacy

5. Data Sharing and Transfers

Personal data may be shared under strict conditions:
– With Service Providers: Partner organisations, such as booking platforms and payment processors, to facilitate transactions
– Authorities: Disclosure to regulatory or law enforcement bodies when legally required
– International Data Transfers: When necessary, personal data may be transferred outside the UK with adequate safeguards, including Standard Contractual Clauses, to ensure compliance with data protection standards.

6. Data Security

Castlebridge Hospitality implements a range of security measures to protect personal data, including:
– Physical Security: Secure facilities and restricted access areas
– Technical Measures: Firewalls, data encryption, secure servers, multi-factor authentication
– Access Controls: Restricting data access to authorised personnel based on the principle of least privilege
– Regular Security Audits: Conducting periodic reviews and audits to maintain security standards

7. Data Retention

Personal data is retained only as long as necessary:
– Booking and Service Records: Retained for up to seven years for legal and operational purposes
– Marketing Data: Retained until consent is withdrawn
– Financial Data: Stored for the duration required by financial regulations (typically six years)
Data is securely deleted or anonymised once retention periods have elapsed, in line with our data retention policy.

8. Your Rights

You have certain rights regarding your personal data under GDPR, including:
– Right to Access: Obtain confirmation of whether your data is processed and access to personal data held
– Right to Rectification: Request correction of inaccurate or incomplete data
– Right to Erasure (‘Right to be Forgotten’): Request deletion of personal data in certain circumstances
– Right to Restriction of Processing: Limit processing where data accuracy or processing grounds are contested
– Right to Data Portability: Request a copy of personal data in a structured, machine-readable format
– Right to Object: Object to processing based on legitimate interests or for direct marketing purposes

To exercise your rights, please contact us at [email protected].

9. Cookies and Tracking Technologies

We use cookies to improve user experience, enhance website functionality, and gather analytics. Cookie data may include:
– Strictly Necessary Cookies: Essential for website functionality
– Performance Cookies: Collecting information about website usage to improve user experience
– Functional Cookies: Remembering choices you make (e.g., language preferences)
You can manage cookie settings in your browser at any time.

10. Updates to This Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in legal requirements or our services. Significant changes will be communicated on our website or via email where possible.