What is the purpose of this document?
Ilkley Riverside Hotel is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR). It applies to everyone whose personal data we process in our capacity as “data controller” for Ilkley Riverside Hotel, with the exception of our employees, workers and contractors.
We are Ilkley Riverside Hotel. We are registered in England our registered office address is Riverside Gardens, Bridge Lane, Ilkley, LS29 9EU, which is also our trading and contact address.
This notice is not contractual and we may update it at any time.
Data protection principles
We must comply with the principles relating to processing of personal data set out in the GDPR which, in summary, state that personal data shall:
- be processed fairly and lawfully in a transparent manner;
- be collected for specific, explicit and legitimate purposes and not be processed in any manner which is incompatible with those purposes;
- be adequate, relevant and limited to what is necessary for that purpose;
- be accurate and kept up to date where necessary, with every reasonable step being taken to ensure that personal data are accurate, having regard to the processing purpose, and are erased or rectified without undue delay;
- be kept in a form which permits identification of data subjects for no longer than is necessary for that purpose;
- be kept secure, safe from unauthorised access, accidental loss, damage or destruction; and
- be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction of damage, using appropriate technical or organisational measures.
Our collection, use and transfer of your data
Ilkley Riverside Hotel clients
In order to provide our services, we need to collect, store and review. This information is provided by you. The type of data we hold is usually just your name and work contact details.
In order to comply with our own legal obligations, we might also need to provide personal data to HMRC or regulatory bodies.
Our banks, accountants, auditors and insurers are also entitled to obtain specific data on request as part of our compliance checks and legal obligations, although they rarely need specific personal data.
Users of our website are asked for the following information when they sign up: name, email, phone number, message. This information is used by us to address your questions and queries.
If you apply for a job with us, we will keep your name, contact details, covering letter and CV and may use these to contact you about applicable jobs.
Special category personal data such as health information
“Special categories” of particularly sensitive personal information, such as information about a person’s health or sexual orientation, require higher levels of protection. We may collect, store and use this information if you provide it to us and consent to us using it for a specific purpose, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. We may collect, store and use information about your health where it is useful to ensure your safety whilst you are in our offices.
We do not envisage collecting, storing or using special category data.
We will not store or use information about any criminal convictions and offences, unless you have provided your consent to it.
Any personal data may be held and used for establishing, exercising or defending legal claims.
We may share your personal information in the context of our legitimate interests in a possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.
Use of our website
We keep a record of traffic data which is logged automatically by our server, such as your IP address, the URL you visited before ours, the URL you visit after leaving our site and which pages you visit, but not in a way that identifies any individual.
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Transferring information outside the EU
Our client information is stored locally, on our premises.
We also use cloud providers such as Google for hosting, staging, back-up and monitoring services. As these companies are US-based, your data may be transferred to the US as part of this service, but there are adequate safeguards in place as all of these organisations are self-certified to the Privacy Shield. Liquid Web may transfer your data outside of the EU and the US but only where appropriate safeguards are in place in the form of standard approved contractual clauses.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please telephone 01943 607 338, e-mail email@example.com or write to us at FAO Data Protection Manager, Riverside Hardens, Bridge Lane, Ilkley, LS29 9EU. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will we use your information for?
Ilkley Riverside Hotel users
We hold client-based personal data for up to seven years after the termination of our services, in order to cover any legal or tax issues that arise afterwards.
We will hold your personal data until we are satisfied that there is no longer any purpose for retaining it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you apply for a job with us, we will keep your name, contact details, current salary and CV on file for up to six months, although we may delete it before then if we do not anticipate any need for recruitment applicable to you within this time.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Rights of access, correction, erasure, and restriction
You have a number of rights under the GDPR:
- the right to access personal data we hold;
- the right to object to us processing your personal data;
- the right to restrict our processing; and
- the right to ask us to transfer your personal data to another organisation.
These are not absolute rights and are subject to specific conditions and depend on our processing purposes. If you are interested in using any of these rights, please contact our Data Protection Manager for more information.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
If you are unhappy with any aspect of our processing of your personal data, we ask that you talk to us about it first and discuss your concerns with our Data Protection Manager. If you are not satisfied with the outcome, you may lodge a complaint with the Information Commissioner’s Office.