PRIVACY NOTICE

1. Introduction

This Privacy Notice outlines the types of personal data we may collect about you when you interact with us. It also explains how we store, handle and protect your personal data, and ensures that you, as a customer of The Beaumont, are fully informed of your rights.

The sections outlined below should answer any questions you may have. However if you do have further queries, then please do contact us at:

Post:

Data Protection Officer

The Beaumont Hotel Limited

8 Balderton Street

London W1K 6TF

United Kingdom

Email: dpo@thebeaumont.com

Telephone: +44 (0)20 7499 1001.

In using our website and receiving our services, you consent to the collection, use, disclosure, transfer and other processing of your personal data as set out in this privacy notice, subject to your rights set out below and in particular your rights to withdraw or modify your consent as described in paragraph 10 of this Privacy Notice.

2. Who is The Beaumont?

We are The Beaumont Hotel Limited (referred to in this privacy policy as "The Beaumont", "we", "us" and "our"). The Beaumont Hotel Limited is a private limited company registered in England and Wales at Brown Hart Gardens, London W1K 6TF (Company No: 8031843), t/a The Beaumont and The Colony Grill Room.

The Beaumont Hotel Limited operates The Beaumont Hotel, The Colony Grill Room and The Beaumont Spa.

The Beaumont Hotel Limited is the "controller" of any personal data for the purposes of the Data Protection Act 2018 (the "Act") and to the extent applicable the General Data Protection Regulation ("GDPR") that you provide to us in the course of purchasing products from us, using our services or otherwise interacting with us.

We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the Act and the GDPR.

3. Fair and Lawful Processing

We will only process your personal data where:

  1. you have given your consent to such processing (which you may withdraw at any time, as detailed below);
  2. the processing is necessary to provide our services through this website or otherwise perform our contract with you or to enter into a contract with you;
  3. the processing is necessary for compliance with our legal obligations;
  4. the processing is necessary for our legitimate interests or those of any third party (as detailed below) and such interests are not overridden by your requests.

By processing, we mean the collection, storage, recording, use, disclosure and any other form of operations or dealings with your personal data.

4. What personal data do we collect about you?

We process personal data of our customers or visitors to our websites for a number of different purposes, which are explained below.

"Personal data" means any information about an individual from which that person can be identified, such as your name and contact details. It does not include data where the identity has been removed (anonymous data).

In certain circumstances, as we set out below, it will be necessary for you to provide us with your personal data, to enable us to manage our operations, to provide goods and services to you or to comply with our statutory obligations.

In other circumstances, it will be at your discretion whether you provide us with your personal data or not. However, failure to supply any of the personal data we request may mean that we are unable to maintain or provide services or products to you.

We do not generally collect special categories of personal data unless it is volunteered by you or unless we are required to do so pursuant to applicable laws and jurisdictions. Special categories of personal data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We may process (with your explicit consent or in the case of certain data e.g. about allergies, in order to protect your vital interests or to comply with our statutory obligations) health data provided by you to improve your stay or to safely provide you with our services, e.g. mobility information and information you provide us with in the course of booking a spa appointment.

Restaurant Reservations and Private Dining

The following personal data is required in order for us to make a reservation at our restaurants or at a private dining room:

  1. Reservation Name; and / or
  2. Telephone Number and / or Email Address.

In order to provide exceptional customer service and to improve your dining experience, or in order to comply with our statutory obligations or to protect your vital interests, we may also collect and process additional personal data, including the following:

  1. Special occasions - birthdays, anniversaries and that of your guest(s)
  2. Seating preferences
  3. Allergies or food intolerances
  4. Food & beverage preferences
  5. Personal connections to other customers or staff
  6. General preferences
  7. Previous booking history
  8. Any publicly available information - e.g. job title, company where you work, name of spouse, photograph
  9. Encrypted credit card information
  10. Mobility requirements

For online reservations at our restaurants, we use the third party booking engine SevenRooms and you will be directed to the SevenRooms website when making a booking online. Please refer to the section below "Who do we share your data with?" for more information.

Room Reservations

We need the following personal data in order for you to make a reservation at our hotels:

  • Reservation name
  • Email address
  • Telephone number
  • Date of birth
  • Mobility requirements
  • Passport number
  • Encrypted credit card information
  • Stay history (that is, details as to whether you have stayed with us before)
  • Arrival/departure date and time
  • Relevant travel information
  • Occasion for visit
  • Contact information of the person making the reservation

In order to provide exceptional customer service and to improve our customers' stay and dining experiences, or in order to comply with our statutory obligations or to protect your vital interests, we may ask you for and process additional personal data, including the following:

  • Special occasions - birthdays, anniversaries of the customer and any guests
  • Room preferences
  • Allergies or food intolerances
  • Food preferences
  • Personal connections to other customers or staff
  • Any publicly available information - e.g. job title, company where you work, name of spouse, photograph
  • General preferences

For online reservations at our hotels, we use the third party booking engine Synxis from Sabre GLBL Inc and you will be directed to the Synxis Inc Website when making a booking online. Please refer to the section below "Who do we share your data with?" for more information.

Spa Appointments

The following personal data is required in order to make a spa appointment at our hotels:

  • Customer name; and / or
  • Telephone number and / or email address.

When you attend the spa for your appointment, you will be asked to complete our "Health Assessment Form". The information you provide on that form, which includes special categories of personal data (in particular, information about your health) and the emergency contact information you provide, may be used by the hotel in order to ensure your safety when using the spa services, and in particular in the event of an emergency. It is entirely up to you whether to complete the Health Assessment Form, however, in the event that you choose not to do so we will not be able to offer and provide you with the spa services. We require the information on that form to conduct the spa services safely (i.e. to protect your vital interests). The information you provide will only be used for that purpose, will be stored as is set out in section 9 of this Privacy Notice and will not be provided to any third parties.

e-Commerce and Retail

The following personal data is collected and processed by us in order to provide e-commerce and retail services to you:

  • Name
  • Postal address (billing and delivery addresses (if different))
  • Telephone number
  • Email address
  • Credit/Debit Card details
  • Name of recipient (if a gift)
  • Delivery address, telephone number and email address of recipient (if a gift and if applicable)

This personal data may be shared with trusted third parties as processors (as detailed in the Act and GDPR) in order to carry out any necessary services for us, including shipping, fulfilment, and personalisation for a given order transaction. Please refer to the section below "Who do we share your data with?" for more information.

5. How do we capture your personal data?

We usually collect personal data from the information you submit during the course of your relationship with us. We use different methods to collect data from and about you, including through:

Direct Interactions:

You may give us your identity, contact and financial data by filling in forms or by communicating with us by post, phone, email or otherwise. This includes personal data you provide when you make reservations, bookings or order at the hotel, restaurant, and spa. Such reservations / bookings can be made in the following ways:

  • Online
  • Phone
  • Email
  • In person
  • Via a third party (person or company), such as a travel agency
  • Through social media - if you choose to interact with us

You may also give us your personal data when you request marketing to be sent to you, enter a competition, promotion or survey, or give us feedback or contact us.

Third Parties or Publicly Available Sources

We may also use, collect and process publicly available information that we believe could be relevant to your reservations, bookings, orders or other interactions with us. We typically search engines like Google or Social Media (eg LinkedIn) to collect this information.

We do not knowingly collect personal data from children under the age of 13. If we learn that we have collected personal data from a child under the age of 13 without parental consent, we will take steps to delete that personal data as soon as possible.

6. What is your personal data used for?

We will only use your personal data for purposes for which the law allows us. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you (please refer to the "Business Services" section below for more information).
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (please refer to the "Marketing and Communications" section below for more information).
  • Where we need to comply with a legal or regulatory obligation.

Business services

We use the personal data you have provided us in order to:

  • Confirm, amend or cancel bookings, appointments and/or orders you have placed;
  • Communicate with you in regards to future or past bookings and/or orders you have placed;
  • Provide exceptional customer service and to improve your and your guests' experiences at our restaurants, spas and hotels.

We use personal data so that our employees can familiarise themselves with you and your guests in order to provide better services to you. The data you provide allows us to ensure that this can be achieved in the best possible way.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Marketing and communications

As our customer, we would like to send you marketing communications from time to time to check the quality of our services to you or to inform you about our restaurants, spas and hotels; including new openings, developments, events and partnerships, and other services we think may be of interest to you, in the form of email newsletters.

We will send you such communications either because you are a recent customer of ours or because we have obtained your consent to do so. You have the right to unsubscribe from these marketing communications from us at any time by clicking on the unsubscribe link which will be made available to you in each communication, or by emailing us at any time at dpo@thebeaumont.com.

7. Who do we share your data with?

We work with a number of trusted and contracted third parties in order to be able to provide our goods and services to you. These third parties include (but are not limited to) those who provide services to us for the delivery of goods, restaurant, hotel and spa hotel bookings and business systems providers.

We do not share, rent, trade or sell your personal data to third parties for marketing purposes or for any purposes other than those explained in this Privacy Notice, without your prior consent. We do not purchase personal data from third parties.

We may transfer your personal data in the ways set out in this notice, and, in particular, to the following third parties:

  • any group company of The Beaumont Hotel Limited;
  • suppliers and service providers (including information technology providers, such as website and mailing list hosts, marketing service providers, booking and reservation systems, and payment processing companies). In particular, we use
  • companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;
  • any third party to whom we assign or novate any of our rights or obligations;
  • any potential or actual buyers of, investors into or lenders to our business or any of our assets, or any of the advisors or representatives of the above;
  • our auditors and professional advisers (bankers, lawyers, accountants and insurers);
  • to travel agents who you use to making bookings, reservations or order products or services from us; and
  • when we believe it is necessary to comply with the law, regulation or legal request (including a court order or police or government inquiry), for example CCTV for the protection and wellbeing of our customers and employees and certain location based data (e.g. data from your room keycards and other entry passes); to enforce or apply our terms of use or other agreements; in the context of a company reorganization or restructuring exercise, to protect the rights, property or safety of the Beaumont Hotel, our personnel, our guests or others.

We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law (including the Act and the GDPR). We do not allow our third party service providers to process your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our written instructions.

Some of our external service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA (and where such data is transferred it may be accessed in or stored in those countries). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Where we use certain service providers, we may use specific contracts approved by the European Commission or the UK Information Commissioner which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

8. How do we protect your personal data?

The security of your personal data is equally as important to us as it is to you. With this in mind we will treat your data with the utmost care and take all necessary steps to protect it. We will implement and maintain appropriate technical and organisational measures to ensure a level of security commensurate with the risks involved and appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Our websites use encrypted 'https' technology and access to your personal data is password protected, and sensitive data (such as payment card information) is secured by SSL encryption and tokenisation.

We carry out vulnerabilities assessments and penetration testing to identify ways to further strengthen our information security.

9. How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Any Health Assessment Form you provide will be kept by us in hard copy only at the reception of the Spa, for a period of 6 months. After that the hard copy form will be retained in a locked file for a further 3 year archival period, and then it will be securely disposed of.

In some circumstances you can ask us to delete your data (see the section "Your Rights" below for further information) and in some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. Your rights as a customer of The Beaumont

In accordance with the Act and the GDPR, you have the right to:

  • require us to rectify the personal data we hold about you, where that data is incorrect or incomplete;
  • require that we restrict the processing of your personal data in certain circumstances;
  • request access to the personal data that we hold about you;
  • require that, in certain circumstances, we erase the personal data we hold about you;
  • require that we provide you with the information that we hold about you in a structured, commonly used and machine-readable format;
  • have the data we hold about you transferred to another organisation;
  • object to certain types of processing such as direct marketing; and/or
  • withdraw your consent to our processing your personal data at any time.

We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.

In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.

We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal data, and for any additional copies of the personal data you request from us.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), and the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. Please email dpo@thebeaumont.com.

11. Cookies

As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns by using cookies.

We use cookies on our site in order to preserve the information stored as you add items to your order, to maintain your order history and to measure the site activity, so we can identify which pages are visited most frequently. We use this information to ensure we guarantee you the most efficient and enjoyable website visiting experience.

You can set your browser to stop cookies or to let you know when cookies are being sent, however this may disable some or all of the functions of the site and may prevent you from being able to use it as you would like.

You can view our full Cookie Policy here.

12. Third Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

13. How we update or change this Privacy Notice

We may change or update parts of this Privacy Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this Privacy Notice on this website. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Privacy Notice when you use our products and services to ensure that you are fully aware of any changes or updates.

Last Updated: 27 November 2018