DATA PROTECTION AUDITS LIMITED - PRIVACY NOTICE

INTRODUCTION

Data Protection Audits Limited, registered office 71-75 Shelton Street, London, England, WC2H 9JQ. Company registration number 10117616.

This privacy notice describes how we collect, use and store personal information about you during and after your business relationship with us, in accordance with the Data Protection Act 2018 / UK GDPR.

Data Protection Audits Limited is a “data controller”. This means that we are responsible for deciding how we hold and use and store personal information about you.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your personal information.

DATA PROTECTION PRINCIPLES

We will comply with all relevant data protection law (including the DPA 2018 / UK GDPR). This requires that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have informed you about.

6. Kept securely.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where the identity has been removed (anonymous data).

There are also “special categories” of sensitive personal data which require a higher level of protection.

We will collect, store, and use the following categories of personal information about you:

* Your contact information including name, address, email address, phone number. This may come from our webpage “contact us “ form, via email or any other action you use to contact us about our services.

* Payment card / bank account information when you purchase our services, which may be administered by third parties.

* Technical data which includes your IP address, login data and browser types when using our information and communications systems.

* Marketing & Communications data including your marketing preferences with us.

We do not routinely collect data from anyone under the age of 16. 

HOW YOUR PERSONAL INFORMATION IS COLLECTED

We typically collect personal information about you through our website online contact form, by social media and associated messages, email, phone calls, and cookies via the website.  

HOW WE WILL USE INFORMATION ABOUT YOU

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. For the purposes of billing

2. To enter into a contract with you and to provide the services under the contract

3. To inform you of news, events and promotions we feel may be of interest to you - based on the marketing preferences we hold about you.

We need all the categories of information detailed in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal and regulatory obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.

* Administering the contract we have entered into with you and providing our products and services to you

* Business management and planning, including accounting and auditing.

* Making arrangements for the termination of our contracting relationship.

* Dealing with legal disputes involving you, or any disputes that may arise under the contract that we have with you or the way in which we provide our products and services to you.

* To prevent fraud.

* To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.

* To conduct data analytics studies to review and better understand customer engagement and retention.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

IF YOU FAIL TO PROVIDE PERSONAL INFORMATION

If you fail to provide certain personal information when requested by us, we may not be able to perform the contract we have entered into with you (such as providing you with our services or guarantees), or we may be prevented from complying with our legal obligations (such as financial and tax reporting and insurance maintenance). 

SHARING YOUR INFORMATION

In order to provide our services to you and to comply with our legal obligations, it may be necessary for us to share some data we hold with the following: 

• Financial organisations, credit reference agencies. 

• Suppliers and service providers which may include data storage facilities, IT service providers such as cloud providers.

• Our own legal advisors.

DATA RETENTION

We will store your personal data for as long as we need to fulfil the purposes outlined in this Privacy Notice.  Some data will have a different retention period, for example billing information may be held for up to 7 years to comply with the Tax purposes.

If you have any questions in relation to our retention of personal data, please contact us at info@dataprotectionaudits.co.uk 

TRANSFER OF PERSONAL DATA OUTSIDE THE UK 

We may transfer your information outside of the country in which it was collected (including to countries where we have hotels under development or operation). Our core business systems, including our Property Management System, are located in data centres within the EEA and the US. 

Such transfers of data may be to a country which may not provide the same level of privacy protection as the UK. However, we will take reasonable steps to ensure that your personal data are adequately protected by using the appropriate lawful means.

If you are located in the UK or European Economic Area, you may contact us for a copy of the safeguards which we have put in place to protect your personal data in these circumstances.

MARKETING

We may wish to send marketing materials to you on the basis of our legitimate interest.  Where you have consented to marketing from one of our contact forms we will endeavour to adhere to the methods of marketing you have chosen. 

It is the right of the individual to opt-out of, or unsubscribe from, any marketing material.  Full details of how to do this will be included within each marketing communication.  You may also opt-out by contacting us at the above contact details.

YOUR DATA PROTECTION RIGHTS

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

There are eight rights available to you, but not all of them will apply to every situation.  It will depend on which lawful basis for processing we use to process your information. 

To action any of the below, please contact us at info@dataprotectionaudits.co.uk

Your Rights:

The right of Access. You may submit a Subject Access Request – this enables you to receive a copy of the personal information we hold about you.

The right of Rectification – this enables you to have any incomplete or inaccurate information we hold about you corrected.

The right to Erasure – this enables you to request us to delete or remove personal information when there is no good reason for us to continue processing it.

The right to be Informed – you have the right to be informed of how we will collect and use your data, most of the information you will need is in this privacy notice. 

The right to Object to processing – in certain circumstances, you have the right to request we suspend the processing of your data. 

The right to Restrict processing – you have the right to request that we limit the way we use your data, whilst we are not obliged to delete the data, we have refrain from using it. 

The right of Data Portability – you have the right to request the transfer of your personal data to a third party.

Rights in relation to automated decision making and profiling - you have the right not to be subject to a decision based solely on automated means including profiling.

Please contact us if you require more information on any of the rights available to you.

Right to Withdraw Consent – where we rely on consent to process your data, you have the right to withdraw this at any time, without giving reason. To withdraw your consent, please contact us using the above details   Once received, we will not process your data for the reasons you have agreed to, unless we have another legal basis for doing so.

We may need to ask for additional information to identify you when you make a request. Where possible, we will respond to your request within one calendar month of receiving it however, we may need longer than this but will inform you if this is the request. No fee is usually applicable however, we may apply an appropriate fee if the request is deemed to be excessive, or repetitive, or may not carryout your request of it is deemed excessive or repetitive.

COOKIE STATEMENT

What Exactly Are Cookies?

In order to collect the information as described in this notice, we may use cookies and similar technologies on our website.  A cookie is a small piece of information (text file) which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device, to remember information about you.

Cookie Consent and Opting Out.

When you arrive on our website, only the strictly necessary cookies will be installed and a banner is displayed at the bottom of the page, where you can manage your cookie preferences.  By consenting to accept all cookie types to your device (strictly necessary, performance, functional and targeting) we can deliver a more tailored and relevant Rocco Forte Hotels experience to you both on our sites, and across the wider web. If you do not accept any cookies then we will not enable any cookies, other than those that are strictly necessary for the operation of our website. However, if you choose to block all cookies, you may not be able to fully experience the interactive features of our website, our platforms and our services.

Some cookies may be set through our website by our advertising partners. They record your visit to our website, the pages you have visited and the links you have followed, and may be used by our partners to gain a greater understanding of your interests and show you relevant adverts on other sites. They do not directly store personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will continue to receive advertising, but this may be less targeted to your interests.

For more information on which cookies we use please see our Cookie Policy on our website.

CONTACT US

We reserve the right to update this privacy notice at any time. If you have any questions about this privacy notice, please contact us on info@dataprotectionaudits.co.uk   

HOW TO MAKE A COMPLAINT

If you have a complaint, we would like you to contact us first to see if we can help to rectify any issues, but you have the right to complain to the Information Commissioners Office (ICO). Their details are:

www.ico.org.uk/for-the-public/

The Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Phone number: 0303 123 1113

This Privacy Notice was last updated 09/04/2024