Privacy Policy

Andras Hotel - Privacy Policy

This Privacy Policy sets out how we collect and use your personal information and what your individual data protection and privacy rights are. 

Who is Responsible for Processing Your Personal Data?

Andras House Ltd is the Data Controller. This is the legal entity responsible for how your personal data is collected, stored and processed.

Andras House Ltd operates several different businesses to which this privacy policy relates. These brands are Holiday Inn, Holiday Inn Express, Ibis City Centre, Ibis Queens Quarter, Crowne Plaza, Cordia Serviced Apartments.

Managing Your Personal Data

When you share your personal information with us, you have a right to expect that information to be treated with total confidentiality. Therefore, it is our responsibility to manage your personal data that you provide to us with care and in accordance with all data protection legislation and industry best practice.

Whether you have supplied your personal details in person, online, by phone, by email or in a letter, we will never use them without a lawful reason to do so. We will use your personal data for the purposes for which they were initially requested and as fully explained in this Privacy Policy.

It is your responsibility to ensure that your personal data provided to us is accurate and up to date.

Using Your Personal Data During and After You Have Used a Service

When you stay at any of our hotels, we are legally obligated to request certain information and retain this for our records as per the requirements of The Tourism (Northern Ireland) Order 1992. 

We will hold your personal data which you have provided to us in two forms:

  • A database system will retain your booking information for a minimum of 12 months and serve as a Visitors Register.
  • We will retain your booking form in paper format for a minimum of 90 days after which stage it will be securely destroyed.

What Personal Data is Collected

At various times, we will be obliged to ask you, as an Andras House customer, for information about you and/or members of your family, such as:

◦ Contact details (for example, last name, first name, telephone number, email)

◦ Personal information (for example, date of birth, nationality)

◦ Information relating to your children (for example, first name, date of birth, age)

◦ Your credit card number (for transaction and reservation purposes)

◦ Your membership number for brand loyalty programmes

◦ Your arrival and departure dates

◦ Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, interests)

◦ Your questions/comments, during or following a stay in one of our establishments.

We may collect information regarding minors or vulnerable adults during your stay for safety purposes. We will request this from you on arrival and use only for this purpose. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet).

 

When is your data collected

Personal data may be collected on a variety of occasions, including:

Hotel activities:

  • Booking a room, an event, a conference or a meal at the hotel
  • Checking-in and paying
  • Requests, complaints and/or disputes
  • Participation in marketing programmes or events:
    • Signing up for loyalty programmes
    • Participation in customer surveys (for example, the Guest Satisfaction Survey)
    • Online games or competitions
    • Subscription to newsletters, to receive offers and promotions via email
    • Transmission of information from third parties: Tour operators, travel agencies, GDS reservation systems, and others
    • Internet activities:
      • Connection to Andras House websites (IP address, cookies)
      • Connection to hotel Wi-Fi networks
      • Online forms (online reservation, questionnaires, Andras House pages on social networks, network login devices such as Facebook login etc.).
      • We may use your personal data for all general service communications including sending your statement & booking confirmation. We may need to do this for the performance of the contract.

 

Processing Card Payments

We process all card payments in line with our obligations under the PCI-DSS regulations.  Whenever you provide your card details to us either online or over the phone, we will encrypt the payment details before sending to our card payment and banking provider.  If you pay over the phone, we will mask any card data that you provide so that this is not visible to our customer advisors as well as stopping card data from being recorded in our Call Recordings.  This is regularly monitored for quality assurance as part of our PCI-DSS obligations.

Any card details provided by customers via paper order forms, such as Third-Party Authorisation forms will be immediately, and securely, destroyed once processed.

If you have any queries or complaints with regards to the operation of your credit card, please contact the hotel directly in the first instance so we can deal with your complaint as quickly as possible.  We will need to access your personal data and account history to verify your identity for security reasons and deal with the details of your complaint.  Details of any complaints received will be logged and recorded so they can be dealt with accordingly.

 

Using Your Personal Data for Direct Marketing Purposes

We may use Personal Information in a variety of ways, including:

  • To provide the services you request, such as to facilitate reservations, send confirmations or pre-arrival messages, to assist you with meetings, events or celebrations, and provide you with other information about the area and the hotel at which you are scheduled to stay.
  • To complete and fulfil your reservation and stay, for example, to process your payment, ensure that your room is available, and provide you with related customer service.
  • Relating to any Rewards programme. If your Rewards number is applied to another person's room reservation, or if you make a reservation for another person and provide your email address for that reservation, that person's bill will be transmitted to your email address as well. It is your responsibility to inform that person that his or her bill will be emailed to you when your Rewards number or email address is attached to his/her reservation unless he/she makes alternative arrangements with a front desk during the stay.
  • To send you administrative information, marketing communications, promotional offers, periodic customer satisfaction, market research or quality assurance surveys.
  • To personalize your experience when you stay in one of our hotels.
  • To allow you to participate in sweepstakes, contests and other promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Information. We suggest that you read any such rules carefully.
  • For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including using closed circuit television, card keys, and other security systems), developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

The brand associated with your Rewards scheme may also use Personal Information relating to loyalty programs to:

  • Send you information regarding your account status and activities;
  • Assess the benefits to which you are entitled;
  • Administer points earned;
  • Manage your choices regarding how you wish to earn points and track your points and transaction activity.

Obtaining Your Consent

We will obtain your consent to send you details of our latest products and promotions via Email Marketing in a few ways.  We will obtain your consent when you register your details with us, sign up to our email newsletters, enquire about a service, or enter a competition. We hold your personal data for the purposes of direct marketing to you for a minimum period of two years from the date of last contact. If you continue to use our services you will remain on the list until you request to be removed. You can unsubscribe at any time by clicking the link in any email correspondence.

Email Marketing

We would like to keep you informed about our latest product offers and promotions using the email address you provide to us.  To do this, we will ask you to opt-in to receive marketing emails when you first register for Wi-Fi at one of our hotels, sign up to our email newsletters, enquire about a service, or enter a competition. You can unsubscribe at any time by clicking the link in any email correspondence.

Telemarketing

We will not use your telephone number to market to you. We will request your telephone number for contact related specifically to the service provided.

Direct Mail

We may use your name and address to send you personalised marketing mails in the post.  We have a legitimate business interest to send you information about our products and offers in the post as we know that many of our customers like to browse through brochures or offers prior to booking with us. 

Social Media

We will use social media platforms to send you online targeted marketing information about our product offers and promotions.  We have a legitimate business interest to share product information via social media which we believe is of relevance to you; to do this we use paid services offered by various platforms, as well posting on our business page. Should you wish to exercise your right to stop seeing posts from the business page you can unfollow the page.  For paid targeted marketing, you should review the privacy settings on your social media account. 

Third Party Marketing

We will not share your personal data with third party companies for the purposes of marketing their products and services to you.

Changing Your Marketing Preferences

You can change your marketing preferences for Email Marketing at any time by clicking unsubscribe in the body of the email sent to you;

You can exercise your right to object to Direct Mail by contacting the Data Privacy Officer using the contact information below.  

You can exercise your right stop seeing Social Media at any time by unfollowing or unsubscribing to the business page. For paid targeted services online, you will need to contact the relevant platform to adjust your privacy settings.

Please allow 5 working days for your changes to be processed.  You may still receive direct marketing materials that are already processed before we received your request for up to 2 weeks.

Using Your Personal Data to Improve Your Hotel Experience

We want to make sure that we only contact you with online content that you will find relevant and interesting.  For this to work effectively, we collect information about your browsing activity using Cookies when you are using our websites.  We have a legitimate business interest to use the aggregated and anonymised data obtained via cookies and other data sources to help us provide you with relevant product marketing and improve your online shopping experience. When you view any of our websites you will be given the option to accept the use of cookies.

Using Your Personal Data to Open Rewards & Loyalty Schemes

When you book a room with us, we will ask you if you would like to opt in for a reward or loyalty scheme with the brand. These schemes are managed by the brand of hotel not directly by Andras House Ltd.  Should you wish to opt out or modify your marketing settings you can log in to your personal reward account to change these or close the account.

 

 

Using Your Personal Data to Improve Our Services

As a valued customer, we may use your personal data to contact you by email after you have used one of our services to ask you to take part in a customer satisfaction survey.  We will share your personal contact details with our brand partners who may carry out these service improvement programmes on our behalf.  We have a legitimate business interest in contacting our customers in this way and will always treat your involvement in any service improvement programme, and associated personal data, in confidence.

Should you not wish to participate in our service improvement programme, you can simply ignore or decline to participate at the point of contact.

Social Media

We actively use social media platforms as a way of connecting, and getting closer, to our customers to hear and understand what our customers think about us and our products and services.  Occasionally, we may contact you directly via those social media platforms if we would like to share your comments or pictures with other customers or publish them in our marketing materials.  We will always ask you if you are happy for us to use your data in this way and will keep any data that you provide to us, such as email address, confidential and secure.

Using Your Personal Data to Process Insurance Claims

In the event that you need to make a claim against us, whether that be a product issue or personal injury claim, we will use your personal data and any supporting evidence that you provide to us to process your claim, including sharing this with our chosen insurance companies.  From time to time where a claim is outside of our insurance policy, we may also need to engage with external lawyers and share your personal data with them.

Processing Your Personal Data Outside of the EU

Your data may be transferred outside the European Economic Area (the EEA) to prevent fraud, for credit searches and with our outsourced IT partners and contact centres.  In some cases, countries outside the EEA may not have such well-developed data protection laws as those in the EEA. However, we will put in place measures and safeguards that require your personal data to be kept secure, confidential and to be processed only and strictly in line with the terms of this Privacy Policy and any relevant data protection laws.

CCTV Recording and Access Requests

CCTV is in operation throughout all hotels for safety and security purposes.  Recorded images are viewed in a restricted area and the monitoring or viewing of images is restricted to authorised personnel. CCTV image storage time varies, therefore the availability of recordings is not guaranteed.  Disclosure of information from surveillance systems is controlled and consistent with the purpose(s) for which the system was established.  When disclosing surveillance images of individuals, particularly when responding to subject access requests, consideration will be given on whether the identifying features of any of the other individuals in the image need to be obscured - this will depend on the nature and context of the request.

Individuals whose information is recorded have a right to be provided with that information or view that information upon formal request. We have discretion to refuse any request for information unless there is an overriding legal obligation, such as a court order or information access right request, or if the request is not consistent with the purpose(s) for which the system was established.  Judgements about disclosure will be verified by a legal representative. We may require further information from you to validate your identity after which point, information requests will be provided promptly and within no longer than 40 calendar days of validating the request.  Once we have disclosed information to another body, they become the data controller for the copy they hold. It is their responsibility to comply with the DPA in relation to any further disclosures.

To submit a request for CCTV access please contact the Data Privacy Officer using the details below.

 

How to Contact Us

If you have any questions, comments or complaints about this Privacy Policy or our use of your personal data, please contact us at:

Data Protection Officer, 60 Great Victoria Street, Belfast, BT2 7BB

Email: Privacy@andrashouse.co.uk;  Tel: 00 44 (0) 2890878797

 

Your Personal Data Rights

Right of Access

You may wish to access a copy of the personal data we hold about you - known as a Subject Access Request.  You can do so by ringing, writing to or emailing the Data Protection Officer using the details above. We will respond to your Subject Access Request as soon as possible and, in any event, within the statutory 30 days.  However, if we need more information from you to verify your identity, which we must do to ensure we disclose your personal data to the right person, the 30-day response period will only commence from the time that we have validated your identity.

Please be aware that for security reasons we do not usually provide details of any bank details that we hold against your account(s).  Please speak to the Data Protection Officer should you need this additional information.

Right of Rectification

If you believe we have made an error as to the personal data we hold about you, please speak to any agent within the relevant hotel(s) who can rectify this for you.   Should you wish to discuss this matter further, please contact the Data Protection Officer.

Right of Erasure

You have the right to request your personal data to be permanently deleted from our records and systems to avoid any further communication with you.  Your request will always be considered in light of the legal bases that we hold, store and process your personal data and the purpose that we collected your data.  Where the legal bases permits, we will carry out your instruction without undue delay.  Please note, however, that where we have a legal or contractual obligation to hold your personal data, we may not be able to carry out your request but we will explain this fully to you.  Please address any request to delete your data to the Data Protection Officer using the contact information above.

Right to Restrict Processing

Should you believe that we are processing your personal data in a way that you did not understand or agree to and wish to restrict such processing, please speak to the Data Protection Officer who will be able to carry out a review and make any necessary adjustments.

Right to Object to Processing

You have the right to object to certain types of processing of your personal data.  We will always make it clear at the outset of any new arrangement with you how we are going to process your personal data.  Should you wish to object to such processing, we will give you the option to opt out.  However, should you wish to discuss this matter further, please speak to the Data Protection Officer.   

Right to Portability

Due to the restricted design of the hotel databases it is technically feasible to extract and transfer information to another party. In the event, that you wish to move your personal data that we hold on you to another organisation, please contact the Data Protection Officer who will be able to advise.

Right to be Informed

You have the right to be informed about the collection and use of your personal data. This is commonly known as a 'privacy statement' or 'privacy policy'. We will provide you with the information about how we collect and use your data in various means, such as by 'just in time' notice provided to you at the time of collecting your personal data and via this Privacy Policy.  Our Privacy Policy is regularly reviewed in line with our business processes.  Any changes to this Privacy Policy will be communicated via email, updated on our various websites and a printed copy will be available at each of our hotel locations.  You can ask for a printed copy of our Privacy Policy by contacting the Reception of the hotel or by contacting the Data Privacy Officer.

Right to Complain to the Information Commissioner's Office (ICO)-

You have a right to lodge a complaint with the Information Commissioner's Office (ICO) if you have a complaint with how you believe your personal data has been handled.  For more information, please visit https://ico.org.uk/concerns