Privacy and Cookie Policy

The Purpose of this Notice

In this privacy notice we explain how we will process your personal information obtained through your use of our website https://www.countycarlisle.com/ and through other interactions with you, for example, when you visit our social media pages, when we supply our goods and/or services to you, though our sales and marketing activities.

If you wish to learn how we process personal data of residents, employees, and leisure club members obtained, please contact [email protected]

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data, and what data protection rights you have.

About County Carlisle Hotel

County Carlisle Hotel  is owned by The Cairn Hotel Group. County Carlisle Hotel is part of a family-run hotel group with over 60 years of experience in the hotel services industry. This Website and Marketing Privacy Notice is intended to cover the data collected when you sign up to marketing newsletters via our website, when you complete our online enquiry form, cookie tracking via our website, use of third-party bookings and other data capture via our website.

What Does This Notice Cover:

  1. Who We Are and How To Contact Us
  2. Data Protection Legislation
  3. Personal Data We Collect
  4. How We Collect Personal Data
  5. How and Why We Use Personal Data
  6. Marketing
  7. Who We Share Personal With
  8. International Data Transfer Outside The United Kingdom
  9. International Data Transfers if you are Based in the European Economic Area
  10. How Long we Keep Personal Data
  11. Your Rights
  12. Information Security
  13. Complaints
  14. Changes to this Privacy Notice

 

  1. Who We Are and How To Contact Us

When we say we, us or our in this privacy notice, we mean County Carlisle Hotel, a company incorporated and registered in England and Wales with company number 01958222 and whose registered office is at CHG House, 31-40 West Parade, Newcastle Upon Tyne, NE4 7LB.

For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.

Our Data Protection Officer is Richard Warren. You can contact him at [email protected].

  1. Data Protection Legislation 

We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the UK General Data Protection Regulation, the UK Data Protection Act 2018 and other UK privacy laws (together UK Data Protection Legislation).

If you are based in the European Union, then our use of your personal data is also subject to the EU General Data Protection Regulation and other EU privacy laws (together EU Data Protection Legislation). (together Data Protection Legislation).

When we say Data Protection Legislation in this notice, we mean both the UK Data Protection Legislation and the EU Data Protection Legislation.

  1. Personal Data We Collect

Personal data means information which relates to an identified or an identifiable individual.

Identify Data:

first name; last name; user name

Contact Data:

address; email; telephone number;

Financial and Transactional Data:

payment card details; details of orders made and processed; details of payment received/made; details of invoices received/issued;

Contract Data:

details of your contracts with us

Usage Data:

products purchased and prices paid; how you use and navigate our website and our social media pages; services you signed up to; events you attended or expressed interest in;

Profile Data:

information about you that you provide in your profile/account on our; your interests and preferences; posts and materials you upload onto our website;

Advertising Profile Data:

interests; preferences; feedback and survey responses; assumptions about your predicted buying behaviour and interests based on the usage data collected by us, non-personal data and personal data held about you by our advertisers such as Facebook, Google;

Professional Data:

job title; name of business or organisation; professional credentials; professional contact details;

Communication Data:

details of enquiries submitted by you through our website, app or emailed to us; information obtained through networking;

IT Data:

logins and usernames to our portals; encrypted passwords;

Technical Data:

your IP address; your general geographic location based on your IP address; your time zone setting; the type of device you use and its operating system and version; your browser type; the platform you use and other technology on the devices you use to access our website; the pages you view on our website and how you interact with that content; advertising identifiers (such as those on mobile devices, tablets and streaming media devices that include such identifiers)

Special Categories of Data

We do not routinely collect any special categories of personal data about you (meaning information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health, and genetic and biometric data), nor do we collect any data relating to criminal convictions and offences.

Children’s Data

We do not provide goods/services directly to children however we may collect their personal data as we do accept hotel bookings/ leisure club membership sign ups made by a parent or guardian on their child’s behalf. For further information on how we process data related to children, please contact [email protected]

Anonymised Data

We may also collect, use, and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website and/or app to calculate the percentage of users accessing a specific website and/or app feature.

  1. How We Collect Personal Data

We collect most of this information from you direct. However, we may also collect information from other sources.

Your Use of Our Website and Services 

when you create an account on our website; when you use our website services; when you buy our products or services; when you submit an enquiry or feedback to us or complete our survey; when you sign up to our mailing list; when you submit any information or materials on our website

Your Use of our Social Media Pages

when you follow, post on, or interact with our post on our Facebook/Instagram/other social media page

Direct Interactions With You

when you contact us (e.g. by phone or email); when you participate in our user research activities (e.g. provide us with feedback or respond to our questionnaires); when you network with us (e.g. provide us with your business card or contact us via our social media); when you register interest in our products or services.

From Publicly Accessible Sources

your website; your profiles on social media platforms (e.g. LinkedIn, Facebook, Instagram); professional networking groups and databases.

Third Parties

from another organisation or professional who told us that you would like to hear from us; or if you visit our website by clicking on our advertisement on social media or another website or app.

Automated Technologies or Interactions

as you interact with our website and advertisements, we may automatically collect technical data (as described in section The personal data we collect above). We collect this personal data by using cookies, server logs and other similar technologies. For further details, please see our [insert link to Cookies Notice).

  1. How and Why We Use Personal Data 

Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example: consent, contact, legitimate interests, or legal obligation.

Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:

  • place cookies and similar tracking technologies on your device including third-party cookies (for further details please see our [insert link to Cookies Notice];
  • send you our newsletters or other electronic marketing communication if you are our existing customer or if you request or expressly agree to receive such communication;
  • use your information for the purpose of profiling for marketing or other purposes (for example, all details and demographics captured in google analytics);
  • send you invites to our marketing events; and
  • share your details with a third party for marketing purposes.

Where your permission is required, we will clearly ask you for such consent separately from the body of this privacy notice.

You have the right to withdraw consent by:

  • emailing us at [email protected];
  • in case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or

Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.

From time to time, we may ask you to confirm or update your marketing preferences.

Contract. We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:

  • register you as a new customer and administer your account (e.g. manage your orders, administer invoicing and payments);
  • provide our products and/or services to you;
  • manage our relationship with you (e.g. to respond to your enquiries or to notify you about changes to our products and/or services); and
  • provide after sale care services (e.g. technical support).

Legitimate interests. We may process your personal data when we (or a third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example:

  • to administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • to manage your account and our relationship with you;
  • to manage payments, fees, charges, and to collect debts which you may owe to us;
  • to interact with you professionally (e.g. if you represent our current or prospective customer, supplier or business partner) to manage our relationship with the organisation you represent;
  • to deal with your enquiry;
  • to ask you to leave a review or complete a survey;
  • to send you our email updates or other electronic marketing communications if you are our existing client;
  • to increase our business or promote our brand through delivering relevant website content, advertisements, and marketing communications to you;
  • to measure or understand the effectiveness of the advertising we provide to you;
  • to improve our website products, services, marketing, and customer relationships;
  • for the prevention and detection of fraud and spam; and
  • for the establishment, exercise or defence of our rights under our contract with you and/or legal claims.

Legal obligation. We may process your personal data to comply with our legal obligation. For example, to:

  • notify you about changes to our terms or privacy notice;
  • address your complaint; and
  • comply with a request from a competent authority.

  1. Marketing 

Our marketing emails

We may send you emails about our products if you are our existing customer (on the basis of our legitimate interests) or, if you are our prospective customer, when you expressly agree to that (for example, by signing up to our newsletter).

Profiling

If you are our existing customer, we may use the information we have about you (such as what product you previously bought from us, where you live, how old you are, how you use our website) to make predictions on what other products may be of interest to you. We will use that information to make our marketing emails and offers relevant to you. This type of personal data use is called ‘profiling’. We will do that on the basis of your consent.

Cookies and similar technologies

We may also use cookies and similar tracking technologies (for example tracking pixels in our marketing emails and website/app advertisements) and analytics services (such as Google Analytics) to collect information about your use of our website, app, services and your interactions with our marketing emails and advertisements.

In addition, third party advertising platforms (for example, Facebook and Google) may also use their advertising pixels and other cookies on our website and in our emails with our permission. Their cookies are used to track visitors across websites in order to deliver adverts more relevant to them and their interests. The advertisers may use information about your visit to our website to target advertising to you on other websites.

We will ask for your consent to the use of non-essential cookies, including third party cookies.

  1. Who We Share Personal Data With 

We may share your information with third parties for the purposes set out in this notice.

Service provision

We use service providers to provide goods/services to you:

  • Payment gateways such as Stripe (based in the US), to process payments through our website. If you pay for our products through our website, or if you receive payments from us through our website you will be providing your personal data (for example, details of your payment card and billing address) to that gateway. Please see Stripe’s privacy policy.
  • Booking software platforms such as OpenTable (in various locations including the US, see OpenTable’s privacy policy) and P3 (based in Ireland however uses processors such as Google Analytics which is based in the US, see P3’s privacy policy), so that users can self-book and pay for our services online.
  • WiFi providers such as Purple Wifi (based in the UK however uses third party providers that may be based outside of the EEA, see Purple’s privacy notice), a cloud-based captive portal solution that we use so that users can authenticate to their Wi-Fi services.

We impose contractual obligations on providers to ensure that your personal data is protected.

Social media

We may share your information with social media providers such as Facebook and Instagram when you have specifically opted into marketing for the purposes of advertising. Please also see the ‘Marketing’ section of this notice for further details of sharing information with social media platforms.

IT and technology

We also share data with providers of IT, digital, and technology products and services, which we use to operate our business:

  • Google, who provide Google Analytics web and app analytics services to us.

Other sharing

We may also:

  • share your personal data with members of our staff;
  • disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
  • disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
  • disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
  • share some personal data with other parties, such as potential buyers of some or all of our business, potential investors, or group companies if our business undergoes a corporate re-structure.

Such data recipients will be bound by confidentiality obligations.

  1. International Data Transfers Outside the United Kingdom 

Transfers of personal data outside the United Kingdom are subject to special rules under the UK Data Protection Legislation.

If you are based outside the United Kingdom, we may receive and transfer your personal data directly to you to the country where you are based.

We may also transfer your personal data to providers based in the European Economic Area (EEA) or receive your personal data from third parties in the EEA. The UK Government has recognised the EEA as providing an appropriate level of protection to the data protection rights of individuals.

We may also transfer your personal data to providers based in Canada. The UK Government has recognised Canada as providing an appropriate level of protection to the data protection rights of individuals where personal information is collected by private sector organisations in the course of commercial activities.

We may also transfer your personal data to the USA, due to our use of providers such as Google, Stripe and OpenTable (Please see the section ‘Who we share your personal data with’ in this privacy notice for more information about these providers.)

Where we transfer your personal data to the USA, in order to protect your information, we have entered into transfer agreements with the third parties in the USA with whom we share your data. Transfers of your personal data to the USA operate under an International Data Transfer Agreement (IDTA) or under the standard contractual data protection provisions (Standard Contractual Clauses) and/or the UK’s IDTA Addendum (IDTA Addendum). These mechanisms of transfer are recognised as being appropriate safeguards under the UK GDPR.

Please email [email protected] if you would like further information in relation to international data transfers.

  1. How Long We Keep Personal Data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

For example:

  • we are required to keep accounting records for seven years for tax audit purposes;
  • if you have a contract with us, we will keep your data until you close you account on our website; and
  • if you subscribe to our updates, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications.

We may also anonymise your personal data (so that it can no longer be associated with you) for analytics, research, or statistical purposes, in which case we may use this information indefinitely without further notice to you.

  1. Your Rights

You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).

Access

This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Rectification 

The right to require us to correct any inaccuracies in your personal data.

Erasure (to be forgotten)

The right to require us to delete your personal data in certain situations.

Restriction of Processing 

The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).

Data Portability

The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.

To Withdraw Consent 

The right to withdraw your consent, if we rely on your consent to use your information.

To Object

The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).

If you would like to exercise any of those rights, please contact us either directly or at [email protected]. Please let us know what right you want to exercise and the information to which your request relates.

  1. Information Security

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  1. Complaints 

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your information. You may contact our Data Protection Officer by using the contact methods set out in the How to contact us section of this privacy notice.

The Data Protection Legislation also gives you a right to lodge a complaint with the Information Commissioner, who may be contacted at https://ico.org.uk/make-a-complaint/, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

  1. Changes to This Privacy Notice 

This privacy notice was last updated on 02/11/2023.

We may change this privacy notice from time to time; when we do, we will publish the new version of the privacy notice on our website. If you are our customer, we may also inform you via email or post.