Use of personal data

This Privacy Policy outlines the types of personal data that The Beaumont Hotel ("we/us/our") may collect about you when you interact with us. It also explains how we store, handle, protect and otherwise process your data, and to ensure that you are fully informed of your rights. This Privacy Policy is applicable to The Beaumont Hotel, The Colony Grill Room and The Beaumont Spa.

1. INTRODUCTION

The sections outlined below should answer any questions you may have. However if you do have further queries, then please do contact us at:

Data Protection Officer, The Beaumont Hotel Limited, 8 Balderton Street, London, W1K 6TF, United Kingdom

Email: [email protected]

Telephone: +44 (0)20 7499 1001.

In using our website and receiving our services, you consent to the collection, use, disclosure, transfer and other processing of your personal data as set out in this Privacy Policy, subject to your rights set out below and in particular your rights to withdraw or modify your consent as described in paragraph 10 of this Privacy Policy.

In this Privacy Policy, "personal data" means any information about an individual from which that person can be identified, such as your name and contact details. It does not include data from which it is not possible to identify the individual to which it relates (anonymous data).

2. WHO IS THE BEAUMONT?

We are The Beaumont Hotel Limited (referred to in this Privacy Policy as "The Beaumont", "we", "us" and "our"). The Beaumont Hotel Limited is a private limited company registered in England and Wales at Brown Hart Gardens, London W1K 6TF (Company No: 8031843), t/a The Beaumont and The Colony Grill Room.

The Beaumont Hotel Limited operates The Beaumont Hotel, The Colony Grill Room and The Beaumont Spa.

The Beaumont Hotel Limited is the "controller" of any personal data for the purposes of the Data Protection Act 2018 (the "Act"), UK GDPR (meaning the General Data Protection Regulation (EU) 2016/679 ("GDPR") as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 ) and to the extent applicable GDPR (together "Data Protection Law") that you provide to us in the course of purchasing products from us, using our services or otherwise interacting with us.

We are committed to protecting your privacy and processing your personal data in compliance with Data Protection Law.

3. FAIR AND LAWFUL PROCESSING

We will only process your personal data where:

  • you have given your consent to such processing (which you may withdraw at any time, as detailed below) ("consent");
  • the processing is necessary to provide our services to you (including through this website) or otherwise perform our contract with you or to enter into a contract with you ("performance of our contract with you");
  • the processing is necessary for compliance with our legal obligations ("statutory obligations");
  • the processing is necessary in order to protect your vital interests or those of another person ("vital interests");
  • the processing is necessary for our legitimate interests or those of any third party (as detailed below) and such interests are not overridden by your rights and freedoms ("legitimate interests").

By processing, we mean the collection, storage, recording, use, disclosure and any other form of operations or dealings with your personal data.

4. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

We collect various personal data from you in order to process it for a number of different purposes, including to enable us to manage our business and operations, to provide goods and services to you, for our legitimate interests or to comply with our statutory obligations.

Some personal data is collected automatically as a result of your use of our website (see Cookie section below). In other circumstances, it will be at your discretion whether you provide us with your personal data or not and we may need to collect your personal data by law, or under the terms of a contract we have with you. If you do not provide that data when requested, we may not be able to maintain or provide services or products to you or to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We do not generally collect special categories of personal data (as defined in Data Protection Law) unless it is volunteered by you or unless we are required to do so pursuant to applicable laws. "Special categories of personal data" includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. However, we may process) health data provided by you (either with your explicit consent or in the case of certain data e.g. about allergies, in order to protect your vital interests or to comply with our statutory obligations) to improve your stay or to safely provide you with our services, e.g. mobility information and information you provide us with in the course of booking a spa appointment.

We set out below what personal data is required by us in order for us to make a reservation at our hotel, spa, restaurants or at a private dining room, for e-commerce or retail purposes and to provide you with our business services and for marketing and communications purposes (see also section 6 below):

a. Types of personal data which we may seek to collect and process

  • Customer name and contact details and those of the person making the reservation or purchase and of any recipient of any gifts/gift cards

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations, Spa Appointments, e-Commerce and Retail

Purposes for processing

To comply with our statutory obligations (e.g. identity verification), to provide our business services to you such as reserving a table or room for you, to provide exceptional customer service and to improve your staying experience, and for marketing our services and communicating with you in accordance with section 6 below

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests, to comply with our statutory obligations and performance of our contract with you

b. Types of personal data which we may seek to collect and process

  • Postal address (for gifts/gift cards billing and delivery addresses (if different))

Services and products for which we are processing this data

e-Commerce and Retail

Purposes for processing

To provide our business services to you including credit card verification, to provide exceptional customer service and to improve your staying experience, and for marketing our services and communicating with you in accordance with section 6 below

To send the recipient the products purchased

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

c. Types of personal data which we may seek to collect and process

  • Telephone Number

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations, Spa Appointments, e-Commerce and Retail

Purposes for processing

To reserve a table or room for you, to provide our business services to you, to provide exceptional customer service and to improve your staying experience, and for marketing our services and communicating with you in accordance with section 6 below

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

d. Types of personal data which we may seek to collect and process

  • Email Address

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations, Spa Appointments, e-Commerce and Retail

Purposes for processing

To reserve a table or room for you

To provide our business services to you to provide exceptional customer service and to improve your staying experience, and for marketing our services and communicating with you in accordance with section 6 below

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

e. Types of personal data which we may seek to collect and process

  • Date of birth

Services and products for which we are processing this data

Room Reservations

Purposes for processing

To comply with our statutory obligations, to provide exceptional customer service and to improve your staying experience, and for marketing our services and communicating with you in accordance with section 6 below

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and to comply with our statutory obligations

f. Types of personal data which we may seek to collect and process

  • Passport number

Services and products for which we are processing this data

Room Reservations

Purposes for processing

To comply with our statutory obligations

Legal basis for processing (see section 3 above for more details)

Consent and to comply with our statutory obligations

g. Types of personal data which we may seek to collect and process

  • Arrival/departure date and time

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations, Spa Appointments

Purposes for processing

To provide our business services to you, to provide exceptional customer service and to improve your staying experience

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

h. Types of personal data which we may seek to collect and process

  • Relevant travel information

Services and products for which we are processing this data

Room Reservations

Purposes for processing

To provide our business services to you to provide exceptional customer service and to improve your staying experience, and for marketing our services and communicating with you in accordance with section 6 below

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

i. Types of personal data which we may seek to collect and process

  • Occasion for visit and special occasions - birthdays, anniversaries and that of your guest(s)

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations

Purposes for processing

To provide exceptional customer service and to improve your dining/staying experience

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

j. Types of personal data which we may seek to collect and process

  • Seating preferences

Services and products for which we are processing this data

Restaurant Reservations and Private Dining

Purposes for processing

To provide exceptional customer service and to improve your dining experience

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

k. Types of personal data which we may seek to collect and process

  • Stay history (that is, details as to whether you have stayed with us before)

Services and products for which we are processing this data

Room Reservations

Purposes for processing

To provide exceptional customer service and to improve your staying experience

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

l. Types of personal data which we may seek to collect and process

  • Allergies or food intolerances

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room reservations

Purposes for processing

To comply with our statutory obligations or to protect your vital interests

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests, performance of our contract with you, statutory obligations and to protect your vital interests

m. Types of personal data which we may seek to collect and process

  • Food & beverage preferences

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room reservations

Purposes for processing

To provide exceptional customer service and to improve your dining experience

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

n. Types of personal data which we may seek to collect and process

  • Personal connections to other customers or staff

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations

Purposes for processing

To provide exceptional customer service and to improve your dining/staying experience

Legal basis for processing (see section 3 above for more details)

Consent and legitimate interests

o. Types of personal data which we may seek to collect and process

  • General preferences

Services and products for which we are processing this data

Restaurant Reservations and Private Dining

Purposes for processing

To provide our business services to you, to provide exceptional customer service and to improve your dining and staying experience, and for marketing our services and communicating with you in accordance with section 6 below

Legal basis for processing (see section 3 above for more details)

Consent and legitimate interests

p. Types of personal data which we may seek to collect and process

  • Previous booking history

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations

Purposes for processing

To provide our business services to you, to provide exceptional customer service and to improve your dining and staying experience, and for marketing our services and communicating with you in accordance with section 6 below

Legal basis for processing (see section 3 above for more details)

Consent and legitimate interests

q. Types of personal data which we may seek to collect and process

  • Any publicly available information - e.g. job title, company where you work, name of spouse, photograph

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room reservations

Purposes for processing

To provide exceptional customer service and to improve your dining/staying experience

Legal basis for processing (see section 3 above for more details)

Consent and legitimate interests

r. Types of personal data which we may seek to collect and process

  • Credit/Debit Card information (which will be encrypted)

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations, Spa Appointments, e-Commerce and Retail

Purposes for processing

To enable us to be paid for the services and products we supply to you

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests and performance of our contract with you

s. Types of personal data which we may seek to collect and process

  • Mobility requirements

Services and products for which we are processing this data

Restaurant Reservations and Private Dining, Room Reservations, Spa Appointments

Purposes for processing

To comply with our statutory obligations or to protect your vital interests

Legal basis for processing (see section 3 above for more details)

Consent, legitimate interests, performance of our contract with you, statutory obligations and to protect your vital interests

t. Types of personal data which we may seek to collect and process

  • Health information (see note 3 below)

Services and products for which we are processing this data

Spa Appointments

Purposes for processing

To comply with our statutory obligations or to protect your vital interests

Legal basis for processing (see section 3 above for more details)

Explicit consent, statutory obligations and to protect your vital interests

u. Types of personal data which we may seek to collect and process

  • Images and sound captured by CCTV

Services and products for which we are processing this data

Restaurant, Hotel and Spa Services

Purposes for processing

To comply with our statutory obligations including for the security of our customers and guests or to protect your vital interests

Legal basis for processing (see section 3 above for more details)

Legitimate interests, performance of our contract with you, statutory obligations and to protect your vital interests

Please note:

  1. For online reservations at our restaurants, we use the third party booking engine Seven Rooms and you will be directed to the Seven Rooms website when making a booking online. Please refer to the section below "Who do we share your data with?" for more information.
  2. For online reservations at our hotels, we use the third party booking engine Synxis from Sabre GLBL Inc and you will be directed to the Synxis Inc Website when making a booking online. Please refer to the section below "Who do we share your data with?" for more information.
  3. When you attend the spa for your appointment, you will be asked to complete our "Health Assessment Form". The information you provide on that form, which includes special categories of personal data (in particular, information about your health) and the emergency contact information you provide, may be used by the hotel in order to ensure your safety when using the spa services, and in particular in the event of an emergency. It is entirely up to you whether to complete the Health Assessment Form, however, in the event that you choose not to do so we will not be able to offer and provide you with the spa services. We require the information on that form to conduct the spa services safely (i.e. to protect your vital interests). The information you provide will only be used for that purpose, will be stored as is set out in section 9 of this Privacy Policy and will not be provided to any third parties.
  4. This personal data may be shared with trusted third parties as processors (as detailed in Data Protection Law) in order to carry out any necessary services for us, including shipping, fulfilment, and personalisation for a given order transaction. Please refer to the section below "Who do we share your data with?" for more information.

5. HOW DO WE CAPTURE YOUR PERSONAL DATA?

We usually collect personal data from the information you submit during the course of your relationship with us. We use different methods to collect data from and about you, including through:

Direct Interactions:

You may give us your identity, contact and financial data by filling in forms or by communicating with us by post, phone, email, social media or otherwise. This includes personal data you provide when you make reservations, bookings or order at the hotel, restaurant, and spa whether made online, by telephone, by email, in person via a third party such as a travel agent or through social media.

You may also give us your personal data when you request marketing to be sent to you, enter a competition, promotion or survey, or give us feedback or contact us.

Third Parties or Publicly Available Sources

We may also use, collect and process publicly available information that we believe could be relevant to your reservations, bookings, orders or other interactions with us. We typically search engines like Google or Social Media (eg LinkedIn) to collect this information.

We do not knowingly collect personal data from children under the age of 13. If we learn that we have collected personal data from a child under the age of 13 without parental consent, we will take steps to delete that personal data as soon as possible.

6. OUR LEGITIMATE INTERESTS

We will only use your personal data for purposes for which the law allows us. We have set out the purposes for which we use your personal data in the table above. By way of further explanation, we will process your personal data in our legitimate interests for the following purposes:

Management and Administration of our Business Services

We process the personal data you have provided us in order to:

  • Take, confirm, amend or cancel bookings, appointments and/or orders you have placed;
  • Communicate with you with regard to future or past bookings and/or orders you have placed;
  • Provide exceptional customer service and to improve your and your guests' experiences at our restaurants, spas and hotels.

We use personal data so that our employees can familiarise themselves with you and your guests in order to provide better services to you. The data you provide allows us to ensure that this can be achieved in the best possible way.

Marketing and communications

Where we have provided services to you as our customer, we would like to send you marketing communications from time to time to check the quality of our services to you or to inform you about our restaurants, spas and hotels; including new openings, developments, events and partnerships, and other services we think may be of interest to you. Such communications may be sent to you by post, by email or via social media.

We will send you such communications either because you are a recent customer of ours or because we have obtained your express consent to do so. You have the right to unsubscribe from these marketing communications from us at any time by clicking on the unsubscribe link which will be made available to you in each communication, or by emailing us at any time at [email protected] and indicating that you do not in future wish to receive such communications. In such case, we may store your contact details in order to ensure you do not receive such communications y accident.

7. WHO DO WE SHARE YOUR DATA WITH?

We work with a number of trusted and contracted third parties in order to be able to provide our goods and services to you. These third parties include (but are not limited to) those who provide services to us for the delivery of goods, restaurant, hotel and spa hotel bookings and business systems providers such as payment processing providers.

We do not share, rent, trade or sell your personal data to third parties for marketing purposes or for any purposes other than those explained in this Privacy Policy, without your prior consent. We do not purchase personal data from or sell it to third parties.

We may transfer your personal data in the ways set out in this Privacy Policy, and, in particular, to the following third parties:

  • any person to whom you request us to transfer your data;
  • any group company of The Beaumont Hotel Limited;
  • suppliers and service providers (including information technology providers, such as website and mailing list hosts, marketing service providers, booking and reservation systems, and payment processing companies). In particular, we use companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;
  • any third party to whom we assign or novate any of our rights or obligations;
  • any potential or actual buyers of, investors into or lenders to our business or any of our assets, or any of the advisors or representatives of the above;
  • our auditors and professional advisers (bankers, lawyers, accountants and insurers);
  • to travel agents who you use to making bookings, reservations or order products or services from us; and
  • when we believe it is necessary to comply with the law, regulation or legal request (including a court order or police or government inquiry), for example CCTV for the protection and wellbeing of our customers and employees and certain location based data (e.g. data from your room keycards and other entry passes); to enforce or apply our terms and conditions of supply or other agreements; in the context of a company reorganization or restructuring exercise, to protect our rights, property or safety, or those of our personnel, our guests or others.

We require all third parties with whom we share your personal data to implement appropriate technical and organisational measures for the security of your personal data and to respect its confidentiality and to treat it in accordance with the law (including Data Protection Law). We do not allow our third party service providers to process your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our written instructions.

Some of our external service providers are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK (and where such data is transferred it may be accessed in or stored in those countries). Whenever we transfer your personal data out of the UK, we shall do so in accordance with Data Protection Law including by ensuring by contractual means a similar degree of protection to that required by Data Protection Law is afforded to it by the use of specific personal data export clauses in the form of contracts approved by the European Commission or the UK's Information Commissioner.

8. HOW DO WE PROTECT THE SECURITY OF YOUR PERSONAL DATA?

The security of your personal data is as important to us as it is to you. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We will implement and maintain appropriate technical and organisational measures to ensure a level of security commensurate with the risks involved and appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. We will also check that any third party service providers to whom we transfer your personal data also adopt such technical and organisational measures.

Our websites use encrypted 'https' technology and access to your personal data is password protected, and sensitive data (such as payment card information) is secured by SSL encryption and tokenisation.

We and our security service providers carry out vulnerabilities assessments and penetration testing to identify ways to further strengthen our information security.

9. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, taxation, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Any Health Assessment Form you provide will be kept by us in hard copy only at the reception of the Spa, for a period of 6 months after the treatment to which the form relates. After that the hard copy form will be retained in a locked file for a further 3 year archival period, and then it will be securely disposed of.

In some circumstances you can ask us to delete your data (see the section "Your Rights" below for further information) and in some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further Policy to you.

10. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA HELD BY US

In accordance with Data Protection Law, you have the right to:

  • require us to rectify the personal data we hold about you, where that data is incorrect or incomplete;
  • require that we restrict the processing of your personal data in certain circumstances;
  • request access to the personal data that we hold about you;
  • require that, in certain circumstances, we erase the personal data we hold about you;
  • require that we provide you with the information that we hold about you in a structured, commonly used and machine-readable format;
  • have the data we hold about you transferred to another organisation;
  • object to certain types of processing such as direct marketing; and/or
  • withdraw your consent to our processing your personal data at any time.

In the event you contact us to exercise your rights under Data Protection Law, we will endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.

In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.

We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal data, and for any additional copies of the personal data you request from us.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), which is the UK's supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. Please email [email protected]

11. COOKIES

As you interact with our website, we will automatically collect certain data about your equipment, browsing actions and patterns by using cookies.

We use cookies on our site, inter alia, in order to preserve the information stored as you add items to your order, to maintain your order history and to measure the site activity, so we can identify which pages are visited most frequently. We use this information to ensure we guarantee you the most efficient and enjoyable website visiting experience.

You can set your browser to stop cookies or to let you know when cookies are being sent, however this may disable some or all of the functions of the site and may prevent you from being able to use it as you would like.

You can view our full Cookie Policy here.

12. THIRD PARTY LINKS

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy Policy of every website you visit.

13. HOW DO WE UPDATE OR CHANGE THIS PRIVACY POLICY?

We may change or update parts of this Privacy Policy at any time in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. When we do this we will update this Privacy Policy on this website. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Privacy Policy when you use our products and services to ensure that you are fully aware of any changes or updates.

Last Updated: 14 January 2022