This Privacy Notice outlines the types of personal data we may collect about you when you interact with us. It also explains how we store, handle and protect your data, and to ensure that you, as a customer of The Beaumont, are fully informed of your rights.
This Privacy Notice outlines the types of personal data we may collect about you when you interact with us. It also explains how we store, handle and protect your personal data, and ensures that you, as a customer of The Beaumont, are fully informed of your rights.
The sections outlined below should answer any questions you may have. However if you do have further queries, then please do contact us at:
Data Protection Officer
The Beaumont Hotel Limited
8 Balderton Street
London W1K 6TF
Telephone: +44 (0)20 7499 1001.
In using our website and receiving our services, you consent to the collection, use, disclosure, transfer and other processing of your personal data as set out in this privacy notice, subject to your rights set out below and in particular your rights to withdraw or modify your consent as described in paragraph 10 of this Privacy Notice.
The Beaumont Hotel Limited operates The Beaumont Hotel, The Colony Grill Room and The Beaumont Spa.
The Beaumont Hotel Limited is the "controller" of any personal data for the purposes of the Data Protection Act 2018 (the "Act") and to the extent applicable the General Data Protection Regulation ("GDPR") that you provide to us in the course of purchasing products from us, using our services or otherwise interacting with us.
We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the Act and the GDPR.
We will only process your personal data where:
By processing, we mean the collection, storage, recording, use, disclosure and any other form of operations or dealings with your personal data.
We process personal data of our customers or visitors to our websites for a number of different purposes, which are explained below.
"Personal data" means any information about an individual from which that person can be identified, such as your name and contact details. It does not include data where the identity has been removed (anonymous data).
In certain circumstances, as we set out below, it will be necessary for you to provide us with your personal data, to enable us to manage our operations, to provide goods and services to you or to comply with our statutory obligations.
In other circumstances, it will be at your discretion whether you provide us with your personal data or not. However, failure to supply any of the personal data we request may mean that we are unable to maintain or provide services or products to you.
We do not generally collect special categories of personal data unless it is volunteered by you or unless we are required to do so pursuant to applicable laws and jurisdictions. Special categories of personal data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We may process (with your explicit consent or in the case of certain data e.g. about allergies, in order to protect your vital interests or to comply with our statutory obligations) health data provided by you to improve your stay or to safely provide you with our services, e.g. mobility information and information you provide us with in the course of booking a spa appointment.
Restaurant Reservations and Private Dining
The following personal data is required in order for us to make a reservation at our restaurants or at a private dining room:
In order to provide exceptional customer service and to improve your dining experience, or in order to comply with our statutory obligations or to protect your vital interests, we may also collect and process additional personal data, including the following:
For online reservations at our restaurants, we use the third party booking engine SevenRooms and you will be directed to the SevenRooms website when making a booking online. Please refer to the section below "Who do we share your data with?" for more information.
We need the following personal data in order for you to make a reservation at our hotels:
In order to provide exceptional customer service and to improve our customers' stay and dining experiences, or in order to comply with our statutory obligations or to protect your vital interests, we may ask you for and process additional personal data, including the following:
For online reservations at our hotels, we use the third party booking engine Synxis from Sabre GLBL Inc and you will be directed to the Synxis Inc Website when making a booking online. Please refer to the section below "Who do we share your data with?" for more information.
The following personal data is required in order to make a spa appointment at our hotels:
When you attend the spa for your appointment, you will be asked to complete our "Health Assessment Form". The information you provide on that form, which includes special categories of personal data (in particular, information about your health) and the emergency contact information you provide, may be used by the hotel in order to ensure your safety when using the spa services, and in particular in the event of an emergency. It is entirely up to you whether to complete the Health Assessment Form, however, in the event that you choose not to do so we will not be able to offer and provide you with the spa services. We require the information on that form to conduct the spa services safely (i.e. to protect your vital interests). The information you provide will only be used for that purpose, will be stored as is set out in section 9 of this Privacy Notice and will not be provided to any third parties.
e-Commerce and Retail
The following personal data is collected and processed by us in order to provide e-commerce and retail services to you:
This personal data may be shared with trusted third parties as processors (as detailed in the Act and GDPR) in order to carry out any necessary services for us, including shipping, fulfilment, and personalisation for a given order transaction. Please refer to the section below "Who do we share your data with?" for more information.
We usually collect personal data from the information you submit during the course of your relationship with us. We use different methods to collect data from and about you, including through:
You may give us your identity, contact and financial data by filling in forms or by communicating with us by post, phone, email or otherwise. This includes personal data you provide when you make reservations, bookings or order at the hotel, restaurant, and spa. Such reservations / bookings can be made in the following ways:
You may also give us your personal data when you request marketing to be sent to you, enter a competition, promotion or survey, or give us feedback or contact us.
Third Parties or Publicly Available Sources
We may also use, collect and process publicly available information that we believe could be relevant to your reservations, bookings, orders or other interactions with us. We typically search engines like Google or Social Media (eg LinkedIn) to collect this information.
We do not knowingly collect personal data from children under the age of 13. If we learn that we have collected personal data from a child under the age of 13 without parental consent, we will take steps to delete that personal data as soon as possible.
We will only use your personal data for purposes for which the law allows us. Most commonly, we will use your personal data in the following circumstances:
We use the personal data you have provided us in order to:
We use personal data so that our employees can familiarise themselves with you and your guests in order to provide better services to you. The data you provide allows us to ensure that this can be achieved in the best possible way.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Marketing and communications
As our customer, we would like to send you marketing communications from time to time to check the quality of our services to you or to inform you about our restaurants, spas and hotels; including new openings, developments, events and partnerships, and other services we think may be of interest to you, in the form of email newsletters.
We will send you such communications either because you are a recent customer of ours or because we have obtained your consent to do so. You have the right to unsubscribe from these marketing communications from us at any time by clicking on the unsubscribe link which will be made available to you in each communication, or by emailing us at any time at email@example.com.
We work with a number of trusted and contracted third parties in order to be able to provide our goods and services to you. These third parties include (but are not limited to) those who provide services to us for the delivery of goods, restaurant, hotel and spa hotel bookings and business systems providers.
We do not share, rent, trade or sell your personal data to third parties for marketing purposes or for any purposes other than those explained in this Privacy Notice, without your prior consent. We do not purchase personal data from third parties.
We may transfer your personal data in the ways set out in this notice, and, in particular, to the following third parties:
We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law (including the Act and the GDPR). We do not allow our third party service providers to process your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our written instructions.
Some of our external service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA (and where such data is transferred it may be accessed in or stored in those countries). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
The security of your personal data is equally as important to us as it is to you. With this in mind we will treat your data with the utmost care and take all necessary steps to protect it. We will implement and maintain appropriate technical and organisational measures to ensure a level of security commensurate with the risks involved and appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
Our websites use encrypted 'https' technology and access to your personal data is password protected, and sensitive data (such as payment card information) is secured by SSL encryption and tokenisation.
We carry out vulnerabilities assessments and penetration testing to identify ways to further strengthen our information security.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Any Health Assessment Form you provide will be kept by us in hard copy only at the reception of the Spa, for a period of 6 months. After that the hard copy form will be retained in a locked file for a further 3 year archival period, and then it will be securely disposed of.
In some circumstances you can ask us to delete your data (see the section "Your Rights" below for further information) and in some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
In accordance with the Act and the GDPR, you have the right to:
We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal data, and for any additional copies of the personal data you request from us.
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), and the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. Please email firstname.lastname@example.org.
As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns by using cookies.
You can set your browser to stop cookies or to let you know when cookies are being sent, however this may disable some or all of the functions of the site and may prevent you from being able to use it as you would like.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We may change or update parts of this Privacy Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this Privacy Notice on this website. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Privacy Notice when you use our products and services to ensure that you are fully aware of any changes or updates.
Last Updated: 27 November 2018