INTRODUCTION

The Doyle Collection[1] (“Doyle”, “we” or “us”) is committed to protecting and respecting your privacy.

This Privacy Notice is issued on behalf of each company within The Doyle Collection, so when we refer to The Doyle Collection, we or us in this Notice, we are referring to the relevant company in The Doyle Collection responsible for processing your personal data. Doyle Hotels (Holdings) Limited is the controller of and responsible for the Doyle Collection website.

We adhere to the hospitality industry Code of Conduct on Privacy (the “Code”) and the Code and this Privacy Policy (the “Policy”) set out the basis on which any personal data we collect from you or that you provide to us, or that is provided to us relating to you (“Data”) by any means will be processed. It has been updated to comply with the requirements of the General Data Protection Regulation (EC) 2016/679 (“GDPR”).

This includes when you, or someone on your behalf, requests information from us, contact us (or we contact you), make a booking, use our websites, link to or from our websites, connect with us via social media, through our central reservations or hotels, or any other engagement we have with you (regardless of where you are based).

Please read the following carefully to understand our use of personal data. Please note that the Policy relates only to the personal data of living individuals.

Information we may collect from or about you

We collect personal data from you which you volunteer when you provide such personal data to us, or via our services with which you interact. We may also be given other personal data relating to you by other persons. These could include, if a booking is made for you by another person, who may be a family member or travelling companion, or a booking agent or other intermediary, working for you or, where you are travelling on business, your employer or other third party on your behalf. We may also obtain such other personal data about you as may be provided to us in the course of our legitimate business activities.

We may collect and process personal data including the following in the course of providing services to you, which could contain your personal data:

your full name; your address; your various email addresses; your various phone numbers including mobile phone numbers; your nationality; your address; financial information about you including your bank account details; credit card details or other payment details; details of contracts you have entered with third parties for us to provide services to you; details of your relationship to other parties; details of your membership of professional or other organisations; your date of birth; details of your children and other relations; medical details including details of allergies; guest preferences including likes and dislikes, details of your car registration number; details of your driving licence; details of your passport, and all other personal data which you ask us to process on your behalf, or which is necessary for us to process in order for us to fulfil our role in providing bedroom accommodation, food & beverage, meeting room or other hospitality related services to you.

We may also process other data, which is not personal data. In general, we do not collect special category/sensitive personal data from or about you. We will, however, collect personal data volunteered by or about you relating to disabilities, allergies or medical or other dietary requirements, in order to address your needs. We may also need to process such information in the event of an accident or a medical or other emergency during your stay or your use of our other facilities.

When you access our website or wi-fi facilities, your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer, and to offer services to you.

Security Statement

Doylecollection.com uses the Secure Sockets Layer protocol to protect your online transaction. Secure Sockets Layer is a security protocol that provides communications privacy over the internet. This allows your computer to communicate with our server in a way that is designed to prevent tampering or message forgery. Your credit card number is also “one-way” encrypted as it enters our databases. We will take all reasonable care to keep the details of your booking or reservation and credit card information secure.

Security and where we store your personal data

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We do continue to revise policies and implement additional security features as new technologies become available.

Though we do not seek actively to transfer personal data outside the EEA, some of the external third parties we deal with are based outside the EEA or process personal data outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we look to ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the USA, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the USA.

Please note that when booking a room in one of our hotels located outside the EEA your personal data will be transferred to this location in order to allow us to fulfil our contract with you and to provide you with services.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.

How we use your personal data

We will only use your personal data when the law allows us to. We use your personal data that we hold where it is necessary:

  • to take steps at your request prior to entering into a contract with you and to carry out our obligations arising from any contracts entered into between you and us including providing you with the services listed below;
  • for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • to comply with our obligations under applicable legislation; and/or
  • for reasons of substantial public interest, such as the prevention or detection of crime, or other unlawful acts, subject to appropriate protections as set out in our internal policies and procedures; and/or
  • to establish, exercise or defend legal claims.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us, using the contact details below, for more information on the specific grounds we rely on for processing your personal data.

When we refer to our legitimate interests, we mean the interest of our business in conducting and managing our business to enable us to give you the best service/product, understanding your requirements and preferences, and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to:

  • sending direct marketing communications to you;
  • information about your health, any disabilities and allergens that you or someone on your behalf volunteers to us to enable us to accommodate your needs during your stay.

You have the right to withdraw consent at any time by contacting us at data_protection@doylecollection.com. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

List of services we provide:

  • bedroom and / or suite accommodation
  • bars
  • restaurants
  • meeting spaces event spaces
  • loyalty
  • vouchers
  • or other hospitality related services to you

Marketing/promotional offers

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Where you have agreed to receive it, we may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.

We will not share your personal data with any company outside The Doyle Collection for non-Doyle Collection marketing purposes without your express consent.

We may use your personal data to send you information relating to our services, events and products which may be of interest to you. If you do not want us to use your personal data in this way, please notify us to that effect. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time using the contact details set out at the end of this notice.

How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for seven years after the transaction in question. We also need to keep information for that period to be able to deal with any dispute.

Cookie usage and storage

When you visit www.doylecollection.com we collect information about your computer and assign you a ‘cookie’ (a small, unique identifier text file) which is sent by our website to your web browser and remains on your computer until deleted. You do not provide this information – it is collected automatically as a means of supporting your visit to our website. This cookie does not contain any information that can identify you. You can always choose to not receive a cookie file by enabling your Web browser to refuse cookies or prompt you before accepting a cookie. For more information on how to adjust your browser’s cookie settings, or to find out more information on specific cookies and how to disable them, please click here. Please note however that disabling cookies may restrict your use of The Doyle Collection website.

In addition, we create a unique Session ID for each visit to www.doylecollection.com.  Session ID cookies may be used by Doyle Collection to track a user’s preferences while navigating the website. Session ID cookies last for the duration of your visit to our website and are deleted at the end of your session.

Cookie

Name

Purpose

asj_anonymous_id
 asj_group_id
 asj_user_id
 skip_avail_call
 eZSESSID
 ServerID
 is_logged_in
 currency
 skip_aval_call

Sitewide Cookies

These cookies are essential for the functionality of the website to identify preferences of your session.

_ga
 _gat
 _gid
 _utma
 _utmb
 _utmc
 _utmt
 _utmz

Google Analytics

These cookies are essential for our site to anonymously track user behaviour so that we can better understand and improve upon current user experience.

_uetsid

Bing Ads

This cookie is used to measure the impact of Bing Advertising campaigns.

_vwo
 _vis_uuid
 _vis_opt_X

Visual Web Optimiser

These cookies are used to allow split testing of new functionality, design and content in order to continually test & improve the website’s user experience

_hjIncludedInSample

HotJar

These cookies are used to run heatmapping software that allows us to see where users click on the site, so that we can continually test & improve the website’s user experience

hc_session

HotelChamp

This cookie allows us to overlay relevant information on website pages, such as price comparisons with other distributors, promotional offers, and statistics about booking availability & usage

Disclosure to third parties

We may disclose your personal data to third parties who provide a service to us and to other companies within The Doyle Collection; or in the event that we sell any business or assets, in which case we may disclose your Data to the prospective buyer of such business or assets; or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, property, or safety of staff or customers.

Sharing Data

We will only pass your personal data to our business partners, to fulfil your requirements, improve our services or where we are required to do so by law. These include your company or travel agents involved in your booking, customer satisfaction surveys, loyalty scheme providers, email marketing provider use only by The Doyle Collection.

Other categories of third party which may have access to your personal data include our professional advisers, including lawyers, banks, auditors and insurers; and relevant statutory bodies and other regulatory bodies and authorities in your jurisdiction, and, where appropriate, the police and courts.

Where these third parties are our processors, we require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Some of the third parties mentioned above, for example many professional advisers and relevant statutory body in your jurisdiction, are controllers who, like us, are subject to specific obligations under data protection law, and who will have their own privacy notices setting out how they deal with personal data.

Please note that gyms and leisure facilities and car parking at a number of our hotels are operated by independent companies. These operators are controllers in their own right and have their own obligations under data protection laws.

Links to other sites

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any data to those websites.

CCTV

For the greater security of our guests and patrons, and to prevent and detect crime, we use CCTV in and around our premises. To obtain information about our use of CCTV contact us at data_protection@doylecollection.com or please see our CCTV policy here.

Your rights

As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process data relating to you. These rights apply in certain circumstances and are set out below.

  • The right to access data relating to you (‘access right’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to enable us to deal with your request or to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or we have received a number of requests. In this case, we will notify you and keep you updated. Please see Form 1a[2] here
  • The right to rectify/correct data relating to you (‘right to rectification’). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Please see Form 2a here
  • The right to object to processing of data relating to you (‘right to object’). Where we process your personal data on the basis of a legitimate interest or where there is profiling based on these provisions, you have the right to object to the use of this data. [If we process personal data for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes]. Please see Form 3a here
  • The right to restrict the processing of data relating to you (‘right to restriction’). This enables you to ask us to suspend the processing of your personal data in the following situations: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please see Form 4a here
  • The right to erase/delete data relating to you (i.e. the “right to erasure”). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that while you are employed by us and for a reasonable period after the termination of your employment, there will only be very limited circumstances when we will be required to erase any of your personal data. Please see Form 5a here
  • In limited circumstances, the right to ‘port’ certain data relating to you from us to another (‘right to data portability’). Note that this right only applies to automated information which you provided to us and where our justification for processing was consent or where we used the information to perform a contract with you. Please see Form 6a here
  • You also have the right to make a complaint at any time to the relevant statutory body in your jurisdiction. If you would like us in the first instance to deal with your concerns, please email us at  data_protection@doylecollection.com

Changes to this policy

We reserve the right to change this Policy from time to time in our sole discretion. If we make any changes, we will post those changes online at www.doylecollection.com/privacy-notice so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide data after we post any such changes, you accept and agree to this Policy as modified.

Contact Us

Questions, comments, requests and complaints regarding this Policy and the information we hold are welcome and should be addressed to us at  data_protection@doylecollection.com

All requests will be dealt with promptly and efficiently, and in accordance with the requirements of the GDPR.

___________

[1] The Doyle Collection comprises Doyle Hotels Holdings Limited and other group undertakings
[2] Under GDPR you are not obliged to complete any mandated forms. However, completion of the relevant form (1a-6a) would assist us in dealing with your request in an effective and efficient manner