Although this policy specifically references UK legislation and Surya Hotels and Dragonfly Hotels, we are part of a wider group – Flying Trade Limited – with which this policy guidance is aligned.
By providing us with your personal data, whether through the Group websites or otherwise, you consent, agree and accept that we, as well as our respective representatives and/or agents may collect, use, disclose and share among ourselves your personal data as described in this policy.
WHO WE ARE
Surya Hotels Limited trading as Surya Hotels and Dragonfly Hotels
Surya Hotels Limited is registered as a Data Controller with the Information Commissioner’s Office. Our brand hotels are also covered by an ICO registration. The current registration details are:
Data Controller Name: SURYA HOTELS LIMITED
Registration Number: ZA197815
Date Registered: 2 August 2016
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
We collect information about you when you register with us on our website, login to our website or applications (directly or by using social media logins), download any of our mobile applications, or commence or complete an online transaction to use our products and services. We collect information about you when you contact our reservations team to make a booking or use the facilities at any of our hotels and restaurants. Facilities include, but are not limited to, Spa, bar and restaurant, function rooms, and guest Wi-Fi. We have CCTV installed in all of our premises in public areas and particularly around entrances and exits; this is for the purposes of prevention and detection of crime and employee monitoring.
We also collect information from you when you sign up to any of our loyalty programmes, subscribe to any of our marketing communications, complete our voluntary customer surveys, enter our competitions or provide feedback. These may be carried out online, by telephone or in person.
Some of the information we collect may be classed as personal data, that is, it is information about an individual who can be identified from it. It may be collected any time you submit it to us, whatever the reason may be.
In doing business with you, typically we will collect:
· Full or partial contact details including names and addresses (including business details if you are making a corporate booking), telephone and email details.
· If you have special requirements then it may also be necessary to collect details about diet or disability or any other preferences that you may have.
· Car parking arrangements at our hotels and restaurants may also make it necessary for us to collect your car registration number for your visit to us.
· We collect payment card information from you should you choose to use this form of payment for purchasing or guaranteeing use of our products and services. You may choose to store this information with us when booking online, for the purpose of making your future Surya Hotel bookings more quickly, via our secure online PCI DSS accredited facility.
· If you choose to connect with us via social media links, for example such as Facebook or Twitter, we may collect your user name, your name (including surname) and email address, your gender, and your location. We may also collect your birthdate and other significant dates for making special offers to you around your birthday and other anniversaries.
· From our overseas guests we may also collect passport details.
If you provide us with any personal data relating to any third party (e.g. information about your spouse, children, employees or colleagues) for particular purposes, by submitting such information to us, you warrant and represent to us that you have obtained the consent of such third party to provide us with their personal data for the respective purposes.
HOW WILL WE USE THE INFORMATION ABOUT YOU?
We use the information we collect about you to process your bookings, answer your queries, process your gift card and voucher purchases, provide our hotel and restaurant facilities and services, enable you to manage your website user account and provide loyalty or membership programmes. With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about: -
- other related products and services we, or our group business, provide together with products and services as relate to food and drink items that we or our associated and group businesses sell, which we think may be of interest to you.
- Our marketing communications are generally sent by email but we may sometimes use other methods of delivery such as by post or SMS.
- We also maintain a presence on appropriate social media.
We may use your information collected from the website, via cookies or direct input, to personalise your repeat visits to our website and send triggered messaging emails to you.
We may use your information to meet and comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory body which are binding on us; and for purposes which are reasonably related to the aforesaid.
We operate a centralised reservation system use of which is shared by all hotels in our group, both Surya Hotels and Dragonfly Hotels. This means that any personal data you have shared with us for booking purposes is available in that system to all our group hotels for reservations and marketing purposes.
We sometimes engage the services of trusted third parties to process the information collected by generating anonymised statistics to assist us with our marketing campaigns and business analysis. We do not disclose this anonymised data outside of our business group. It is not possible for the business to identify an individual from such anonymised data presented in our internal reports.
We share your data with businesses in the Surya Hotels and Dragonfly Hotels through our reservation systems. Your information may also be shared with our parent company, Flying Trade Group PLC (together with their wholly owned subsidiary Flying Trade Limited and Flying Leisure Limited) for advertising or marketing and business management purposes.
Where we use contracted and trusted third parties to facilitate our provision of services and offers, we will also share your data with those parties for that purpose. This includes the processing and delivery of marketing communications to you, processing review and upgrade services and any other third-party services engaged to perform a business support, operational or administrative function.
In some instances, it is necessary to transfer your personal data overseas. Any transfers will be made in full compliance with all aspects of the Data Protection Act.
Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes.
We do not share your data with any third parties outside of the above processing arrangements and we do not share your data with any business external to our group for their own marketing purposes. From the data we collect, you should only ever receive marketing communications from our own brands and hotels. The exception to this is if you have additionally agreed to receive communications from external third parties, via take up of our special third-party promotions, competitions and club memberships. These are third parties with whom we have agreed commercial relationships. For example, other retail, leisure and hospitality businesses.
We may also disclose personal data as permitted or required by law. For instance, if asked by the authorities, such as the police or HMRC, we may share your personal data with them for the purposes of prevention and detection of crime. Information is not shared with them outside of this purpose.
TRANSACTION AND INFORMATION SECURITY
We understand how important it is to securely store any information that you provide. Surya Hotels and Dragonfly Hotels take the privacy and security of your payment and personal details very seriously. Although we take reasonable care to keep your personal data secure, we cannot be held liable for any loss you may suffer from unauthorised access or loss of any data provided to group websites. As part of our security measures, we use encryption technologies for online transactions via our websites.
To protect your data and ensure it is secure we use ‘https’ on our booking engines on all Surya Hotels and Dragonfly Hotels.
Should you choose to store your credit card details with us via your website user account, for the purpose of making future booking transactions, we will store this
information with our secure third party payment gateway which is accredited for PCI DSS (Payment Card Industry Data Security Standards).
Our guest Wi-Fi service is provided either by a contracted trusted third party or ourselves, depending upon which hotel site you are visiting. If you choose to use the service to access web sites or content provided by third parties or purchase products from third parties, then your personal information may be available to the third-party provider. The way third parties handle and use your personal information related to the use of their services is governed by their policies. Surya Hotels and Dragonfly Hotels have no responsibility for their policies, or third parties' compliance with them. Our guest wireless/wired systems use radio channels or local area networks to transmit voice and data communication information; privacy therefore cannot be guaranteed, and Surya Hotels/Dragonfly Hotels shall not be liable to you for any lack of privacy you experience while using the service.
Whilst we take reasonable, appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the internet can ever be totally guaranteed secure. Consequently, please be aware that we cannot guarantee the complete security of any personal data that you transfer over the internet to us whilst in transit. Sending such information is entirely at your own risk.
We advise that you follow general internet security guidelines:
· Always log out and close the website browser when you complete an online session, especially if you are using a computer or terminal in a public location.
· Keep your online account passwords private. Our online accounts are intended for single guest use and link information provided to your guest record.
· When creating a password, use at least 8 characters. A combination of letters and numbers is best. Dictionary words, your name, email address, or other personal data that can be easily obtained are best avoided for passwords.
· Avoid using the same password for multiple online accounts.
VERIFIED BY VISA®™, MASTERCARD® SECURECODE™
To provide you with confidence in paying for your rooms and buying gift vouchers online with us, we have introduced Verified by Visa®™ [and Mastercard®] [SecureCode™.
This is the electronic version of chip and pin technology and is sometimes referred to as 3D Secure. These services enhance your existing card account against unauthorised use when you book online with us and pay in advance.
To use this service, you must first register with the bank or other organisation that issued your card. You can find out more about these services by visiting the relevant Visa and Mastercard websites:
Visit the Verified by Visa®™ website
Visit the Mastercard® SecureCode™ website
Once you've registered and created your own private password with your card issuer, you'll be prompted automatically at checkout to provide this password each time you use your card on our site.
For our flexible rate bookings, where you use your card to guarantee the reservation, we do not process payment until you check-in with us, so Verified by Visa®™and Mastercard® SecureCode™ do not apply in this instance. Instead your encrypted card details are transmitted to our reservation system. You will need to present a payment card at check-in.
It is important that you take note of our cancellation terms and conditions for these flexible rates however, otherwise we reserve the right to charge your card for a no-show should you not turn up for your stay and have not let us know by the agreed cut-off time in advance of arrival. Where asked you are required to be able to produce the same card, used for any booking paid in advance online, at check-in.
Neither Malmaison nor Hotel du Vin has access to your Verified by Visa®™ or Mastercard® SecureCode™ password. This is entirely separate from any website user account you may create with us.
We would like to send you information about other Surya Hotels and Dragonfly Hotels products and services, including offers from our parent owner Flying Trade Group PLC, and its subsidiaries Flying Trade Limited and Flying Leisure Limited, which we believe may be of interest to you. If you have consented to receive our marketing, you may opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted, you can unsubscribe by any of the following methods:
· selecting the UNSUBSCRIBE link included in our emails or on our website;
· contacting our Marketing Team on the email address:
In the event that our business is transferred, sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s advisers and may be passed to the new owners of the business.
ACCESSING AND AMENDING YOUR PERSONAL INFORMATION
You have a right to access a copy of the information which we hold about you. If you would like to do this, please email us on email@example.com or write to us at the following address. We reserve the right to make a small charge for these requests as per the terms of the Data Protection Act.
Information Governance Manager
Surya Hotels and Dragonfly Hotels
Old Ipswich Road
We want to make sure that your personal information is accurate and up to date. You are able to make amendments, or withdraw your consent for use, by telling our reception staff when you check in at any of our hotels or by contacting our Information Governance Manager.
If you withdraw your consent to any or all use of your personal data, depending upon the nature of your request, we may not be able to provide or continue providing our products and services to you, or administer any contractual relationship already in place. You understand and agree that in such instances where we require your personal data to fulfil a contractual obligation to you and you withdraw your consent to collect, use or disclose the relevant personal data for those purposes, we cannot be held liable for breach of that agreement. Our legal rights and remedies in such event are expressly reserved.
RETENTION OF INFORMATION
Your personal data will be retained for as long as it is necessary to fulfil the purpose for which it is collected or for business or legal purposes, or in accordance with applicable laws.
Should you choose to unsubscribe from our mailing list or if your membership expires, please note that your personal data may still be retained on our database to the extent permitted by law.
· To enable certain feature and functions on group websites (e.g. remembering your user-id, browsing and other product and/ or service preferences);
· To identify the causes of problems arising at web servers and to resolve these problems or improve efficiency of group websites.
· To improve the contents of group websites and emails from us;
· To customise the contents of group websites and emails from us to suit your individual interests or preferences;
· To utilise your browsing history on group websites and the results of questionnaires for market research or marketing, including sending you advertisements via group websites;
· To obtain aggregated group website usage and visitation statistics;
· To administer services to you; and for purposes which are reasonably related to the aforesaid.
Phishing is the practice of tricking someone into giving confidential information. Examples include falsely claiming to be a legitimate company when sending an e-mail to a user, in an attempt to get the user to send private information that will be used for identity theft and fraud.
We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from Surya Hotels or Dragonfly Hotels asking you to do so, please ignore it and do not respond. You can contact our hotels directly or Information Governance Manager to report it or if you are unsure.
LINKS TO OTHER WEBSITES
HAVE A QUESTION?
All other questions on our use of your personal data should be directed as follows:
Data Protection Enquiries & Concerns: firstname.lastname@example.org