Overview of data useWhen first arranging a booking we require the booker’s name and contact details and payment card details to secure the booking via a deposit. On arrival, we then collect the names and contact details of all the guests arriving under the auspices of the original booking, any specific dietary requirements guests may have, and vehicle registrations if guests will be using our car park. For overseas visitors we are also obliged to collect additional information such as passport details and their next destination. Additionally we may then take payment card details to complete the payment owed for the booked stay. Guest’s personal data is collected for the following purposes:
- To enable us to respond to enquiries;
- To process reservations;
- To administer guest records and ensure that guest’s specific requirements can be met during their stay;
- To maintain our own accounts.
Additionally, if paying by credit / debit card guest’s card details will be either processed by freetobook / stripe (if paying online) or via Worldpay (if paying over the phone or face-to-face) through the use of a Worldpay electronic point-of-sale (POS) terminal.
The legal basis for processing personal data
- It is a contractual necessity to enable us to process and manage guest bookings.
- There are legal requirements which stem from the Immigration (Hotel Records) order 1972.
- There are legal requirements which stem from UK tax regulations
Sharing personal data
We treat personal data as strictly confidential and will never share guest’s data with third parties without consent unless there is a compelling legal requirement to do so.
We maintain data only as long as we are required to do so either by law or for accounting purposes.
Paper records (e.g. guest registration forms) are kept in a secure office environment and destroyed after 1 year. Electronic records are either held on a personal laptop, which is password protected, or on a cloud storage platform which employs AES-256 bit encryption to ensure confidentiality and integrity. Only accounting relevant information is maintained for more than 1 year, and this tends to be minimal. All card processing – via freetobook / stripe or Worldpay is fully PCI-compliant.
Guest rights and personal data
Under General Data Protection Regulations (GDPR) guests have:
- The right to request that personal data is erased when no longer required by law to be retained.
- The right to request a copy of any data that the Montrose Guest House holds.
- The right to withdraw your consent to further data processing at any time.
- The right to lodge a complaint with the Information Commissioners Office.
To exercise all relevant rights, queries of complaints please in the first instance contact the owners of Montrose Guest House (Andy and Helen Mountford) at firstname.lastname@example.org. You can contact the Information Commissioners Office on 0303 123 1113, or via email at ICO or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.