As our valued guest ("You"), we value your commitment to CIV.
WHO COLLECTS MY DATA?
Data is collected during the booking process either via a brand booking engine or independent third party booking engine provider.
WHEN IS MY PERSONAL INFORMATION COLLECTED?
PD may be collected in certain circumstances as follows:
Booking of a hotel room - through on and offline channels including brand and independent third party booking engines
Check in and check out
Consumption during a stay in a hotel as tracked through room charges
Claims, requests and/or disputes
Participation in marketing programs
Registering with loyalty programs
Contribution to guest’s surveys and/or comments (e.g. "Guest Satisfaction Survey", "Contact us"; "Guests comments”)
Provision of information by third party service providers
Filling in of an online collection form (e.g. online bookings, questionnaire, forms)
WHAT ARE THE PURPOSES OF DATA COLLECTION BY CIV?
We use PD for the following purposes:
To deal with Your enquiries and requests
To book and reserve hotel rooms and requested accommodation
To establish and maintain business records and comply with accounting requirements and local regulations
For back office processing; including managing a list of undesirable guests, further to a non-payment, or to improper behaviour
To manage guests' complaints
To let You benefit from our loyalty program
To implement security and fraud prevention means
Administering membership records
WHAT PERSONAL INFORMATION IS COLLECTED BY CIV?
As a customer at CIV hotel, You may be asked, at various times, to provide PD about You, such as:
Other personal details: date of birth; nationality
Credit card details (only in secure transactional related system)
Membership card numbers of any loyalty program
Your dates of arrival and departure
Your preferences and interests, e.g. preferred location of room (low floor, high floor), type of bed, preferred newspaper, sports and cultural interests
PERSONAL INFORMATION FROM CHILDREN
We do not knowingly contact or collect information from persons under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.
It is possible that we could receive information pertaining to persons under the age of 18 by the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about persons under the age of 18, please do so by sending an email to [email@example.com].
The term "sensitive information" refers to information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, or sexual orientation, genetic information, criminal background, and any biometric data used for the purpose of unique identification.
We do not knowingly collect sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life details unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs (for example, the provision of disability access).
COLLECTION OF PERSONAL INFORMATION VIA COOKIES
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies on www.allaboutcookies.org.
Personal Information regarding a user’s journey through our websites is collected when visiting CIV hotel.
Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, or look at the instruction on www.allaboutcookies.org.
SHARING OF YOUR PERSONAL INFORMATION
We will not share your data with third parties unless we are obliged to disclose personal data by law, or the disclosure of national security, taxation and criminal investigation, or we have your consent, and to the following.
These authorized individuals include (but is not limited to):
Hotel teams using reservation tools
Information technology team
Legal Department staff
Our service providers are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by us.
INTERNATIONAL TRANSFERS OF DATA
RIGHTS TO ACCESS AND MODIFY YOUR PERSONAL INFORMATION
You have the right to access, modify or delete Your PD at any time.
However, please note that if You object to the collection of PD, we may, in certain circumstances be unable to provide You with services requested during your stay at a hotel.
If You wish to exercise your rights on your PD held by a CIV, then You must contact the hotel directly.
CIV do not charge individuals for any requests made regarding collection of PD.
In the interests of protecting the privacy of all CIV guests, we will need to identify You properly prior to responding to your request. To this end, we may request a copy of a valid identification paper such as a current driver's license, identity card or passport.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Data will not be kept for longer than is necessary. Records with financial data will be retained for six years.
We retain personal data about you for the period necessary to fulfil the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law. We retain personal information collected in order to fulfil guest reservations for six years after the stay is completed. We retain other personal information for shorter periods of time if possible and if permitted by law.
We will destroy your personal information as early as practicable and in a way that the information may not be restored or reconstructed.
If printed on paper, the personal information will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.
It is the hotels policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours. In the event that a breach is likely to result in a high risk to the rights and freedoms of an individual, the hotel will notify those concerned directly.
Under the GDPR the relevant DPA has the authority to impose a range of fines of up to four percent of annual worldwide turnover or twenty million Euros, whichever is the higher, for infringements of the regulations.
Within a breach notification, the following information will be outlined:
The nature of the personal data breach, including the categories and approximate number of individuals and records concerned
The name and contact details of the Data Protection Team
An explanation of the likely consequences of the personal data breach
A description of the proposed measures to be taken to deal with the personal data breach
Where appropriate, a description of the measures taken to mitigate any possible adverse effects
Any personal data in hard copy format will be kept in a locked filing cabinet, drawer or safe, with restricted access. Confidential paper records will not be left unattended or in clear view anywhere with general access. All electronic devices are password-protected to protect the information on the device in case of theft. Digital data is coded, encrypted or password-protected, on a network drive that is regularly backed up on and off-site. All members of staff are provided with their own secure login and password, and every computer regularly prompts users to change their password. Emails containing sensitive or confidential information are password-protected if there are unsecure servers between the sender and the recipient.
CIV understands that recording images of identifiable individuals constitutes as processing personal information, so it is done in line with data protection principles.
The hotel operates a multi camera, multi-screen, CCTV system, which is monitored in the public areas to ensure our guests and members of staff’s safety or for investigative purposes. Cameras are only placed where they do not intrude on anyone’s privacy and are necessary to fulfil their purpose.
All CCTV footage will be kept for approximately 90 days for security purposes, after which time will self-delete. Any CCTV footage which has saved on the system for investigative purposes is deleted once the case is completed.
Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.
The data controller in respect of our website is Data Privacy Manager, 31 Lisson Grove, NW1 6UB. You can contact the data controller by writing to Data Protection Team, 4C Hotel Group, 31 Lisson Grove, NW1 6UB or sending an email to firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information Commissioners Office
0303 1231113 (local rate)
01625 545745 (national rate)