General Data Protection Regulation (GDPR) & Privacy Notice
The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU.
This Privacy Notice provides clear information on:
— How we collect your personal data;
— The types of personal data we collect;
— How we use your personal data;
— How we store and protect your personal data;
— Our legal obligations relating to the use of your personal data;
— Your rights relating to personal data that we hold about you;
— Your right to access data held about you;
— Our Cookies Policy.
How we collect your data
Most of the personal data we process is provided to us directly by you, or an agent/representative acting on your behalf. It is collected when you or the agent:
— Makes a booking or completes an enquiry on our website;
— Provides information to us in an email or a letter;
— Provides information to us by telephone;
— Speak to us in person;
— Sign up to attend an event;
— You visit our websites and enter data through a web form. For example, sign up to receive a newsletter;
— You respond to a job vacancy whether directly or via an agent or recruiter (speculatively or in response to any ad).
The data we collect
The personal information we collect is to make your booking with us or to answer an enquiry about our services. This can include any or all of the following:
— The full name(s) and address(es) of the person(s) making the booking / enquiry;
— The email address of the person(s) making the booking / enquiry;
— The telephone numbers of the person(s) making the booking / enquiry;
— The names of all guests staying as part of the booking;
— The names of those making payments for all or part of the booking;
— Transaction Data including details about payments to and from you and other details of products and services you may have purchased from Newhall Mains;
— Any additional information you provide e.g. food or other allergies, dietary requirements, special requests, etc.;
— Security Data including CCTV footage to help maintain the safety of our guests, patrons, staff, suppliers and other visitors to our locations.
How we use your personal data
The personal information provided to us will only be used in connection with the services we are providing to you and in a way that you have provided permission.
We will use your personal information to:
— Process your booking and provide confirmation details;
— To personalise and improve your customer experience;
— Obtain and confirm payments for our services via cheque or bank transfer;
— Respond to any questions or comments via e-mail, telephone or by social media;
— Provide additional information that may be useful to you or is requested;
— Request feedback about your stay with us;
— Return any items that you may forget to take with you on check-out;
— Provide you with details of discounts and other promotions or information (where you have granted permission).
How we store your data and keep it secure
We will only retain your personal data for as long as reasonably necessary to enable us to provide you with the services that you have requested from us, fulfil any other purpose we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We take all reasonable technical and organisational precautions to store your information in a secure manner and to prevent its loss or misuse.
Disclosures of your personal data
We will not disclose any personal data we hold to any third parties, unless with your express and documented permission. We may however disclose your personal data to third parties where it is required by law and evidence of this will be retained.
Under data protection legislation, you have certain rights as an individual which you can exercise in relation to the data, we hold about you. You may request that we provide you with any personal information we hold about you. We may need to request specific data from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Request for deletion of personal data
You also have the right to request that we delete and destroy your personal data. Subject to providing evidence of your identity (see above) we will be happy to comply with a request to delete your data.
Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Newhall Mains uses CCTV. These systems are in place to for the safety and security of staff, guests, visitors, for the protection of the hotel and bar, to increase personal safety particularly at night, when staffing numbers are lower and for the protection of artefacts held within the buildings. Newhall Mains does not use these systems for anything other than personal safety and the safeguarding of properties.
Newhall Mains retains all recorded information for 28 days only, unless there is a specific reason to hold onto the footage for longer, for example a health and safety action or for criminal evidence. An individual has a right to access their own image by submitting a Subject Access Request, however, does not have the right to the images of other guests or visitors to any of our locations.
Police Scotland or the Courts may ask for a recording to be used as evidence. The Police must request footage via the relevant release forms, and these will be approved and released by a member of our team. Any enquires relating to CCTV footage must be directed to firstname.lastname@example.org.
Cookies are small text files that may be stored on your computer or mobile device that contains data related to our websites. For example, a cookie may allow us to track or remember your actions or preferences over a period of time.
Cookies can be set by us and these are called first party cookies. Where cookies are set by another domain other than Newhall Mains, these are called third party. For avoidance of doubt, Cookies cannot be used to identify you personally.
For more information about cookies, please visit https://www.allaboutcookies.org/ or https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies+and+similar+technologies.
— Remember information about you, so you don’t have to give it to us again.
— Keep you signed in, even on different devices
— Help us understand how people are using our services, so we can make them better
— Help us personalise your customer journey by remembering your preferences and settings.
— To find out if our emails have been read and if you find them useful
For any further information about this Policy please contact: