GDPR Statement & Data Usage
HotelRes was formed in 1999 and now has many years’ experience booking accommodation and venues for their corporate clients.
HotelRes Ltd is registered companies in England and Wales. HotelRes company registration number is 3663230.
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which will come into force in May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
How will HotelRes comply with the GDPR?
Our GDPR preparation started in September 2017 and as part of this process we are reviewing (and updating where necessary) all our internal processes, procedures, data systems and documentation to ensure that we are ready when GDPR comes into force in May 2018.
Our GDPR Principles are:
- Data is processed fairly and lawfully.
- Data is processed only for specified and lawful purposes.
- Processed data is adequate, relevant and not excessive.
- Processed data is accurate and, where necessary, kept up to date.
- Data is not kept longer than necessary.
- Data is processed in accordance with an individual’s consent and rights.
- Data is kept secure.
- Data is only shared with venues and suppliers once a client confirms they wish to proceed with a booking. Data is not shared for any other reason.
- Data is only transferred to countries outside the European Economic Area when the client has asked us to book a venue in this location for them. We then provide the minimum data necessary to secure the booking. Only Business Data is transferred, this is sent in an encrypted email attachment.
HotelRes also processes data to comply with the eight principles of the UK Data Protection Act 1988.
How we use Data?
HotelRes use a client’s data to reserve hotels, venues and third-party suppliers on their behalf. The client company, booker and guest names are only given once the client has given us their explicit consent to confirm a booking.
Data Stored On Our Booking System TAMs
We collect the following information when you start using us as a client:
Account Information: This is the information required to create an account on our system and allow us to identify you and provide the contracted service. It will include your name, address and contact information. For online accounts an email address is required but for other types of account it may be a telephone number or something else. We will use your contact information to provide confirmations and information on bookings you make though our service. In some cases we may ask for your consent to use your contact information to provide information on special offers, surveys, updates to our terms and conditions, service status information or event specific information.
Profile Information: In addition to account information we may also hold various profile information for instance your dietary needs, access requirements, loyalty cards or preferred hotel room type. This information is optional but not providing it may affect the quality of the service we provide.
Booking History: We keep a record of venues and events you have previously booked both to improve the quality of the service we provide to you and for our own financial reasons to manage our relationship with venues.
Financial Information: In most cases we will also need to hold your credit card details. These are used to guarantee accommodation and pay deposits or pre-payments. Generally you can choose an alternative payment method on arrival but a guarantee method is required when booking.
Cookies: Cookies are used only to manage your login session when you connect to our online booking tool. We do not use cookies for profiling or marketing purposes.
Server logs: In order to meet our technical needs of managing the online booking service we log all accesses to our servers, the IP address they originated from, the web browser used and the time that the access occurred.
How long do we hold the information?
In general we hold account, profile, booking history and financial information for 7 years from the date of your last booking. In some cases (such as where there is a financial dispute with the venue) we may hold your details until the situation is resolved.
Cookies are preserved for the length of your login session. These are deleted either when you log out or when you close your web browser.
Server logs: We keep detailed server logs for around 6 months. Anonymised information (with IP addresses, account details and other private infomration removed) may be stored for up to 2 years to manage long term trends.
Who do we share the information with?
Your personal information is shared only as is required to provide the booking service you request. If you make a booking through our service we will pass on your name and contact details to any venue or event that you book as well as financial information required by the venue to guarantee the booking. If you have provided details of personal preferences we may pass this on to the venue where appropriate (for instance to ensure that a vegan meal is available at an event).
In some cases bookings are made through a 3rd party system managed by Travelport (www.travelport.com) or Booking.com and in these cases we may also share your details with that service.
We also manage your booking through a booking tool provided by SJJB Management (www.sjjb.co.uk). As part of our day to day operations we may share your details with them for the purposes of software support and to facilitate their technical needs in managing the booking tool.
How is your data protected
As required by UK and European data protection laws we take all reasonable precautions to secure your data and restrict access to those staff with a need to access it. We encrypt your data both in transit and, for sensitive information, on our servers as well as maintaining physical security.
Data Stored On Our Sales System
We also store our clients’ email addresses in our Sales Database, at present this is HubSpot, which is username and password protected. This data is used by HotelRes staff only. We use this in conjunction with MailChimp to send out important news and information to our clients. We also store details of sales appointments, meetings and conversations in this database. You have the right to view these notes at any time. Please ask your account manager to send this information.
Guest Details
HotelRes understands that you are making bookings on behalf of your employees, guests and delegates, and by giving your consent to HotelRes you are granting permission for us to pass on the guest names to the hotel, venue or supplier. We only pass on this information to our suppliers once you have given us your explicit permission to confirm a booking. We will only share your email address, business address and credit card information if it is required to guarantee your booking or for a contract. Our booking system stores all your guest’s names, their individual preferences and loyalty card details. All data stored is secure and encrypted.
HotelRes treats all guest data the same. Any guest information given to us by a client, regardless of whether or not that guest is an employee of our client, will only ever be used for managing the bookings authorised by HotelRes’ clients. This guest information is stored in our booking system, TAMS. Information stored in TAMS is used solely for managing bookings which have been explicitly authorised by our clients. It is never used for marketing or any other commercial purposes. We do not store any personal information or contact details for individual guests, only their names and their companies.