Privacy & Cookies Policies
- Cookies Policy
● A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
● Cookies can be used by web servers to identity and track users as they navigate different pages on a website and identify users returning to a website.
● Cookies may be either “persistent” cookies or “session” cookies.
● A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date).
● A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
We use only session cookies on this website.
Third party and analytics cookies
● When you use our website, you may also be sent third party cookies.
● Our advertisers / service providers may send you cookies. They may use the information they obtain from your use of their cookies:
- to track your browser across multiple websites;
- to build a profile of your web surfing; and
- to target advertisements which may be of particular interest to you.
Cookies and personal information
Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies.
Most browsers allow you to refuse to accept cookies. For example:
● in Internet Explorer you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
● in Firefox you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
● in Chrome, you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
Blocking all cookies will, however, have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on this website.
You can also delete cookies already stored on your computer. For example:
● in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at http://support.microsoft.com/kb/278835);
● in Firefox, you can delete cookies by clicking “Tools”, “Options”, “Privacy” and then “Show Cookies”, and then clicking “Remove All Cookies”; and
● in Chrome, you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Delete cookies and other site and plug-in data” before clicking “Clear browsing data”.
Again, doing this may have a negative impact on the usability of many websites.
As HOST 2 Ltd (HOST) we are a data controller. Our Director’s office is located at Somerset Energy Innovation Centre, Woodlands Court Business Park, Bristol Road, Somerset, TA6 4FJ.
Personal Information we need
Here at HOST we process personal data to make, amend, cancel and allocate rooms booked, process payment details, provide meals, car parking and other services when required. In addition to this we also answer enquiries, gather feedback and directly market our services and facilities. We do this in our legitimate interest to promote our business and improve on our services.
Most of, if not all of, the information we gather from you is when bookings or requests are made to use our services via telephone or website. We do receive data from other forms such as social media.
The main data collected is:
Personal data – Title, name, postal and email addresses, IP addresses and contact telephone numbers. To complete bookings we also need your business number or equivalent.
Business Information – Needed for all bookings as a contracted accommodation provider and where bookings or enquiries are taken on behalf of the guest, we obtain business name and address of the guest’s employer.
Transaction information – Payment, booking details, meal purchases where appropriate and car parking if provided.
Customer feedback – via telephone, email or questionnaires.
We need your information to:
Fulfill our contractual obligations to you or to take steps to enter into a contract
Make amendments to bookings
Provide customer services and resolutions
Communicate with you
If the information we request is not provided this may result in us not being able to enter into a contract with you or fulfill our Legal Obligations.
Please be assured that we will never ask you to provide any personal sensitive information. If you choose to give us any sensitive information such as medical information this is achieved with your consent. We will only pass this information on if it would be in your vital interest for example, to the food and beverage department in the event of a food allergy or to medically trained staff.
The legal basis for processing your personal data
We want to offer you a genuine choice over how we use your data. We will only send you marketing information with your consent and via the methods of your choosing.
Necessary for the performance of a contract
We need to collect data from you to fulfill our contractual obligations to you or for the purpose of establishing a contract with you. Our contract being the making and managing of your booking.
We may need to obtain and keep your personal data to fulfill our responsibilities to our regulators and legislation for tax, financial, health and safety and legal reasons etc.
Legitimate Business Interests
We have a legitimate interest in conducting our business and resolving any questions queries or complaints. We reserve the right to request evidence to support claims or complaints. We may need to keep records for internal audits. Where we have used legitimate interest as the lawful basis for processing, we have carried out a balancing test for everyone’s interests. We anonymise or delete personal data when no longer needed for processing. We will respond to any comments or posts on social media as this is in our legitimate interest to respond to you and allows us to answer your questions, queries and address feedback.
If you or someone on your behalf provides any information regarding your health, allergy/dietary or accessibility needs, we will disclose this information if it is in your vital interest.
To detect and prevent crime on Campus sites we use CCTV as part of our licensing and Nuclear Licensed Site Regulations. We monitor and record CCTV, to protect our premises, for the security of individuals and for the detection and prevention of crime.
Developing and Marketing Products/Services and Sales
For raising brand awareness, we only market our own business and do not market for third parties. We market our offers by email, text and phone calls. We may use your data to provide promotional offers to you. This will be done only with your consent. You can withdraw your consent at any time by contacting sales and marketing at our central office or via phone 01278 559434 at or via email email@example.com or replying with opt out on emails sent. Please be aware that even after you opt-out or update your marketing preferences, we may still contact you for transactional or informational purposes. These include, for example, questions regarding a specific reservation.
For some of our processing activities it is essential we use third party service suppliers. Your personal data is entered where this is strictly necessary to provide the service to you and in our legitimate interest. We use a software provider to administer bookings and process payments and a software provider to obtain guest feedback to allow us to make positive changes to the business. Our housekeeping and maintenance services are provided via subcontractors. We use a security company to keep the premises secure and monitor CCTV. Our website is managed for us externally. We may need to provide your personal details to our insurance providers and such like.
How is your data protected?
We employ reasonable and current technical, administrative, and physical safeguards that are designed to prevent unauthorised access, maintain data accuracy, and designed to ensure correct use of personal information.
We maintain reasonable technical, electronic, and organisational security procedures to maintain the security of Personal Information and safeguard Personal Information against unauthorised or unlawful processing and/or against accidental or unlawful loss, alteration, disclosure or access. Our security procedures include contractual terms with any contractors, agents or data processors that require such entities to protect the security and confidentiality of Personal Information in accordance with our standards. While we strive to protect your Personal Information, we cannot ensure the security of the information you transmit. It is your responsibility to safeguard any email or password that you have created or used in connection with any service or site and to notify us if you ever suspect that the security and confidentiality of such email or password has been compromised in any way.
When we transfer your personal information outside of the EEA we make sure it is protected by either ensuring the country is deemed adequate by the EU; transferring it to organisations with the privacy shield or by having a contract in place that ensures the recipient will protect it to the same standard as the EEA. To achieve this, we use the Standard Contractual Clauses published by the EU.
Even if you do not provide us with any Personal Information, we collect certain non-personal information about how you use our site. This information cannot identify you and is used for statistical purposes only.
Disclosure of your Personal Information
We only process and share your Personal Information, including sharing with service providers or other external entities, to the extent reasonably necessary to fulfil your requests and meet our legitimate business and legal objectives. When we disclose Personal Information to external entities to perform services for us, we establish by contract that they may access your Personal Information only for the purposes of performing those services. We disclose your Personal Information to payment providers, technology providers, insurers (only if required, for example, after an accident) and other professional service providers to process bookings, process payments and manage bookings. Car registration and identifying number will be shared with the projects parking management companies to confirm the validity of parking on and around the campuses during guest stays and visits.
If a debit or credit card is used for payment, we use a third party to check the validity of the bank account and card. This is for fraud prevention.
We do not use automated decision making. We use and keep data to fulfill our contractual agreement and to provide a service, to respond to questions or complaints. We obey rules regarding record keeping, uphold legal rights and balance if it is in our and your legitimate interest. We keep data in line with any statutory limitation periods and for tax, regulatory or legal purposes.
Data Rights and Complaints
You have a number of rights with the data we have.
- Right of access: You have the right to obtain from us confirmation as to whether or not Personal Information concerning you is processed, and, to request access to the Personal Information. The access information includes, among other things, the purposes of the processing, the categories of Personal Information concerned, and the recipients or categories of recipient to whom the Personal Information have been or will be disclosed. This is not, however, an absolute right, and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of your Personal Information undergoing processing.
- Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Information about you. Depending on the purposes of the processing, you have the right to have incomplete Personal Information completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten): Under certain circumstances, you have the right to obtain from us the erasure of Personal Information concerning you, and we may be obligated to erase that Personal Information.
- Right to restriction of processing: Under certain circumstances, you have the right to obtain from us restriction of processing your Personal Information. In that case, your data will be marked and may only be processed by us for certain limited purposes.
- Right to data portability: Under certain circumstances, you have the right to receive the Personal Information about you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another entity without hindrance from us.
- Right to object: Under certain circumstances, and at any time, you have the right to object, on grounds relating to your particular situation, to the processing of your Personal Information by us, and we can be required to no longer process your Personal Information.
Where you exercise any of these rights your Personal Information will be used to comply with your request in accordance with our legal obligations.
These rights may be limited, for example if your request would reveal Personal Information relating to another individual or if you would like to erase data that we are required to keep by law.
If you wish to exercise any of these rights, please contact us via our Contact Us page or email firstname.lastname@example.org or via post at DPA@HOST, Sedgemoor Campus, Bath Road, Somerset, TA6 4DE.
You also have the right to make a complaint with the data protection supervisory authority Information Commissioners Office they are contactable using the following link https://ico.org.uk/make-a-complaint/ Or via telephone 0303 123 1113. With your consent we will disclose your Personal Information to Ombudsman services and Citizens advice.
How long do we keep your data for?
We keep your data to fulfil our contractual obligations, where required by law, to respond to a question or complaint, to follow guidelines on record keeping and for legal rights. In addition, when it is in our Legitimate Business Interest or in the Vital Interest. Where data is processed under consent this is for as long as stated or for the timescale of the purpose it was obtained. We keep data in line with legal requirements, regulatory purposes and statutory limitation periods.
The timescales are dependent on the purpose of the processing, where the same data is processed for two purposes, we will retain it for the longest timescale. Examples of our timescales are as follows:
CCTV recordings for up to 31 days
Accident forms for 3 years after the accident or for 3 years after the 18th birthday of a minor
Financial information for a period of 7 years
The information may be kept for longer than these timescales if it is found to be strictly necessary or for less time if we no longer need the data for the purpose, we obtained it.
If you have any questions or queries regarding your rights or the information we process, please contact us at:
Mailing Address: Data Protection Administrator, HOST, Sedgemoor Campus, Bath Road, Bridgwater, Somerset, TA6 4DE.