Privacy Policy

In this Privacy Policy references to “we” or “us” or “RTL” are to Ralph Trustees Ltd.

Ralph Trustees Limited operates a group of hotels comprising The Grove.

In order to provide our services, we will collect and use personal information about individuals. We are the Controller of all personal information we process pursuant to this Policy and we are responsible for complying with data protection laws.

If you have any questions about how we collect, store or use your personal information, you may contact us using the details set out in the “Contact Us” section 8.

This Policy sets out the legal grounds enabling us to process your personal information.

Where you provide personal information to us about other individuals (for example, members of your family or your employees) we will also be data controller of and responsible for their personal information. You should refer them to this Policy before supplying us data on behalf of others.

When you engage with us, such as make a booking or view our website, we will collect information about you and that engagement.  This may include information such as:

• General identifiers such as your name, address, email address, phone number, date of birth, gender, IP Address and relationship (if any) with any other RTL customers.
• Information about your job including job title, role, company and details about the industry you work in.
• Financial information such as your bank details and payment details.
• Information obtained during telephone recordings, or if you make a complaint.
• Information about how you have accessed our websites such as any pages or sections you have viewed on our website
• Information about electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication
• CCTV images when you visit our hotels and areas adjacent to our hotels
• Booking information including special requests, meal and room preferences.
• Any other information passed on from you or someone else making the booking on your behalf (for example, your areas of interest such as spa breaks or meetings).
• Customer intelligence and information (including photographs) obtained from publically available sources such company websites and social media sites by our research sales and marketing teams.
• Answers you provide when you respond to competitions, votes and surveys
• Information from specialist market research companies who provide us with additional personal information about you and your household such as income, number of children, occupation, social grade, home ownership status, the products and services you use or intend to use or purchase, and your interests.
• Any other personal information which you may disclose to us when you use our Services at any time

Sometimes we need to collect personal information by law, or under the terms of the contract we have with you. If you fail to provide that information when we request it, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with goods or services). In this case, we may have to cancel the product or service, but we will notify you if this is the case.

We will collect information directly from you when you engage with us:

• face to face
• via forms and satisfaction surveys
• by telephone
• by email
• via the CCTV infrastructure
• when you access our wifi service
• via our website, including cookies. You can find more information about this in our cookies policy which can be found here

We will also collect information indirectly when you engage with us via:

• third parties who are making the booking on your behalf (such as travel agents, OTA’s, company bookers and group organisers).
• specialist market research companies, who provide us with additional personal information about you and your household.
• publically available sources such as internet search engines, social media sites and online forums.
• write a review of your stay or engagement with us.

We will combine any personal information about you that we receive from you, from other hotels in our group, and from third parties.

Sometimes we will request or receive your “sensitive personal information” in order to fulfil services you have requested.  This may include information such as:

• Details of your health condition including any disabilities you may have where relevant for our spa facilities.
• Genetic or biometric data provided on your identification documents
• Racial and ethnic origin provided on your identification documents

We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so. All personal information that we obtain about you will be used in accordance with current data protection law and this Privacy Policy. We, or third party data processors acting on our behalf, will process your personal information as follows:

• As necessary, to perform a contract with you, such as a contract to process an order from you for one or more of our Services including, where applicable, taking payment and carrying out fulfillment and delivery.
• As necessary, to comply with a legal obligation, where you exercise your rights under data protection law and make requests; and to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity.
• As necessary, for our legitimate interests in providing the services and ensuring they operate safely, securely and in a commercially suitable way which is tailored to your use and interests, for example:
  • to provide you with the services;
  • to verify your identity for security purposes;
  • to help us to ensure our customers are genuine and to prevent fraud;
  • to ensure the security of our websites, mobile applications and other technology systems;
  • for the good governance of our business, including keeping financial records, to allow us to pay suppliers and to charge, invoice or refund customers;
  • to search credit reference agencies before we provide you with credit;
  • by using CCTV, to prevent and detect crime
  • to record and investigate health and safety and other incidents which have happened or may have happened
  • to provide you with information about our services, to contact you about administrative matters, and to manage and respond to any queries or complaints you make or any correspondence you send us;
  • to help us to return lost property to its rightful owner;
  • to send you marketing communications which may be of interest to you. These may include information about stays, events, promotions, offers, information about the hotel and the surrounding area
  • for the purpose of marketing our services where applicable, processing your personal information, creating custom marketing audiences on third-party websites such as Facebook, and profiling and automated decision-making relating to our marketing;
  • for market research and statistical analysis and to analyse the use of our services so that we can improve them.
  • Based on your explicit consent, when you provide us with sensitive personal information about your health, to provide you with tailored services (for example, spa treatments)

From time to time, we may share your personal information, as follows:

Within RTL

We may share your personal information internally between our departments or RTL hotels.   We will do this via access to internal reports and centralised IT and marketing systems.

With third parties and service providers working on our behalf

We may share your personal information with our third-party service providers, agents, sub-contractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, to process payments and send you emails). However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

Third-party product providers we work in association with:

We work with carefully selected Online Travel Agents (OTAs, e.g. Booking.com). When you inquire about us or book with these third parties, the relevant third-party will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. They will be acting as a data controller of your information and we therefore advise you to read their Privacy Policy. These third-party product providers will share required information about you with us (e.g. room type purchased and dates of stay) that we will use in accordance with this Privacy Policy.

When you are using our secure online booking system, your purchase is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions.

We will also disclose your personal information to third parties in the following circumstances:

• if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
• if we or substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
• if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
• in order to enforce or apply Our Terms of Use or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
• to protect the rights, property, or safety of us, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.

Save as expressly detailed above in this section, we will never share, sell or rent any of your personal information to any third party without notifying you and/or obtaining your consent.

If you would like further information regarding the disclosures of your personal information, please see the “Contact us” section below for our contact details.

We have a legitimate interest to market to you.  We use your personal information to provide you with information about RTL’s hotels, services or events which may be of interest to you as one of our past or prospective customers. These may include information about stays, events, promotions, offers, information about the hotel and the surrounding area

If you wish to opt out of marketing, you may do so by clicking on the “unsubscribe” link that appears in all emails or telling us when we talk to you.

Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.

We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this Privacy Policy.

We are also required to keep certain information in order to comply with our legal and regulatory obligations.

The exact time period will depend on your relationship with us and the type of personal information we hold. We may be required to retain the personal information for longer periods e.g. to establish, exercise or defend legal rights, such as responding to customer personal injury complaints.

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 8.

RTL carries out automated processing.

We will combine any personal information about you that we receive from you, from other hotels in our group, and from third-parties in order to create marketing profiles.

Marketing profiles include personal information such as information about services you have used, information about when you have visited our hotels in the past, demographic data and, where you have agreed, data from your social media profiles.

For example, we may analyse the personal information of people who have used our services in the past and then compare them with other people in our database. If we identify people in our database who have similar personal information, we may then target marketing to those people, for example by sending direct marketing emails. We may conduct the profiling and marketing automatically.

We conduct these automated decision-making and profiling activities for our legitimate interests in providing the services and ensuring they operate in a commercially suitable way which is tailored to your use and interests.

Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in section 8.

In some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why.

You have the right to:

Request access to your personal information

This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.

Request correction of the personal information we hold about you

This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new information you provide us with.

Request erasure of your personal information.

This enables you to ask us to delete or remove your personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons. We will notify you of these, if applicable, at the time of your request.

Object to the processing of your personal information

Where we are relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms, e.g. a requirement imposed on us by law.

Request restriction of the processing of your personal information

In some cases, e.g. questions over accuracy, lawfulness, the requirement to hold data or your objection to data usage, you may ask us to suspend the processing of your personal information.

Request the transfer of your personal information to you or to a third party.

If required, we will provide you or a third party of your choice with your personal information in a structured, commonly used, machine-readable format. Note, this right only applies to automated information that you initially provided consent for us to use or information that was used to perform a contract with you.

Withdraw consent at any time

Where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent we may not be able to provide certain products or services to you. We will advise you if this is the case at the time.

Please note that for some purposes, we need your consent in order to provide you with a service. If you withdraw your consent, we may need to cancel your reservation, booking or service. We will advise you of this at the point you seek to withdraw your consent.

Lodge a complaint with the ICO

You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.

We use a range of organisational and technical security measures to protect your information, including firewalls and access controls, which we review periodically. We also ensure that our employees receive appropriate data security training.

If you would like further information about any of the matters in this Privacy Policy or have any other questions about how we collect, store or use your personal information, you may contact our data protection adviser by using the contact details provided below:

Data Protection Enquiries
Ralph Trustees Limited
116 Piccadilly
London
W1J 7BJ

dataprotection@ralphtrustees.co.uk

We may need to make changes to this Privacy Policy periodically, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally.

This Privacy Policy was last updated on: 18 April 2019.