- Our COMMITMENT TO PROTECTING PRIVACY
We consider you an important customer. Our first priority is to offer you exceptional stays and experiences. Your complete satisfaction and confidence in us is absolutely essential to us.
That’s why, as part of our commitment to meeting your expectations, we have set up a customer personal data protection policy. This policy formalizes our commitments to you and describes how we use your personal data.
- Our PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA
In accordance with applicable regulations, in particular the European General Data Protection Regulation, the Cruachan Hotel has established the following principles:
- Lawfulness: We use personal data only if:
- we obtain the consent of the person, OR
- it is necessary to do so for the performance of a contract to which the person is a party, OR
- it is necessary for compliance with a legal obligation, OR
- it is necessary in order to protect the vital interests of the person, OR
- we have a legitimate interest in using personal data and our usage does not adversely affect the persons’ rights
- Fairness: We can explain why we need the personal data we collect.
- Purpose limitation and data minimisation: We only use personal data that we really need. If the result can be achieved with less personal data, then we make sure we use the minimum data required.
- Transparency: We inform people about the way we use their personal data
- We facilitate the exercise of the people’s rights: access to their personal data, rectification and erasure of their personal data and the right to object to the use of their personal data
- Storage limitation: We retain personal data for a limited period or for as long as we have your permission to keep it.
- We ensure the security of personal data, i.e. its integrity and confidentiality.
- If a third party uses personal data, we make sure it has the capacity to protect that personal data.
- If personal data is compromised (lost, stolen, damaged,) we notify such breaches to the respective country’s responsible authority and to the person concerned, if the breach is likely to cause a high-risk in respect of the rights and freedoms of this person.
- WHAT PERSONAL DATA IS COLLECTED?
At various times, we may collect information about you and/or the persons accompanying you, including the following:
- Contact details (for example, last name, first name, telephone number, email)
- Personal information (for example, date of birth, nationality)
- Information relating to your children (for example, first name, date of birth, age)
- Your credit card number (for transaction and reservation purposes)
- Information contained on a form of identification (such as ID card, passport or driver licence)
- Your arrival and departure dates
- Your preferences and interests (for example, preferred room, preferred floor, type of bedding, interests, food and beverages preferences, etc.)
- Your questions/comments, during or following a stay in the hotel
- Technical and location data you generate as a result of using our websites and applications.
The information collected in relation to persons under 16 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet).
In order to meet your requirements or provide you with a specific service (such as dietary requirements), we may have to collect sensitive information, such as details of health.
In the above case, we will only process this data if you provide your express prior consent.
- WHEN IS YOUR PERSONAL DATA COLLECTED?
The Cruachan Hotel may collect personal date on a variety of occasions, including:
- Hotel activities:
- Booking a room
- Checking-in and paying
- Hotel stays and services provided during a stay
- Eating/drinking at the hotel bar or restaurant during a stay
- Requests, complaints and/or disputes.
- Participation in marketing programs or events:
- Signing up for loyalty programs
- Participation in customer surveys (for example, the Guest feedback form)
- Subscription to newsletters, in order to receive offers and promotions via email.
- Transmission of information from third parties:
- Tour operators, travel agencies (online or not), GDS reservation systems and others
- Internet activities:
- Connection to the hotel Wireless Internet
- Connection to hotel website
- CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA
- We share your data with a number of authorised people and departments in the hotel in order to offer you the best experience.
The following teams may have access to your data:
- Hotel staff
- IT departments
- Commercial partners and marketing services
- Medical services if applicable
- Legal services if applicable
- Generally, any appropriate person within the Cruachan Hotel entities for certain specific categories of personal data.
In particular, the data related to your stays, preferences, satisfaction and, if the case may be, your loyalty program membership are shared between the different departments in the Cruachan Hotel. This data is used to improve the quality of service and your experience in the hotel.
- With service providers: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:
- External service providers: IT sub-contractors, banks, credit card issuers, external lawyers, dispatchers
- With local authorities: We may be obliged to send your information to local authorities if this is required by law or as part of an inquiry. We will ensure that any such transfer is carried out in accordance with local regulations.
- DATA SECURITY
Cruachan Hotel takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, we use Secure Trading which is a single point of contact for online payment processing, merchant card acquiring, and PCI compliance and cyber security services.
Organizational measures ensure the security of the processing.
- YOUR RIGHTS
You have the right to obtain information about and access your personal data subject to applicable legal provisions. Also you have the right to have your personal data rectified, erased or have the processing of it restricted. In the event that you wish to exercise any of your above rights, please contact us directly by sending an email to email@example.com
For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request.
We may modify this agreement from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation.