By providing us with your personal data, whether through the Group websites or otherwise, you consent, agree and accept that we, as well as our respective representatives and/or agents may collect, use, disclose and share among ourselves your personal data as described in this policy.
Who we are
Legacy Hotels & Resorts is registered as a data controller with the Information Commissioner’s Office. Our brand hotels are also covered by an ICO registration. The current registration details are:
Data Controller Name: LEGACY HOTELS & RESORTS
Registration Number: Z9337904
Date Registered: 17 January 2006
What information do we collect about you?
We collect information about you when you register with us on our website, login to our website or applications (directly or by using social media logins), or commence or complete an online transaction to use our products and services. We collect information about you when you contact our reservations team to make a booking or use the facilities at any of our hotels and restaurants. Facilities include, but are not limited to, Spa, bar and restaurant, function rooms, and guest Wi-Fi. We have CCTV installed in all of our premises in public areas and particularly around entrances and exits; this is for the purposes of prevention and detection of crime and employee monitoring.
We also collect information from you when you sign up to any of our loyalty programmes, subscribe to any of our marketing communications, complete our voluntary customer surveys, enter our competitions or provide feedback. These may be carried out online, by telephone or in person.
Some of the information we collect may be classed as personal data, that is, it is information about an individual who can be identified from it. It may be collected any time you submit it to us, whatever the reason may be.
In doing business with you, typically we will collect:
- Full or partial contact details including names and addresses (including business details if you are making a corporate booking), telephone and email details.
- If you have special requirements then it may also be necessary to collect details about diet or disability or any other preferences that you may have.
- Car parking arrangements at our hotels and restaurants may also make it necessary for us to collect your car registration number for your visit to us.
- We collect payment card information from you should you choose to use this form of payment for purchasing or guaranteeing use of our products and services. You may choose to store this information with us when booking online, for the purpose of making your future Legacy Hotel bookings more quickly, via our secure online PCI DSS accredited facility.
- If you choose to connect with us via social media links, for example such as Facebook or Twitter, we may collect your user name, your name (including surname) and email address, your gender, and your location. We may also collect your birthdate and other significant dates for making special offers to you around your birthday and other anniversaries.
- From our overseas guests we may also collect passport details.
If you provide us with any personal data relating to any third party (e.g. information about your spouse, children, employees or colleagues) for particular purposes, by submitting such information to us, you warrant and represent to us that you have obtained the consent of such third party to provide us with their personal data for the respective purposes.
How will we use the information about you?
We use the information we collect about you to process your bookings, answer your queries, process your gift card and voucher purchases, provide our hotel and restaurant facilities and services, and enable you to manage your website user account.. With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about other related products and services we, or our group business, provide which we think may be of interest to you. Our marketing communications are generally sent by email.
We may use your information collected from the website, via cookies or direct input, to personalise your repeat visits to our website and send triggered messaging emails to you.
We may use your information to meet and comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory body which are binding on us; and for purposes which are reasonably related to the aforesaid.
We operate a centralised reservation system use of which is shared by all hotels in our group. This means that any personal data you have shared with us for booking purposes is available in that system to all our group hotels for reservations and marketing purposes.
We sometimes engage the services of trusted third parties to process the information collected by generating anonymised statistics to assist us with our marketing campaigns and business analysis. We do not disclose this anonymised data outside of our business group. It is not possible for the business to identify an individual from such anonymised data presented in our internal reports.
As a business, we rely on a few third parties services to make sure we are efficient and effective. We use WeddingDates (SaaS), Guestbook and HotelREZ for example. GDPR compliance is a prerequisite in our vendor selection process.
We share your data with businesses in the Legacy Hotels Group through our reservation systems.
Where we use contracted and trusted third parties to facilitate our provision of services and offers, we will also share your data with those parties for that purpose. This includes the processing and delivery of marketing communications to you, processing review and upgrade services and any other third party services engaged to perform a business support, operational or administrative function.
Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes.
We do not share your data with any third parties outside of the above processing arrangements and we do not share your data with any business external to our group for their own marketing purposes. From the data we collect, you should only ever receive marketing communications from our own brands and hotels. The exception to this is if you have additionally agreed to receive communications from external third parties, via take up of our special third party promotions, competitions and club memberships. These are third parties with whom we have agreed commercial relationships. For example, other retail, leisure and hospitality businesses.
We may also disclose personal data as permitted or required by law. For instance, if asked by the authorities, such as the police or HMRC, we may share your personal data with them for the purposes of prevention and detection of crime. Information is not shared with them outside of this purpose.
Transaction and Information Security
We understand how important it is to securely store any information that you provide. Legacy Hotels & Resorts take the privacy and security of your payment and personal details very seriously. Although we take reasonable care to keep your personal data secure, we cannot be held liable for any loss you may suffer from unauthorised access or loss of any data provided to group websites. As part of our security measures, we use encryption technologies for online transactions via our websites.
Should you choose to store your credit card details with us via your website user account, for the purpose of making future booking transactions, we will store this information with our secure third party payment gateway which is accredited for PCI DSS (Payment Card Industry Data Security Standards).
Our guest Wi-Fi service is provided by contracted trusted third parties, depending upon which hotel site you are visiting. If you choose to use the service to access web sites or content provided by third parties or purchase products from third parties, then your personal information may be available to the third-party provider. The way third parties handle and use your personal information related to the use of their services is governed by their policies. Legacy Hotels & Resorts have no responsibility for their policies, or third parties’ compliance with them. Our guest wireless/wired systems use radio channels or local area networks to transmit voice and data communication information; privacy therefore cannot be guaranteed, and Legacy Hotels & Resorts shall not be liable to you for any lack of privacy you experience while using the service.
Whilst we take reasonable, appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the internet can ever be totally guaranteed secure. Consequently, please be aware that we cannot guarantee the complete security of any personal data that you transfer over the internet to us whilst in transit. Sending such information is entirely at your own risk.
We advise that you follow general internet security guidelines:
- Always log out and close the website browser when you complete an online session, especially if you are using a computer or terminal in a public location.
- Keep your online account passwords private. Our online accounts are intended for single guest use and link information provided to your guest record.
- When creating a password, use at least 8 characters. A combination of letters and numbers is best. Dictionary words, your name, email address, or other personal data that can be easily obtained are best avoided for passwords.
- Avoid using the same password for multiple online accounts.
We would like to send you information about other Legacy Hotels & Resorts products and services, which we believe may be of interest to you. If you have consented to receive our marketing, you may opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted, you can unsubscribe by any of the following methods:
- selecting the UNSUBSCRIBE link included in our emails or on our website;
- contacting our Marketing Team – E-mail
In the event that our business is transferred, sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s advisers and may be passed to the new owners of the business.
Accessing and Amending your Personal Information
You have a right to access a copy of the information which we hold about you. If you would like to do this, please email or write to us at the following address. We reserve the right to make a small charge of £10 for these requests as per the terms of the Data Protection Act.
Information Governance Manager
Legacy Hotels & Resorts
3 Henley Court
Prince Harry Road
Henley In Arden
We want to make sure that your personal information is accurate and up to date. You are able to make amendments, or withdraw your consent for use, by telling our reception staff when you check in at any of our hotels, contacting our central reservations team or by contacting our Information Governance Manager.
If you withdraw your consent to any or all use of your personal data, depending upon the nature of your request, we may not be able to provide or continue providing our products and services to you, or administer any contractual relationship already in place. You understand and agree that in such instances where we require your personal data to fulfil a contractual obligation to you and you withdraw your consent to collect, use or disclose he relevant personal data for those purposes, we cannot be held liable for breach of that agreement. Our legal rights and remedies in such event are expressly reserved.
Retention of Information
Your personal data will be retained for as long as it is necessary to fulfil the purpose for
which it is collected or for business or legal purposes, or in accordance with applicable laws.
Should you choose to unsubscribe from our mailing list or if your membership expires, please note that your personal data may still be retained on our database to the extent permitted by law.
By using our website, you agree to our Website Terms & Conditions.
IT IS IMPORTANT TO KNOW THAT WE WILL ONLY STORE INFORMATION THAT YOU HAVE VOLUNTARILY AND EXPLICITLY GIVEN US. THIS IS ESSENTIAL TO PROGRESS ONLINE BOOKINGS.
By using our websites, you agree to us using cookies as set out in our Statement on Cookies.
COOKIES – INFORMATION
Read through this section for all you need to know about what cookies are and how we may use them.
What are cookies?
Cookies are small text files placed on your computer by us or our partners. They let us identify the device you’re using – but not you personally. This information is sent back to our systems as you move around our website.
Cookies are unique to the web browser you’re using – so if you’re using a desktop computer as well as a mobile, different data will be collected for each.
Cookies can be set by the owner of the website you’re on. These are known as 1st Party Cookies. There are also 3rd Party Cookies that can be set by partner websites. Only the owner of the cookie can see the anonymous information it collects.
You can choose to accept all cookies, reject 3rd Party Cookies or reject all cookies by changing your internet browser settings. If you don’t accept cookies, some features of our website won’t work.
Improving your experience
Refusing cookies and changing your mind after you’ve accepted.
You can change your browser settings to accept or refuse all cookies, choose which cookies you want or don’t want, or ask to be notified when a cookie is set. Use the help feature in your browser to see how.
Changing your mind after you’ve accepted our cookies
Our Booking Engine Cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We also use Google analytics and Guestbook (our loyalty programme) and have the below cookies.
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Phishing is the practice of tricking someone into giving confidential information. Examples include falsely claiming to be a legitimate company when sending an e-mail to a user, in an attempt to get the user to send private information that will be used for identity theft and fraud.
We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from Legacy Hotels & Resorts asking you to do so, please ignore it and do not respond. You can contact our Central Enquiries Team or Information Governance Manager to report it or if you are unsure.
Links to Other Websites
Have a question?
All other questions on our use of your personal data should be directed as follows:
Data Protection Enquiries & Concerns: E-mail