Privacy Policy

DANIEL THWAITES P.L.C. – PRIVACY POLICY

Daniel Thwaites P.L.C. processes your personal data, as a controller, and is committed to protecting your personal data.

This Privacy Policy is provided to fulfil our obligations under the General Data Protection Regulation (GDPR), and details how we collect and process your personal data and your rights.

Personal Data we collect

Personal Data we collect, hold and process about you, provided by you, may include:
• Contact information – such as: name, address, email address, telephone number
• Credit Card and other payment account and billing information
• Correspondence if you contact us
• Guest stay details (date of arrival, departure etc.)
• Purchase/transaction details and history
• Vehicle Registration details
• CCTV coverage, key card and other security systems

How we collect Personal Data

Personal Data may be collected:
• Directly from you by phone, email, post
• Directly from you in person
• Directly from you through our website e.g. online booking
• Through another online booking channel you used
• From your travel agent

How we use your Personal Data we collect

Personal Data may be used for the following:
• To process, administer and manage your booking, orders, contracts, accounts and enquiries
• To collect payment from you
• To administer and manage our relationship with you, which may include asking you to complete feedback forms/surveys
• Communicate any information about any booking, reservation or agreement you have with us or have enquired about
• To resolve an enquiry, acknowledge feedback or progress a complaint.
• To send information relating to our loyalty scheme
• Administration and management of our promotions
• Where required by law
• Where necessary to protect your health and well being or that of another individual

Sharing and Disclosing your Personal Data

We may disclose your personal data to payment providers, technology providers, insurers and other specialist professional and technical advisers, to manage bookings, arrange payments and provide services.

Personal data may also be shared with regulators, government authorities and/or law enforcement officials for the prevention/detection of crime.

Marketing

We will not use your personal data for our marketing purposes without first obtaining your express consent.

How long we retain your Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes we have collected it for, and for the purpose of satisfying any legal, accounting or reporting requirements.

The appropriate retention period will depend upon the purpose for which we are processing the data and where the data is processed for two or more purposes, we will retain it for the longest period.

We consider our retention periods, which range between 2 and 7 years, to be appropriate and fair.

We may by law have to retain certain information and this data will be held solely and securely for legal purposes.

Your Rights

Pursuant to applicable law you have the:
• Right to be informed – you have the right to know how your personal data is being used
• Right of access – you have the right to request a copy of the information we hold about you
• Right of rectification – you have a right to ask that we correct data that we hold about you that is inaccurate or incomplete
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
• Right to restriction of processing – if you believe the basis for processing your data no longer applies, or if you contest the accuracy of the information we hold about you, you have a right to request restrictions to the processing of your data
• Right of portability – you have the right to have the data we hold about you transferred to another organisation
• Right to object – you have the right to object to certain types of processing such as direct marketing
• Right to object to automated processing, including profiling – you also have the right to not be subject to the legal effects of automated processing or profiling

Data Security

Daniel Thwaites P.L.C. has put in place appropriate technical and organisational security measures to prevent your personal data against accidentally loss, accidental or unlawful destruction, alteration, unauthorised disclosure or access.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a beach were we are legally required to do so.

International Transfer

Some of the third parties that we disclose personal data to may be based outside the EEA, so their processing of your personal data will involve a transfer of your personal data out of the EEA. Whenever we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it.

Cookies

Information about cookies and other technologies we use is available on our Website Privacy Policy (www.houseofdanielthwaites.co.uk)

Policy Amendments

Daniel Thwaites P.L.C. reserves the right to change, modify, or amend this Policy at any time. Any changes to the Policy will become effective upon our posting the revised Policy on our website. Use of our website following such changes constitutes your acceptance of the revised Policy then in effect.

Contact Details

If you have any questions about your personal data or if you wish to exercise any of your data rights, please contact us:

Email: dataprotectionofficer@thwaites.co.uk
Phone: 01254 686868
Postal Address: Daniel Thwaites P.L.C., Myerscough Road, Mellor Brook, Blackburn, BB2 7LB