ONLINE PRIVACY STATEMENT
- The Set Hotels Management Company Limited:
- Hotel Café Royal, London
- Conservatorium, Amsterdam
- Lutetia, Paris
We respect the privacy of our customers and business partners, and treat personally identifiable information provided by them as confidential. We will collect, use and store such information with all due care and diligence, in accordance with all applicable laws in the countries in which we operate. The Set Hotels Management Company Limited and the applicable local management entities as set forth above are “Data Controllers” for the data they each collect and process. The Set Management Company Limited is also the Data Controller for gathering all the data collected and processed by us and on our websites.
The contact details for each Data Controller are the following:
- For customers using the services of the website and the Set Hotels, The Set Hotels Management Company Limited, Elm Park House, Elm Park Court, Pinner, Middlesex, HA5 3NN, UK, and by e-mail: firstname.lastname@example.org.
- For customers using the services of Hotel Café Royal, 68 Regent Street , London, W1B 4DY, and by e-mail: email@example.com
- For customers using the services ofConservatorium, Van Baerlestraat 27 , Amsterdam, 1071 AN NL andby e-mail: firstname.lastname@example.org
- For customers using the services ofLutetia, Lutetia, 45, boulevard Raspail , Paris, 75006 FR andby e-mail: email@example.com
This Statement explains what information we collect, how we use it, and how this can benefit your experience of our web sites. Please take a moment to read the sections below.
1. WHAT INFORMATION ABOUT YOU DO WE COLLECT?
We only collect adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
We therefore collect your information only to operate effectively and provide you with the best experiences with our services.
The specific kind of information collected will depend on the context of your interactions with us, and the services you use. The following are examples of the information that may be collected:
- Contact information (name, email address, mailing address, phone number, fax number, and passport number);
- Payment information (payment card: numbers and expiry date upon PCI DSS rules, billing address, and bank account information);
- Demographic data (age, gender, country, and preferred language);
- Information related to your reservation, stay, or visit at the Set Hotels (date of arrival and departure, and goods and services purchased);
- Information necessary to fulfill your special requests and/or specific accommodations (preferences, leisure activities, accompanying guest name, and number of children and ages);
- Loyalty program member information;
- Information collected through security systems (closed circuit television systems – CCTV and electronic card key); and
- Non-personally identifiable information about you (the use and interaction with our websites, communication preferences, aggregated data relative to your stays, and responses to promotional offers and surveys).
We collect this information in the following way:
- Information provided by you: We receive and store information you enter on our website or give us in any other way, including:
- use our online reservations
- stay as a guest at hotels
- subscribe to our newsletters or request a brochure
- submit enquiries and feedback forms
- correspondence with us - interaction with our employees limited to legitimate interest
- respond to surveys, promotions and other communications
- submit a job application
- Automatic Information: When you use or interact with our website and/or use any apps that we may make available on our website, we receive and store information generated by your activity and information automatically collected from your browser or mobile device. For example, like many websites, we obtain certain information when your web browser accesses our website including your IP address, browser type, operating system, mobile network data, pages viewed and access times. This information helps us to communicate with our customers and better understand them.
- Security Systems: When you visit our properties, information may be collected about you through such properties’ closed circuit television systems (CCTV), electronic key cards and other security systems.
- Information from other sources: We may receive information about you from other Third Parties. This may include information from your travel agent, loyalty program, credit card, and other Third Parties.
- Age Limitations: The SET Hotels does not knowingly collect personally identifiable information from any person under the age of 18. The SET Hotels may collect personally identifiable information from people under the age of 18 as part of the guest registration process, but always with the consent of such person’s parent or guardian.
2. HOW DO WE USE YOUR INFORMATION?
We collect your information only to operate effectively and provide you with the best experiences with our services. We collect, use, and disclose the information it collects for the following purposes:
- Fulfillment of reservation and other purchases: We may process information relating to transactions that you enter into with us and/or through our website ("transaction data"). The transaction data may be processed for the purpose of completing your room reservation, supplying the purchased goods and services, customizing our services to your preferences, seeking your feedback on your stay at our properties, and keeping proper records of those transactions.
- Guest Relations: To offer hospitality services and goods based on your preferences and prior stays at one of our properties. The information may be used for future voluntary loyalty programs operated by us.
- Response to inquiries: We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication (such as groups, meetings and events). The correspondence data may be processed for the purposes of communicating with you and record-keeping.
- Internal Business Purposes: For our internal business purposes, developing new products, enhancing the website, improving our services, identifying usage trends and visiting patterns, determining the effectiveness of our promotions, evaluating Third Parties performance (such as Travel Agencies), predicating our yield and occupancy, and meeting contractual obligations.
- Administrative and other communications: To send you important information regarding our website, changes to our terms, conditions, and policies, or other administrative information (e.g., information about your travel reservations, such as confirmation emails).
- Marketing and promotions: To communicate news and promotions to you regarding The Set Hotels related products and services we think may be of interest to you; including Akasha Spa & Gym, Bars and Restaurants.
- Safety and security: To maintain your safety and security as well as that of other guests and staff, while you visit at The Set Hotels.
- Our legal duties: To comply with legal and regulatory requirements or demands in accordance with applicable law, regulations, or other legal process.
The legal basis for processing your personal information is made up of one or more of the following reasons:
- Your consent.
- Providing the services, you have requested.
- Compliance with applicable laws, regulations or other legal process.
- Legitimate Business Interest.
3. WHAT ABOUT COOKIES?
To enhance your experience on our web site, some of our web pages may use “cookies". Cookies, by themselves, do not tell us your personally-identifiable information unless you choose to provide this information to us (by, for example, registering for one of our services). However, once you choose to furnish the site with your personally-identifiable information, this information may be linked to the data stored in the cookie.
Your browser may give you the ability to control cookies, certain browsers can be set to avoid cookies collection. However, if you block cookies, certain features on our website may not work.
4. WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA?
Your personal data being confidential, only persons duly authorized by us can access your personal data, apart from their possible transmission to the bodies in charge of a control or inspection in accordance with the applicable regulations.
All persons who have access to your personal data are bound by an obligation of confidentiality.
These persons include the staff authorized within the company and its affiliates. Our service providers may also be required to process personal data strictly necessary for the performance of the services we entrust them with (mission, electronic and postal dissemination, logistics and catering, etc.).
As a luxury hotel management company and with a presence within a few locations in Europe, it is essential that we share information in order to provide you with and to maintain the best possible service. The specific kind of information we share will depend on the context of your interactions with The SET Hotels, and the services you use. Accordingly, your personal information may be shared with the following parties insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy:
- The SET Hotels properties in order to provide better hospitality experience based upon your preferences and prior stays;
- A representative or travel advisor that has supplied us with your personal information (for example, your travel agent, personal assistant, employer or spouse who has provided us with your details);
- Our marketing and advertisement partners to provide you with more-relevant ads on our site and to encourage you to return to our site. These partners will not use your data for any other purpose than our legitimate interest of direct marketing and you will always have the right to object.
5. DOES THE SET HOTELS TRANSFER INFORMATION OVERSEAS?
Any data processing is held within EU borders including processing by our Third Parties. If any of our Third Parties will require, for any reason, to transfer information outside EU borders; the request will be examined by us.
In this specific case, be sure that we will verify that appropriate measures have been put in place to ensure that your personal data benefits from an adequate level of protection (in particular through standard contractual clauses of the European Commission, the Internal Company Rules or the Data Protection Shield set up between the European Union and the United States).
6. HOW SECURE IS YOUR INFORMATION?
We implement reasonable administrative, organizational and technical safeguards and security measures to protect personal information from unauthorized access, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures.
When disclosure of data to third parties is necessary and authorized, we ensure that these third parties guarantee the same level of data protection as that offered to them by us and requires contractual guarantees so that the data are exclusively processed for the purposes you have previously accepted, and with the required confidentiality and security.
7. HOW LONG WILL THE SET HOTELS KEEP YOUR INFORMATION?
To the extent permissible by applicable law, we will retain your personal information for such period as necessary to satisfy or to fulfill the following:
- The purposes for which that personal information was provided,
- An identifiable and ongoing business need, including record keeping,
- A specific legal or regulatory requirement, and/or,
- A requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings.
Where there is no sufficient justification to retain such personal information, such personal information will be safely and securely deleted and/or anonymized.
In particular, we apply the following retention period for personal data:
- Personal data of customers/prospects/business partners: as long as the user is active and, at the latest, 5 years after the last contact with the user.
- Personal data of candidates (recruitment): time needed to process the application and, in case of a negative outcome, 6 months after the last contact (unless the candidate agrees to a longer period).
8. WHAT CAN YOU DO IF YOU HAVE ANY QUESTIONS OR CONCERNS OR WANT TO ACCESS YOUR PERSONAL DATA?
Our Data Protection Officer will be happy to answer any concerns or queries you may have relating to the use or storage of your personal data. Your principal rights under the European Union General Data Protection Regulation are:
- The right to information on the processing of your personal data
We strive to provide you with concise, transparent, understandable and easily accessible information on the conditions for processing your personal data, in clear and simple terms.
- The right to access, rectify, delete your personal data
The right of access allows you to obtain from us confirmation that your personal data have or have not been processed as well as the conditions of such processing, and to receive an electronic copy (for any additional copy, we are entitled to demand payment of any reasonable fees based on the administrative costs incurred).
You also have the right to obtain from us, as soon as possible (and by default within 30 days), the rectification of your personal data.
Finally, subject to the exceptions provided by applicable law (e.g.: retention necessary to comply with a legal obligation), you have the right to ask us to delete, as soon as possible, your personal data, when one of the following grounds applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You wish to withdraw your consent on which the processing of your personal data was based and there is no other basis justifying such processing;
- You consider and can establish that your personal data has been unlawfully processed;
- Your personal data must be deleted in accordance with a legal obligation.
- The right to restrict the processing of your personal data; The applicable regulations provide that this right may be invoked in certain cases, in particular the following:
- When you dispute the accuracy of your personal data;
- When you consider and can establish that the processing of personal data is unlawful but you oppose the deletion of personal data and demand instead that the processing be limited;
- When we no longer need your personal data but they are still necessary for you to establish, exercise or defend your legal rights;
- When you object to the processing that would be based on the legitimate interest of the controller, during the verification whether the legitimate grounds pursued by the controller prevail over those of the person in question.
- The right to data portability
When the processing is based on your consent or a contract, this right to portability allows you to receive the personal data you have provided to us with in a structured, commonly used format, and to transmit this personal data to another data controller without us hindering it. When technically possible, you may request that this personal data be transmitted directly to another controller by us.
- The right to lodge a complaint with a supervisory authority
If, despite our effort to preserve the confidentiality of your personal data, you feel that your rights are not respected, you have the right to lodge a complaint with a supervisory authority. A list of control authorities is available on the European Commission’s website.
- The right to withdraw consent
When we process your personal data on the basis of your consent, this latter may be withdrawn at any time using the means provided for this purpose (procedure indicated below of this Policy). On the other hand, and in accordance with applicable law, the withdrawal of your consent is only valid for the future and cannot therefore call into question the lawfulness of the processing carried out before this withdrawal.
- The right to decide the fate of your personal data after your death
Finally, you have the right to organize the fate of your personal post-mortem data through the adoption of general or specific guidelines. We are committed to respecting these guidelines. In the absence of directives, we recognize the possibility for heirs to exercise certain rights, in particular the right of access, if it is necessary for the settlement of the deceased’s estate; the right to object to the closure of the deceased’s user accounts; and the right to object to the processing of their data.
9. HOW TO CONTACT US
You may exercise any of these rights in relation to your personal data by contacting our Data Protection Officer – Mr. Lionel Robin. Our Data Protection Officer can be contacted by email at firstname.lastname@example.org and by post at The Set Hotels Management Company Limited, Elm Park House, Elm Park Court, Pinner, Middlesex, HA5 3NN, UK.
10. WHAT ABOUT LINKED WEBSITES?
The linking of third party websites to this website does not indicate any association with or endorsement by us. We do not assume responsibility or liability for any content presented by or contained on any independent web site, including, but not limited to, any advertising claims or marketing practices.
Effective Date: 24th May 2018