- If you have any queries about the policy, please get in touch with us using our contact details and we will do our best to answer your questions.
- This notice applies to personal data provided by our users, our users include our Homeowners, guests staying at a Homeowner’s property or other users. In this notice “you” refers to any individual whose personal data we hold or process (other than our staff and contractors).
- We are also wholly owned by the Accor S.A group and adopt their Customer Personal Data Protection Charter set out here: https://www.accorhotels.com/security-certificate/index.en.shtml (“Charter”)
Personal information collected
- We will collect the following personal information from you:
- Certain information required to register with the Site including first and last name, your address and date of birth together with some basic security information (“Registration Information”);
- If you are a Homeowner, information about your property and contact and personal information we need in order to assist with and manage bookings on your behalf (“Property Information”)
- Details of any bookings you make or receive through the Site including ID information (either through us or through third parties who use the Site as a booking platform) (“Booking Information”);
- Your email address and password (“Login Information”);
- Billing information such as your credit card number and expiry date (“Billing Information”);
- A record and details of any correspondence or communication between you and us or relating to any complaint submitted to us (“Communication Information”)
- Information we may hold for marketing purposes such as email addresses and some information about your personal circumstances (e.g. your location) (“Marketing Information”)
- Other technical information you generate as a result of site interactions including your visits to the Site, the resources and pages you access and any searches you make (“Technical Information”).
- In collecting information we abide by the following principles.
- Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.
- Legitimacy: We will collect and process your personal data only for the purposes described in this policy and the Charter.
- Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.
- Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.
- Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. This is done by sending an email to firstname.lastname@example.org.
- Confidentiality and security: We will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.
- Sharing and international transfer: We may share your personal data within the AccorHotels Group or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Charter. We will take appropriate measures to guarantee security when sharing or transferring such data.
- Although it is not compulsory to give us this information, if you do not then you cannot register as a member of the Site or make a booking for accommodation with our Homeowners.
Basis on which we process personal data
Personal data we hold about you will be processed because the processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security; or because you have consented to the processing for the specific purposes described in this notice; or because the processing is necessary in order for us to comply with our obligations under a contract between you and us.
Use of this information
The table below sets out how we process your data and the lawful basis for the processing:
Necessary for our legitimate interests (to obtain necessary information in order to provide our services)
Necessary for our legitimate interests (for running our business and to provide you with products and services requested)
Necessary for our legitimate interests (for running our business and to provide you with products and services requested and to fulfil our statutory obligations)
Necessary to comply with legal obligation
(a) Notifying you about changes to our terms or privacy notice
(b) Asking you to leave a review or take a survey
(c) When you submit a complaint
(d) Sending relevant information about our products and services to you.
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how customers use the services we provide)
Necessary to comply with a legal obligation
Sharing this information
- Credit or debit card payments will be collected by our payment processor.
- In order for payments to be processed you may need to provide some necessary details to our agent. We tell you about this at the point we collect that information on the Site.
- We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected.
- We may share customer information with third parties to perform services on our behalf in order to improve our services and you hereby consent to us sharing such customer information.
- Other than as set out above, we will not disclose any of your personal information without your permission unless we are required by law to do so (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).
Information automatically collected from your computer
- Log files/IP addresses. When you visit the Site our web server automatically records your IP address. This IP address is not linked to any of your personal information. We may also gather other non-personal information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.
- Storing details about your site preferences (for instance which language you wish to view pages in);
- Storing details about any properties you have short-listed;
- Enabling our web server to track your session between pages of the site and provide a continuity of experience.
- When using our site, there are a number third parties who also need to store cookies for essential running of the site. These include but are not limited to:
- Amazon for the running of our load balancers;
- to enable Interactive Maps, help us with Analytics and provide remarketing campaigns tailored to your browsing using Google Advertiser Features. If you wish to opt out out of the Google Advertiser Features please click here for details.
- If you have any other concerns, please contact us.
- We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):
- protecting our servers with software firewalls;
- locating our data processing storage facilities in secure locations;
- encrypting all data stored on our server with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;
- when necessary, disposing of or deleting your data so it is done so securely;
- regularly backing up and encrypting all data we hold.
- We will ensure that our employees are aware of their privacy and data security obligations. We will take reasonable steps to ensure that the employees of third parties working on our behalf are aware of their privacy and data security obligations.
- This notice and our procedures for handling personal data will be reviewed as necessary.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use the strict procedures and security features referred to in this clause to try to prevent unauthorised access
Your privacy rights
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Ask us to correct any information that we hold about you which is incorrect, incomplete or inaccurate.
- Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.
- Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.
- Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.
- Ask us to transfer your personal information to another person or organisation.
The GDPR gives you the following rights in respect of personal data we hold about you. You have the right to:
If you have given your consent to us processing your personal information (for example, consent to receive information about our seminars and events), you have the right to withdraw your consent at any time. To withdraw your consent, please contact email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely (although we may in some circumstances need to continue to process your data, if so then we will confirm the reasons for this).
Our current data retention policy is to delete or destroy (to the extent we are able to) the personal data we hold about you in accordance with the following retention periods:
- For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data.
- The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an ongoing investigation into the data).
- We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.
- If you wish to request that data we hold about you is amended or deleted, please refer to the Your Privacy Rights section above, which explains your privacy rights.
We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our Site and recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
In addition, if you linked to this Site from a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
Transferring your information outside of Europe
If you use the Site while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
If at any time you would like to contact us with your views about our privacy practices or if you would like to exercise any of your rights, or with any enquiry relating to your personal information, you can do so by emailing us at firstname.lastname@example.org.
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.