At Chimneys Guest House (CGH) we understand that customers care about the use and storage of their personal information and data. This document sets out our policy on how we will use and protect your personal information.
CHG is a registered company with the Information Commissioners Office, registration number: ZA496264
The information we collect
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email and communications), payment details (including credit card information are collected for payment processing via secured industry approved standards), comments, feedback, reviews and recommendations.
Guest data is collected and processed for the purpose of identification and as a security measure to confirm a booking. It is also required to comply with the Immigration (Hotel Records) Order 1972 (and subsequent amendments), to enable payment processing and for us to operate and provide our services to visitors and customers. We may use your data to contact you with general or personalised service-related notices and promotional messages, and create aggregated statistical data and other aggregated and/or inferred non-personal information, which we or our business partners may use to provide and improve our respective services.
Personal data will be kept for 12 months. The holding and use of personal information are regulated by the Data Protection Act (2018) and the General Data Protection Regulation (2018). For the Act, the CGH proprietor is the Data Controller.
The information required to complete a booking can include:
The full name and address of the person making the booking
The email address of the person making the booking
Credit/Debit card details – when provided as part of our online booking system the details are stored securely by Wix Hotel Service. If you provide credit/debit card details over the telephone or in person these will be entered manually into our secure payment system and this will be the only place they are stored. We request that you DO NOT provide card details by email as we cannot guarantee the security of such communications.
The telephone numbers of the person making the booking
The names and address of all guests staying as part of the booking
Any additional information you wish to provide that you feel is pertinent to your stay (e.g. food or other allergies, dietary requirements, special requirements, etc.)
On or before arrival guests are required to provide personal information. This includes a guest registration form, which will be kept by law in the company files for the requisite year period. Booking forms are also kept for a year, both are destroyed by shredding and permanent deletion from digital platforms.
The way we collect data
When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
The data we collect can also be provided to us by you or an agent/representative acting on your behalf when:
forms are completed on our website or our online booking system
we receive an email or a letter
information is provided to us by telephone
you tell us in person.
How we store your data and keep it secure
We take all reasonable technical and organisational precautions to store your information in a secure manner and prevent its loss or misuse.
All credit and debit card data captured via our booking system or by other means is kept secure with the PCI level 1 compliance of Paymentsense, JotForm Inc, Stripe and PCI Card Storage. This is the highest security attainment you can have as a business that collects payments from, and integrates with, credit cards.
Chimneys Guest House website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our business and its service providers.
Where you choose to pay us by credit or debit card using our processing terminal (whether it is by using the physical card or when we process a card in the “cardholder not present” manner), we will have a printed receipt slip that contains details of the amount paid and some card details. This receipt slip is kept in a secure location and can only be accessed by authorised personnel. The slip is kept separately from any other information that could identify the card as belonging to an individual. Card payment slips are only kept for as long as is reasonable and destroyed using a shredder.
We require you to verify your identity and booking details by signing a printed registration form that includes the personal information you (or your representative) have provided. We will also make a copy of your valid photo ID (i.e. passport, driving licence or national identity card) required for registration, as part of our identity and fraud check measure. The registration form and the copied ID is kept in a secure location and can only be accessed by authorised personnel. This will be destroyed using a shredder after 12 months.
Using your personal information
The personal information provided to us will only be used in connection with the services we are providing to you and is intended to improve your experience. We may use your personal information to:
Process your booking and provide confirmation details
Obtain payments for our services via credit/debit card
Respond to any questions or comments via e-mail, telephone or post.
Provide information that may be useful to you
Contact you to resolve queries or issues
Request feedback about your stay with us, the booking experience and our website. This is sometimes done in conjunction with booking channels, such as Booking.com and Expedia.
Return any items that you may forget to take with you on check-out
Send an email after your stay with a discount code for future bookings
Disclosures, data storage and information sharing
We may disclose your personal data as required by law to any third parties.
If you provide feedback on your experience of stay at CGH, this may be used for marketing purposes, but we will not disclose any of your personal information, other than name and city/country.
We will only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilising, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent).
Cookies and similar technologies
Cookies and similar technologies are used on our website. They allow us to track your browsing behaviour, links clicked, items purchased, your device type, and to collect various data, including analytics, about how you use and interact with our Services. This helps us to provide you with a better user experience and improved performance.
We use various web analytics tools such as Google Analytics, to collect information about how you interact with our website. This information includes things such as IP address, geographic location of the device, browser type, browser language, date and time of your request, time(s) of your visit(s), page views and page elements (e.g., links) that you click, what site you visited prior to visiting our website and how much time you spend on each page.
If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that enable you to automatically decline many of these technologies or to be given the choice of declining or accepting them.
We have 7 CCTV cameras on the outside of the Property and 1 inside, as you enter from the front door entrance. None of the cameras are pointed at the guest bedrooms, door or windows.
We use these cameras for the security of our property, ourselves, our guests and their property. The data is recorded securely online and on a hard drive, locked in the CGH office. The data is kept for 14 days. Only CGH proprietors have access to this surveillance data. The data can be accessed via a smartphone App and on the hard drive, both of which are password protected.
Your individual rights
You have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data. We handle subject access requests in accordance with the GDPR.
You may request that we provide you with any personal information we hold about you. Provision of such information will be subject to the supply of appropriate evidence of your identity (e.g. a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address)
You also have the right to request that we delete and destroy your personal data. Subject to providing evidence of your identity (see above) we will be happy to comply with a request to delete your data.
Notification of data breaches
The GDPR requires us to notify the Information Commissioners’ Office within 72 hours of first having become aware of any breach where that breach is likely to “result in a risk for the rights and freedoms of individuals”. For any breach, we are required to notify you “without undue delay” after first becoming aware of a data breach. In the event of a breach we will do this in writing to your last known address given to us at the time of your booking.
We may update this privacy and data protection policy from time to time by posting a new version in our guest information folder.
How to Contact us