Privacy Policy
The Kinloch Hotel is committed to the privacy and confidentiality of your information. This privacy policy describes current policies and practices about our use of personal information. Please take the time to read this Privacy Policy carefully. This policy should be read alongside the terms and conditions.
Where you provide personal information to us about other individuals (for example, members of your family or other guests staying in the rooms or apartment) we will also be controller of their personal information and we are responsible for protecting their personal information and using it appropriately. This Policy will therefore apply to those individuals and you should refer them to this Policy.
In order to make this Policy as user friendly as possible, we have split it into different sections. Please click on the section below that best describes your relationship with us and the service you receive from us.
At booking stage
On arrival at Kinloch Hotel
During or following your stay
What will we use your personal information for?
We use your information for the following legal reasons:
When you subscribe to our email notifications and/or newsletters we will send you the relevant notifications and/or newsletters – but only if you’ve agreed. You can unsubscribe from this type of communication at any time by clicking the link in the footer of the email, or emailing us on reservations@kinlochhotel.co.uk . We also collect additional information in connection with your participation in any competitions that we run.
We also use Facebook marketing services in order to promote our serviced apartments on Facebook and Instagram.
We do not sell your information to third parties.
4. Automated Decision-Making
Automated decision making refers to a situation where a decision is taken using personal information that is processed solely by automatic means (i.e. using an algorithm or other computer software) rather than a decision that is made with some form of human involvement.
The Kinloch Hotel does currently undertake automated decision making. We do this in several ways:
5. How long do we keep personal information for?
We will only keep your personal information for as long as reasonably necessary to fulfil the purposes set out in Section 3 above and to comply with our legal and regulatory obligations. We set out below examples of the retention periods that we apply:
Where you book an apartment or room, the personal information that we collect from you and from the relevant Partner will be retained for 1 year.
6. What is our approach to sending your personal information overseas
We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA in the following circumstances:
It is necessary for the performance of the contract we have with you.
It is necessary to protect your vital interests i.e. it is a life or death situation.
There may also be some instances where your personal information is transferred to countries outside the EEA such as when we transfer information to third party suppliers who are based outside the EEA or when third parties who act on our behalf transfer your personal information to countries outside the EEA.
Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:
Entering into data transfer contracts and using specific contractual provisions that has been approved by European data protection authorities otherwise known as the “standard contractual clauses”;
Transferring personal data to companies in the United States who are certified under the “Privacy Shield”. The Privacy Shield is a scheme whereby companies certify that they provide an adequate level of data protection;
We will only transfer personal data to companies in non-EEA countries who have been deemed by European data protection authorities to have adequate levels of data protection for the protection of personal information.
The Kinloch Hotel will ensure that all our systems are protected using secure passwords and multi-factor authentication mechanisms. All customer data is held within secure data centres using industry standard protection and encrypted where applicable. All data access is segmented by role and user rights.
You have several data protection rights which entitle you to request information about your personal information, to dictate what we do with it or to stop us using it in certain ways.
We respect your rights in relation to personal information we hold about you, however we cannot always comply with your requests, for example:
We may not be able to delete your information if we are required by law to keep it for a longer period of time; or
If we delete your information we would not have the necessary information we need to complete your booking or manage your bookings.
The right to access your personal information
You can request a copy of the personal information we hold about you and certain details of how we use it.
Your personal information will normally be provided to you in writing unless you request otherwise or where you have made a request by electronic means such as email, we will provide such information in electronic form where possible.
The right to withdraw your consent
Where we rely on consent as the legal ground to use your personal information, you are entitled to withdraw that original consent.
The right to rectification
We make reasonable efforts to keep your personal information where necessary up to date, complete and accurate. We encourage you to ensure that your personal information is accurate so please regularly let us know if you believe that the information we hold about you may be inaccurate or not complete. We will correct and amend any such personal information and notify any third party recipients of necessary changes.
The right to restriction of processing
Subject to the circumstances in which you exercise this right, you can request that we stop using your personal information, such as where you believe that we no longer need to use your personal information.
The right to erasure
You can request that we delete your personal information. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdrawn consent.
Whilst we will assess every request, this request is subject to legal and regulatory requirements that we are required to comply with.
The right to object to direct marketing
You can request that we stop sending you marketing messages at any time by clicking on the “unsubscribe” button in any emails that we send to you.
The right to make a complaint with the ICO
Where you believe that we have breached data protection laws when using your personal information, you can complain to the Information Commissioner’s Office (ICO). For more information visit the ICO’s website. Please note that exercising this right and lodging a complaint will not affect any other legal rights or remedies that you have.
10 Updates to this Privacy Policy
We are continually improving our methods of communication and alongside with changes in the law and the changing nature of technology, our data practices and how we use your data will change from time to time. If and when our data practices change, we will notify you via our website.