Millbrook Guest House understands that customers care about the use and storage of their personal information and data. This document sets out our policy on how we will use and protect your personal information.
How we collect data
The data we collect is provided to us by you or an agent/representative acting on your behalf. It is collected when:
- you complete forms via our website or online booking system
- you provide information to us by email or a letter
- you provide information to us over the telephone
- you tell us in person.
Information we collect
The personal information we collect includes the following:
Information required to complete a booking:
- The full name and address of the person making the booking
- The email address of the person making the booking
- The telephone numbers of the person making the booking
- The names of all guests staying as part of the booking
- Credit / Debit card details (when booked online – which are stored securely by SagePay which is fully PCI compliant. We can only view the last 4 digits and the expiry date of the card)
The following information can also be provided but is not mandatory:
- Any additional information you wish to provide that you feel is pertinent to your stay (e.g. food or other allergies, dietary requirements, special requirements, etc.)
- If you provide Credit/debit card details over the telephone we will note your card details and securely shred/dispose of them once we have processed the payment on our card terminal. Payments made in person will be entered directly onto our card terminal. We request that you DO NOT provide card details by email.
How we store your data and keep it secure
We take all reasonable technical and organisational precautions to store your information in a secure manner and prevent its loss or misuse.
Your data is stored on a secure database operated by our booking system freetobook. This database is fully compliant with the GDPR data rules.
This freetobook database does not store or capture any personal data other than as detailed above (see the Information we Collect). Neither Millbrook Guest House nor freetobook will transfer any personal data to any other party if it is not part of the booking and review process.
All credit and debit card data captured via our booking system or by other means is kept secure with the PCI level 1 compliance of FabPay and PCI Card Storage.
Where you choose to pay us by credit or debit card using our processing terminal (whether it is by using the physical card or when we process a card in the “cardholder not Present” manner), we will have a printed receipt slip that contains details of the amount paid and some card details. This receipt slip is kept in a secure location and can only be accessed by authorised personnel. The slip is kept separately from any other information that could identify the card as belonging to an individual. Card payment slips are only kept for as long as is reasonable and destroyed using a security grade shredder.
On arrival, we require you to verify your identity and booking details by completing a guest registration form that includes the personal information you (or your representative) have provided. This registration form is kept in a secure location and can only be accessed by authorised personnel. This form is only kept for as long as is reasonable and destroyed using a security grade shredder.
Using your personal information
The personal information provided to us will only be used in connection with the services we are providing to you and is intended to improve your experience.
We may use your personal information to:
- Process your booking and provide confirmation details
- Obtain payments for our services via credit/debit card
- Respond to any questions or comments via e-mail, telephone or post.
- Provide information that may be useful to you
- Request feedback about your stay with us, the booking experience and our website. This is sometimes done in conjunction with TripAdvisor and freetobook.
- Return any items that you may forget to take with you on check-out
- Send an email after your stay with information regarding future bookings
Disclosures and Data Storage
We will not store or process your personal information outside the United Kingdom. Other than this, we may disclose your personal data as required by law to any third parties.
We consider obtaining feedback about your stay as part of the service we provide. To this end, we do supply your email address to third parties (including TripAdvisor and freetobook) for the sole purpose of obtaining this feedback. You are under no obligation to provide feedback, and you will only receive 1 email from each of our review partners. If you do provide feedback this may be used for marketing purposes, but we will not disclose any of your personal information.
Cookies and Similar Technologies
If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that enable you to automatically decline many of these technologies or to be given the choice of declining or accepting them.
You may request that we provide you with any personal information we hold about you. Provision of such information will be subject to the supply of appropriate evidence of your identity ( e.g. a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address)
You also have the right to request that we delete and destroy your personal data. Subject to providing evidence of your identity (see above) we will be happy to comply with a request to delete your data.
Third party websites
Our website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites and you should exercise caution and look at the privacy statement applicable to the website in question.
Please let us know if the personal information which we hold about you needs to be corrected or updated.
Updated – May 2018