Who is Responsible for Processing Your Personal Data?
Andras House Ltd is the Data Controller. This is the legal entity responsible for how your personal data is collected, stored and processed.
Managing Your Personal Data
When you share your personal information with us, you have a right to expect that information to be treated with total confidentiality. Therefore, it is our responsibility to manage your personal data that you provide to us with care and in accordance with all data protection legislation and industry best practice.
It is your responsibility to ensure that your personal data provided to us is accurate and up to date.
When you stay at any of our hotels, we are legally obligated to request certain information and retain this for our records as per the requirements of The Tourism (Northern Ireland) Order 1992.
We will hold your personal data which you have provided to us in two forms:
At various times, we will be obliged to ask you, as an Andras House customer, for information about you and/or members of your family, such as:
◦ Contact details (for example, last name, first name, telephone number, email)
◦ Personal information (for example, date of birth, nationality)
◦ Information relating to your children (for example, first name, date of birth, age)
◦ Your credit card number (for transaction and reservation purposes)
◦ Your membership number for brand loyalty programmes
◦ Your arrival and departure dates
◦ Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, interests)
◦ Your questions/comments, during or following a stay in one of our establishments.
We may collect information regarding minors or vulnerable adults during your stay for safety purposes. We will request this from you on arrival and use only for this purpose. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet).
Personal data may be collected on a variety of occasions, including:
We process all card payments in line with our obligations under the PCI-DSS regulations. Whenever you provide your card details to us either online or over the phone, we will encrypt the payment details before sending to our card payment and banking provider. If you pay over the phone, we will mask any card data that you provide so that this is not visible to our customer advisors as well as stopping card data from being recorded in our Call Recordings. This is regularly monitored for quality assurance as part of our PCI-DSS obligations.
Any card details provided by customers via paper order forms, such as Third-Party Authorisation forms will be immediately, and securely, destroyed once processed.
If you have any queries or complaints with regards to the operation of your credit card, please contact the hotel directly in the first instance so we can deal with your complaint as quickly as possible. We will need to access your personal data and account history to verify your identity for security reasons and deal with the details of your complaint. Details of any complaints received will be logged and recorded so they can be dealt with accordingly.
We may use Personal Information in a variety of ways, including:
The brand associated with your Rewards scheme may also use Personal Information relating to loyalty programs to:
We will obtain your consent to send you details of our latest products and promotions via Email Marketing in a few ways. We will obtain your consent when you register your details with us, sign up to our email newsletters, enquire about a service, or enter a competition. We hold your personal data for the purposes of direct marketing to you for a minimum period of two years from the date of last contact. If you continue to use our services you will remain on the list until you request to be removed. You can unsubscribe at any time by clicking the link in any email correspondence.
We would like to keep you informed about our latest product offers and promotions using the email address you provide to us. To do this, we will ask you to opt-in to receive marketing emails when you first register for Wi-Fi at one of our hotels, sign up to our email newsletters, enquire about a service, or enter a competition. You can unsubscribe at any time by clicking the link in any email correspondence.
We will not use your telephone number to market to you. We will request your telephone number for contact related specifically to the service provided.
We may use your name and address to send you personalised marketing mails in the post. We have a legitimate business interest to send you information about our products and offers in the post as we know that many of our customers like to browse through brochures or offers prior to booking with us.
We will use social media platforms to send you online targeted marketing information about our product offers and promotions. We have a legitimate business interest to share product information via social media which we believe is of relevance to you; to do this we use paid services offered by various platforms, as well posting on our business page. Should you wish to exercise your right to stop seeing posts from the business page you can unfollow the page. For paid targeted marketing, you should review the privacy settings on your social media account.
Third Party Marketing
We will not share your personal data with third party companies for the purposes of marketing their products and services to you.
You can change your marketing preferences for Email Marketing at any time by clicking unsubscribe in the body of the email sent to you;
You can exercise your right to object to Direct Mail by contacting the Data Privacy Officer using the contact information below.
You can exercise your right stop seeing Social Media at any time by unfollowing or unsubscribing to the business page. For paid targeted services online, you will need to contact the relevant platform to adjust your privacy settings.
Please allow 5 working days for your changes to be processed. You may still receive direct marketing materials that are already processed before we received your request for up to 2 weeks.
When you book a room with us, we will ask you if you would like to opt in for a reward or loyalty scheme with the brand. These schemes are managed by the brand of hotel not directly by Andras House Ltd. Should you wish to opt out or modify your marketing settings you can log in to your personal reward account to change these or close the account.
As a valued customer, we may use your personal data to contact you by email after you have used one of our services to ask you to take part in a customer satisfaction survey. We will share your personal contact details with our brand partners who may carry out these service improvement programmes on our behalf. We have a legitimate business interest in contacting our customers in this way and will always treat your involvement in any service improvement programme, and associated personal data, in confidence.
Should you not wish to participate in our service improvement programme, you can simply ignore or decline to participate at the point of contact.
We actively use social media platforms as a way of connecting, and getting closer, to our customers to hear and understand what our customers think about us and our products and services. Occasionally, we may contact you directly via those social media platforms if we would like to share your comments or pictures with other customers or publish them in our marketing materials. We will always ask you if you are happy for us to use your data in this way and will keep any data that you provide to us, such as email address, confidential and secure.
In the event that you need to make a claim against us, whether that be a product issue or personal injury claim, we will use your personal data and any supporting evidence that you provide to us to process your claim, including sharing this with our chosen insurance companies. From time to time where a claim is outside of our insurance policy, we may also need to engage with external lawyers and share your personal data with them.
CCTV is in operation throughout all hotels for safety and security purposes. Recorded images are viewed in a restricted area and the monitoring or viewing of images is restricted to authorised personnel. CCTV image storage time varies, therefore the availability of recordings is not guaranteed. Disclosure of information from surveillance systems is controlled and consistent with the purpose(s) for which the system was established. When disclosing surveillance images of individuals, particularly when responding to subject access requests, consideration will be given on whether the identifying features of any of the other individuals in the image need to be obscured - this will depend on the nature and context of the request.
Individuals whose information is recorded have a right to be provided with that information or view that information upon formal request. We have discretion to refuse any request for information unless there is an overriding legal obligation, such as a court order or information access right request, or if the request is not consistent with the purpose(s) for which the system was established. Judgements about disclosure will be verified by a legal representative. We may require further information from you to validate your identity after which point, information requests will be provided promptly and within no longer than 40 calendar days of validating the request. Once we have disclosed information to another body, they become the data controller for the copy they hold. It is their responsibility to comply with the DPA in relation to any further disclosures.
To submit a request for CCTV access please contact the Data Privacy Officer using the details below.
Data Protection Officer, 60 Great Victoria Street, Belfast, BT2 7BB
Email: Privacy@andrashouse.co.uk; Tel: 00 44 (0) 2890878797
You may wish to access a copy of the personal data we hold about you - known as a Subject Access Request. You can do so by ringing, writing to or emailing the Data Protection Officer using the details above. We will respond to your Subject Access Request as soon as possible and, in any event, within the statutory 30 days. However, if we need more information from you to verify your identity, which we must do to ensure we disclose your personal data to the right person, the 30-day response period will only commence from the time that we have validated your identity.
Please be aware that for security reasons we do not usually provide details of any bank details that we hold against your account(s). Please speak to the Data Protection Officer should you need this additional information.
If you believe we have made an error as to the personal data we hold about you, please speak to any agent within the relevant hotel(s) who can rectify this for you. Should you wish to discuss this matter further, please contact the Data Protection Officer.
You have the right to request your personal data to be permanently deleted from our records and systems to avoid any further communication with you. Your request will always be considered in light of the legal bases that we hold, store and process your personal data and the purpose that we collected your data. Where the legal bases permits, we will carry out your instruction without undue delay. Please note, however, that where we have a legal or contractual obligation to hold your personal data, we may not be able to carry out your request but we will explain this fully to you. Please address any request to delete your data to the Data Protection Officer using the contact information above.
Should you believe that we are processing your personal data in a way that you did not understand or agree to and wish to restrict such processing, please speak to the Data Protection Officer who will be able to carry out a review and make any necessary adjustments.
You have the right to object to certain types of processing of your personal data. We will always make it clear at the outset of any new arrangement with you how we are going to process your personal data. Should you wish to object to such processing, we will give you the option to opt out. However, should you wish to discuss this matter further, please speak to the Data Protection Officer.
Due to the restricted design of the hotel databases it is technically feasible to extract and transfer information to another party. In the event, that you wish to move your personal data that we hold on you to another organisation, please contact the Data Protection Officer who will be able to advise.
You have a right to lodge a complaint with the Information Commissioner's Office (ICO) if you have a complaint with how you believe your personal data has been handled. For more information, please visit https://ico.org.uk/concerns