Privacy, Security and GDPR Policy
The Wyastone Townhouse understands that your privacy is of utmost importance and we are committed to keeping your details safe. This privacy and security policy explains how we use and protect your personal information.
When you make a booking we will ask you for the following details, these are to ensure that we are compliant with Data Protection laws.
- Your Name
- Contact information including email address and telephone number.
- Credit / Debit card details (which are securely stored and will only be accepted over the telephone. We request that you DO NOT provide card details by email
If you are travelling from overseas we will also ask the following in addition to the above in compliance with the Immigration (Hotel Records) Act 1972.
- Passport number and place of issue
- Details of next destination.
Under the Data Protection Act 1998 we are required to keep these details for a period of 12 months (and financial information by law has to be kept for 7 years as instructed by HMRC).
We take active precautions when storing data in a secure manner. On your arrival you will be asked to complete a registration form to verify your identity, once completed this registration form is kept in a secure location and can only be accessed by authorised personnel and is only kept for the required time by HMRC before being destroyed.
When you choose to pay us using credit or debit card using our processing terminal we will have a printed receipt with your card details and total amount. This receipt has to be kept for a minimum of 7 years; however it is stored in a secure location with access by the proprietor only. This slip is kept separate from your other details so that the information cannot be used to identify you.
If you make a booking through our website your deposit is securely taken through a payment gateway system company called Secure Trading www.securetrading.com who encrypt all your card details to ensure it cannot be read by anyone else.
You may request that we provide you with details of any personal information we hold about you under the Data Protection Act 1998. To do this you will need to contact us in writing and providing identification.
Under GDPR you have ‘The Right to be Forgotten’ where you as a customer can, at any time, request that we remove all your personal information from our system. However it is important to remember that any Right to be Forgotten request does not override requirement to hold information under any other legislation, for example, you cannot request for financial records to be destroyed that you undertook in the last 7 years at the Wyastone.
You may request your right to be forgotten by writing to us with identification and we will write back to confirm your data deletion or he need to keep it under law.
If you feel that the information that we currently hold is incorrect or incomplete, please contact us as soon as possible and we can update the details for you.