We are committed to ensuring that your privacy is protected and understand the need for appropriate protection of all personal information provided by you to us. This Privacy Policy has been created in order that you understand the importance that we attach to this issue and our commitment to ensure that we comply with legislation in this area.

By providing us with your personal data, whether through the Group websites or otherwise, you consent, agree and accept that we, as well as our respective representatives and/or agents may collect, use, disclose and share among ourselves your personal data as described in this policy.

Who we are

Legacy Hotels & Resorts is registered as a data controller with the Information Commissioner’s Office.  Our brand hotels are also covered by an ICO registration.  The current registration details are:

Data Controller Name:         LEGACY HOTELS & RESORTS

Registration Number:             Z9337904

Date Registered:                   17 January 2006

What information do we collect about you?

We collect information about you when you register with us on our website, login to our website or applications (directly or by using social media logins), or commence or complete an online transaction to use our products and services.  We collect information about you when you contact our reservations team to make a booking or use the facilities at any of our hotels and restaurants.  Facilities include, but are not limited to, Spa, bar and restaurant, function rooms, and guest Wi-Fi.  We have CCTV installed in all of our premises in public areas and particularly around entrances and exits; this is for the purposes of prevention and detection of crime and employee monitoring.

We also collect information from you when you sign up to any of our loyalty programmes, subscribe to any of our marketing communications, complete our voluntary customer surveys, enter our competitions or provide feedback.  These may be carried out online, by telephone or in person.

Some of the information we collect may be classed as personal data, that is, it is information about an individual who can be identified from it.  It may be collected any time you submit it to us, whatever the reason may be.

In doing business with you, typically we will collect:

  • Full or partial contact details including names and addresses (including business details if you are making a corporate booking), telephone and email details.
  • If you have special requirements then it may also be necessary to collect details about diet or disability or any other preferences that you may have.
  • Car parking arrangements at our hotels and restaurants may also make it necessary for us to collect your car registration number for your visit to us.
  • We collect payment card information from you should you choose to use this form of payment for purchasing or guaranteeing use of our products and services.  You may choose to store this information with us when booking online, for the purpose of making your future Legacy Hotel bookings more quickly, via our secure online PCI DSS accredited facility.
  • If you choose to connect with us via social media links, for example such as Facebook or Twitter, we may collect your user name, your name (including surname) and email address, your gender, and your location.  We may also collect your birthdate and other significant dates for making special offers to you around your birthday and other anniversaries.
  • From our overseas guests we may also collect passport details.

If you provide us with any personal data relating to any third party (e.g. information about your spouse, children, employees or colleagues) for particular purposes, by submitting such information to us, you warrant and represent to us that you have obtained the consent of such third party to provide us with their personal data for the respective purposes.

How will we use the information about you?

We use the information we collect about you to process your bookings, answer your queries, process your gift card and voucher purchases, provide our hotel and restaurant facilities and services, and enable you to manage your website user account.. With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about other related products and services we, or our group business, provide which we think may be of interest to you.  Our marketing communications are generally sent by email.

We may use your information collected from the website, via cookies or direct input, to personalise your repeat visits to our website and send triggered messaging emails to you.

We may use your information to meet and comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory body which are binding on us; and for purposes which are reasonably related to the aforesaid.

We sometimes engage the services of trusted third parties to process the information collected by generating anonymised statistics to assist us with our marketing campaigns and business analysis.  We do not disclose this anonymised data outside of our business group.  It is not possible for the business to identify an individual from such anonymised data presented in our internal reports.

Data Sharing

As a business, we rely on a few third parties services to make sure we are efficient and effective. We use WeddingDates (SaaS), Guestbook and HotelREZ for example. GDPR compliance is a prerequisite in our vendor selection process.

We share your data with businesses in the Legacy Hotels Group through our reservation systems.

Where we use contracted and trusted third parties to facilitate our provision of services and offers, we will also share your data with those parties for that purpose.  This includes the processing and delivery of marketing communications to you, processing review and upgrade services and any other third party services engaged to perform a business support, operational or administrative function.

Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes.

We do not share your data with any third parties outside of the above processing arrangements and we do not share your data with any business external to our group for their own marketing purposes.  From the data we collect, you should only ever receive marketing communications from our own brands and hotels.  The exception to this is if you have additionally agreed to receive communications from external third parties, via take up of our special third party promotions, competitions and club memberships.  These are third parties with whom we have agreed commercial relationships.  For example, other retail, leisure and hospitality businesses.

We may also disclose personal data as permitted or required by law.  For instance, if asked by the authorities, such as the police or HMRC, we may share your personal data with them for the purposes of prevention and detection of crime.  Information is not shared with them outside of this purpose.

Transaction and Information Security

We understand how important it is to securely store any information that you provide.  Legacy Hotels & Resorts take the privacy and security of your payment and personal details very seriously.  Although we take reasonable care to keep your personal data secure, we cannot be held liable for any loss you may suffer from unauthorised access or loss of any data provided to group websites.  As part of our security measures, we use encryption technologies for online transactions via our websites.

Should you choose to store your credit card details with us via your website user account, for the purpose of making future booking transactions, we will store this information with our secure third party payment gateway which is accredited for PCI DSS (Payment Card Industry Data Security Standards).

Our guest Wi-Fi service is provided by contracted trusted third parties, depending upon which hotel site you are visiting.  If you choose to use the service to access web sites or content provided by third parties or purchase products from third parties, then your personal information may be available to the third-party provider. The way third parties handle and use your personal information related to the use of their services is governed by their policies.  Legacy Hotels & Resorts have no responsibility for their policies, or third parties’ compliance with them. Our guest wireless/wired systems use radio channels or local area networks to transmit voice and data communication information; privacy therefore cannot be guaranteed, and Legacy Hotels & Resorts shall not be liable to you for any lack of privacy you experience while using the service.

Whilst we take reasonable, appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the internet can ever be totally guaranteed secure.  Consequently, please be aware that we cannot guarantee the complete security of any personal data that you transfer over the internet to us whilst in transit.  Sending such information is entirely at your own risk.

We advise that you follow general internet security guidelines:

  • Always log out and close the website browser when you complete an online session, especially if you are using a computer or terminal in a public location.
  • Keep your online account passwords private.  Our online accounts are intended for single guest use and link information provided to your guest record.
  • When creating a password, use at least 8 characters.  A combination of letters and numbers is best.  Dictionary words, your name, email address, or other personal data that can be easily obtained are best avoided for passwords.
  • Avoid using the same password for multiple online accounts.

Marketing

We would like to send you information about other Legacy Hotels & Resorts products and services, which we believe may be of interest to you.  If you have consented to receive our marketing, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes.  If you no longer wish to be contacted, you can unsubscribe by any of the following methods:

  • selecting the UNSUBSCRIBE link included in our emails or on our website;
  • contacting our Marketing Team – E-mail

Business Transfer

In the event that our business is transferred, sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s advisers and may be passed to the new owners of the business.

Accessing and Amending your Personal Information

You have a right to access a copy of the information which we hold about you.  If you would like to do this, please email or write to us at the following address.  We reserve the right to make a small charge of £10 for these requests as per the terms of the Data Protection Act.

Information Governance Manager
Legacy Hotels & Resorts
Russell House
4-6 Doctors Lane
Henley In Arden
Warwickshire
B95 5AW

E-Mail

We want to make sure that your personal information is accurate and up to date. You are able to make amendments, or withdraw your consent for use, by telling our reception staff when you check in at any of our hotels, contacting our central reservations team or by contacting our Information Governance Manager.

If you withdraw your consent to any or all use of your personal data, depending upon the nature of your request, we may not be able to provide or continue providing our products and services to you, or administer any contractual relationship already in place. You understand and agree that in such instances where we require your personal data to fulfil a contractual obligation to you and you withdraw your consent to collect, use or disclose  he relevant personal data for those purposes, we cannot be held liable for breach of that agreement. Our legal rights and remedies in such event are expressly reserved.

Retention of Information

Your personal data will be retained for as long as it is necessary to fulfil the purpose for
which it is collected or for business or legal purposes, or in accordance with applicable laws.

Should you choose to unsubscribe from our mailing list or if your membership expires, please note that your personal data may still be retained on our database to the extent permitted by law.

Cookies

By using our website, you agree to our Website Terms & Conditions.

Take a look at our Privacy Policy to find our more on how we collect and use personal data.

When you visit our websites we may use cookies. Cookies allow us to identify the computer or device you’re using to access our website – BUT WE CAN’T IDENTIFY YOU PERSONALLY.

IT IS IMPORTANT TO KNOW THAT WE WILL ONLY STORE INFORMATION THAT YOU HAVE VOLUNTARILY AND EXPLICITLY GIVEN US. THIS IS ESSENTIAL TO PROGRESS ONLINE BOOKINGS.

You can set up your web browser to refuse cookies, but this means you may not be able to use all of the website’s features.

We may use cookies for tracking your journey through our site, how you came to the site and whether you moved on to our booking engine. These cookies help us understand how our customers are using the website, so we can make things better.

By using our websites, you agree to us using cookies as set out in our Statement on Cookies.

COOKIES – INFORMATION

Read through this section for all you need to know about what cookies are and how we may use them.

What are cookies?

Cookies are small text files placed on your computer by us or our partners. They let us identify the device you’re using – but not you personally. This information is sent back to our systems as you move around our website.

Cookies are unique to the web browser you’re using – so if you’re using a desktop computer as well as a mobile, different data will be collected for each.

Cookies can be set by the owner of the website you’re on. These are known as 1st Party Cookies. There are also 3rd Party Cookies that can be set by partner websites. Only the owner of the cookie can see the anonymous information it collects.

You can choose to accept all cookies, reject 3rd Party Cookies or reject all cookies by changing your internet browser settings. If you don’t accept cookies, some features of our website won’t work.

How we use cookies

When you’re buying something on our website, we need to use cookies to keep track of what you’re booking as you move through each stage of the booking process.

Improving your experience

We may use cookies and software programmes to record, measure and analyse how our customers use our website. We use this information to understand what you want from our website.

Refusing cookies and changing your mind after you’ve accepted.

Refusing cookies

You can change your browser settings to accept or refuse all cookies, choose which cookies you want or don’t want, or ask to be notified when a cookie is set. Use the help feature in your browser to see how.

Changing your mind after you’ve accepted our cookies

If you change your mind after you’ve accepted our cookies, you’ll find an option within your internet browser to clear cookies that have already been set. Use the help feature in your browser to see how. You’ll then need to change your browser settings to refuse cookies in future.

Our Booking Engine Cookies

 

 

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

 

Name Provider Purpose
ADRUM hotelrez.co.uk technical monitoring of the server load
ADRUM_BT1 booking.hotelrez.co.uk technical monitoring of the server load
ADRUM_BTa booking.hotelrez.co.uk technical monitoring of the server load
ASPNET_SessionId booking.hotelrez.co.uk ASP.Net_SessionId is a cookie which is used to identify the users session on the server. The session being an area on the server which can be used to store data in between http requests
We also use Google analytics and Guestbook (our loyalty programme) and have the below cookies.

 

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

 

Name Provider Purpose
__utma booking.hotelrez.co.uk Collects data on the number of times a user has visited the website as well as dates for the first and most recent visit. Used by Google Analytics.
__utmb booking.hotelrez.co.uk Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit.
__utmc booking.hotelrez.co.uk Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit.
__utmt booking.hotelrez.co.uk Used to throttle the speed of requests to the server.
__utmv booking.hotelrez.co.uk Saves user-defined tracking parameters for use in Google Analytics.
__utmz booking.hotelrez.co.uk Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics.
_ga booking.hotelrez.co.uk Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat booking.hotelrez.co.uk Used by Google Analytics to throttle request rate.
_gid booking.hotelrez.co.uk Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

 

Phishing

Phishing is the practice of tricking someone into giving confidential information.  Examples include falsely claiming to be a legitimate company when sending an e-mail to a user, in an attempt to get the user to send private information that will be used for identity theft and fraud.

We will never ask you to confirm any account or credit card details via email.  If you receive an email claiming to be from Legacy Hotels & Resorts asking you to do so, please ignore it and do not respond.  You can contact our Central Enquiries Team or Information Governance Manager to report it or if you are unsure.

Links to Other Websites

This privacy policy applies solely to information collected by Legacy Hotels & Resorts.  Our websites may contain links to external sites, operated by other owners and third parties, over which we have no control.  For this reason, we encourage our visitors to be aware when they leave our website and to read the privacy statements applicable on other sites they may visit.  Any access to such other sites or pages is therefore entirely at your own risk.  We are not responsible for the data protection policies (including personal data protection and cookies), content or security of any third party websites linked to or from group websites.

CCTV

CCTV is installed in all of our premises in public areas and particularly around entrances and exits; this is for the purposes of prevention and detection of crime and employee monitoring.

Changes to our Privacy Policy

Our privacy policy is regularly reviewed.  Following any changes, the new version of the policy will be uploaded to the websites and the old versions removed.  Please check back frequently to see any updates.

Have a question?

All other questions on our use of your personal data should be directed as follows:

Data Protection Enquiries & Concerns: E-mail