St Stephens Guest House take the privacy of its guests very seriously and the security of your personal information is extremely important to us.
This policy sets out what information we collect about you, how it will be used, stored and your rights to access your personal information.
When we say ‘we’, ‘our’ or ‘us’ we are referring to St. Stephens Guest House, 100 St. Stephens Road, Canterbury, Kent, CT2 7JL.
By making a booking with us, either online, by telephone or email you are accepting and consenting to the practices described in this policy.
Under the General Data Protection Regulation (GDPR), the data controller is St. Stephens Guest House, the data processor is Queensborough Group and sub-processors providing services in connection with the operation of our online booking system, HotelHost Company and Rackspace.
1. Information Collection
When you make a booking with us, either online, by telephone or by email we will store the personal information that you give to us including: your name, email address, postal address, telephone number and card details.
2. Information processing
Lawful basis under which we may process your data:
When you make a booking, either online, by telephone or by email, you are entering an agreement with us and the information that we collect and store relating to you is used to enable us to provide you with our accommodation services.
For example, we may need to contact you by email or telephone about your booking.
We may be under the obligation of using your personal information for legitimate interests such as fraud detection and legal purposes.
For any other purpose, such as marketing purposes, we will only use your personal data if we have your consent.
3. Third parties
There are certain circumstances under which we may disclose your personal information to third parties.
These circumstances are:
To our own service providers who process data on our behalf and on our instructions (for example our online booking system). We require that these companies comply with our instructions and the relevant data protection laws.
To assist NHS Track & Trace for contact tracing purposes in relation to COVID-19.
4. Debit and credit card information
When you use your debit or credit card information to make a booking we and our data processors will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS)
5. Keeping Records
We will store your personal information after your stay, but it will not be kept for longer than necessary in order to comply with our legal obligations and for the purpose of repeat business. Card details are securely disposed of after your departure.
We have appropriate administrative, technical, and physical procedures in place to prevent unauthorised access and misuse of personal information.
6. Your rights regarding your personal information
You have the right to request a copy of the personal information that we hold about you. You also have the right to request if personal information is being processed, where and for what purpose and request that it is removed from our systems in so far that it doesn’t override requirements to hold information under other legislation, (e.g. to comply with financial regulations).