020 3744 3778Gardeners Manor House Privacy Policy
This Privacy Policy explains how Gardeners Manor House collects, uses, stores and protects personal data about its customers. It also outlines the rights you have under the General Data Protection Regulation and related data protection laws. This Privacy Policy applies to all Gardeners Manor House customers in our service area, regardless of how you interact with us, whether in person, by post, or through any other communication method.
Who this Privacy Policy applies to
This Privacy Policy applies to all individual customers and prospective customers of Gardeners Manor House in our service area. It covers people who make enquiries, make bookings, visit our premises, attend events, or otherwise interact with our services in a personal capacity. It does not apply to information relating to companies or organisations that does not identify an individual.
Personal data we collect
We may collect and process different categories of personal data about you, depending on how you interact with us. This can include:
Identification and contact details, such as your name, postal address, billing address, and communication preferences. Booking and transaction information, such as reservation details, dates of stay or visit, services requested, payment status and transaction history. Payment related information, such as method of payment and basic payment confirmations. Gardeners Manor House does not store full payment card details when processed through third party payment providers. Communication records, such as enquiries, feedback, complaints and correspondence you send to us and records of our responses. Usage information, such as how you use our services, your preferences in relation to room types, events, dietary preferences where relevant, and other service preferences you choose to share. Visitor information, such as information you provide when you visit our premises, including any sign in details, and information recorded for security, safety or incident reporting purposes. Technical information, such as basic device or system information that may be logged when you access any of our digital services, to the extent it identifies you as an individual.
We will only collect personal data that is adequate, relevant and limited to what is necessary for the purposes described in this Privacy Policy.
How we collect personal data
We collect personal data in several ways. When you provide it to us directly, for example when you make a booking, request information, sign up for updates, visit our premises, or otherwise contact us. Through our service providers, such as booking or payment processors that collect information on our behalf. Through the operation of our premises, including records kept for safety, security, and incident reporting. From publicly available sources where appropriate and lawful, such as where we need to verify certain details.
Purposes and lawful bases for processing
We process your personal data only where we have a lawful basis to do so under data protection law. The main purposes and corresponding lawful bases are:
To manage bookings and provide services. We use your personal data to process reservations, manage your stay or visit, provide requested services, and handle check in and check out. The lawful basis for this processing is the performance of a contract with you or taking steps at your request before entering into a contract.
To communicate with you. We may contact you about your bookings, respond to enquiries and handle complaints. The lawful basis is performance of a contract and our legitimate interests in providing customer service and resolving issues.
To manage payments and accounting. We use personal data to process payments, issue receipts, and maintain accurate financial records. The lawful bases are performance of a contract, legal obligations, and our legitimate interests in managing our business.
To ensure safety, security and legal compliance. We may process data as necessary to protect the health and safety of guests, visitors and staff, to record incidents, and to comply with legal and regulatory requirements. The lawful bases are legal obligations and our legitimate interests in maintaining security and managing risk.
To maintain and improve our services. We may use personal data to understand how our services are used, to improve our offerings, and to develop new services. The lawful basis is our legitimate interests in operating and improving Gardeners Manor House.
To send relevant information and updates. Where permitted by law, we may use your contact details to send information about Gardeners Manor House services, events or updates that we think may be of interest to you. Where required, we rely on your consent to send such communications, and you can withdraw your consent at any time.
Sharing personal data with processors and other recipients
We do not sell your personal data. We may share your personal data with carefully selected third parties who act as data processors on our behalf. These processors may include booking and reservation systems, payment processing providers, information technology and system support providers, and professional advisers such as accountants or legal advisers. These processors are only allowed to use your personal data in accordance with our instructions and for the purposes described in this Privacy Policy. They are required to keep your data secure and to comply with data protection law.
We may also share your personal data with other recipients where required by law or where necessary to protect our rights or the rights of others. This may include regulatory authorities, law enforcement bodies, or insurers in connection with an incident or claim.
Data retention
We keep personal data only for as long as it is reasonably necessary for the purposes for which it was collected, and to meet legal, accounting or reporting requirements. When determining appropriate retention periods, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.
In general, booking and transaction records are kept for the period required by applicable tax and accounting laws. Communication records, such as enquiries and complaints, are kept for a period that allows us to manage and resolve any issues and to demonstrate how we have handled them. Visitor and incident records may be kept for as long as necessary to ensure safety, handle claims, or comply with legal obligations. When personal data is no longer needed, we will securely delete or anonymise it.
International transfers
Where we use service providers located outside your country, your personal data may be transferred to and processed in other jurisdictions. If such transfers involve a country outside the United Kingdom or European Economic Area that has not been deemed to provide an adequate level of data protection, we will take appropriate steps to protect your data, such as using standard contractual clauses or equivalent safeguards in accordance with data protection law.
How we protect your data
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or damage. These measures may include access controls, staff training, secure storage, and regular review of our security arrangements. While we take reasonable steps to safeguard your data, no system can be completely secure, and we cannot guarantee absolute security of information transmitted or stored.
Your data protection rights
As a customer of Gardeners Manor House within our service area, you have a number of rights under data protection law in relation to your personal data. These include the right to access your personal data and receive a copy of the information we hold about you, the right to request correction of inaccurate or incomplete data, the right to request deletion of your personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected, the right to request restriction of processing in certain circumstances, such as while we are verifying contested information, the right to object to processing based on our legitimate interests, including for direct marketing purposes, and the right to withdraw consent where we rely on your consent to process your personal data.
We will respond to requests to exercise these rights in accordance with data protection law. In some cases we may need to retain certain information for legal or contractual reasons, or to establish, exercise or defend legal claims.
Children
Our services are primarily intended for adults. We do not knowingly collect personal data from children without appropriate parental or guardian involvement where required. If we become aware that we have collected personal data from a child without the necessary consent, we will take steps to delete that information where appropriate.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or how we handle personal data. When we make changes, we will revise the date of the latest version and make the updated Privacy Policy available. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Contact and concerns
If you have questions about this Privacy Policy, how Gardeners Manor House handles your personal data, or if you wish to exercise any of your data protection rights, you can contact us using the usual contact details for Gardeners Manor House. You also have the right to raise a concern or lodge a complaint with your local data protection authority if you believe your data protection rights have been infringed. However, we encourage you to contact us first so that we can try to resolve your concerns directly.
