Our Privacy Policy

1. THE SOPWELL HOUSE COMMITMENT TO PROTECTING YOUR PRIVACY

Because we consider you an important guest of Sopwell House, our first priority is to offer you a home from home and a stay that makes you want to come back for more. Your complete satisfaction and confidence in Sopwell House is absolutely essential to us. That’s why, as part of our commitment to meeting your expectations, we have updated our privacy policy. This formalises our commitments to you and describes how Sopwell House uses your personal data. Sopwell House is part of the AB Hotels Group. The main rules applicable within Sopwell House are founded on seven principles.

2. CONSENT

“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a person. Before providing us with this information, we recommend that you read this document describing our privacy policy. This Personal Data Protection policy forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you expressly accept the provisions of this policy.

3. SOPWELL HOUSE SEVEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA

1. Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.

2. Legitimacy: We will collect and process your personal data only for the purposes described in this policy.

3. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.

4. Storage: We will hold your personal data for the period necessary for processing in compliance with the provisions of the law.

5. Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. The details of the department to contact and steps to be taken in this respect are shown below in the clause “Access and modification”.

6. Confidentiality and security: We will ensure reasonable technical and organisational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorised use, disclosure or access.

7. Sharing and international transfer: We may share your personal data with third parties for payment processing, email services and other services essential to the running of the business (such as commercial partners and/or service providers) for the purposes set out in this policy. We will take appropriate measures to guarantee security when sharing or transferring such data.

For any questions concerning the seven principles of Sopwell House’s data protection, please contact the General Manager at generalmanager@sopwell-house.co.uk via the details in the clause “Access and modification”.

4. SCOPE OF APPLICATION

This policy applies:

1. To all data processing implemented in our hotel

2. To Sopwell House reservation websites, including www.sopwellhouse.co.uk

5. WHAT PERSONAL DATA IS COLLECTED?

At various times, we will be obliged to ask you, as a Sopwell House customer, for information about you and/or members of your family, such as:

• Contact details (for example, last name, first name, telephone number, email)
• Personal information (for example, date of birth, nationality, medical conditions)
• Information relating to your children (for example, first name, date of birth, age)
• Your credit card number (for transaction and reservation purposes)
• Your membership number for the Sopwell House Leisure Membership or another partner program
• Your arrival and departure dates
• Your preferences and interests (for example, preferred floor, cultural interests, newspapers)
• Your questions/comments, during or following a stay at Sopwell House.

The information collected in relation to persons under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We do not deliberately collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of sexual orientation. We will collect details regarding your health if you have booked a spa treatment, this is necessary for your own health and safety. Depending on applicable local laws, other information which could be considered sensitive, such as your credit card number, your leisure activities, personal activities and hobbies, may be collected in order to meet your requirements or provide you with an appropriate service, such as a specific diet. In this case, depending on the laws in force in certain countries, your prior consent may be required with regard to the collection of this sensitive information.

5. WHEN IS YOUR PERSONAL DATA COLLECTED?

Personal data may be collected on a variety of occasions, including:

1. Hotel activities: Booking a room , Checking-in and paying, Requests, complaints and/or disputes.

2. Participation in marketing programs or events: Signing up for loyalty programs, Participation in customer surveys (for example, the Guest Satisfaction Survey), Online games or competitions, Subscription to newsletters, in order to receive offers and promotions via email.

3. Transmission of information from third parties: Tour operators, travel agencies, GDS reservation systems, and others

4. Internet activities: Connection to Sopwell House website (IP address, cookies), Online forms (online reservation, questionnaires, Sopwell House pages on social networks, etc.).

6. HOW WILL WE USE THE INFORMATION ABOUT YOU?

We collect your personal data for the purposes of:

1. Meeting our obligations to our customers.

2. Managing the reservation of rooms and accommodation requests: Creation and storage of legal documents in compliance with accounting standards.

3. Managing your stay at the hotel: Monitoring use of services (telephone, bar, pay TV etc.), Managing access to rooms, Internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).

4. Improving our hotel service, especially: Processing your personal data in our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes, Adapting our products and services to better meet your requirements, Customising commercial offers and the promotional messages we send to you, Informing you of special offers and any new services created by Sopwell House.

5. Managing our relationship with customers before, during and after your stay: Managing the loyalty program, Segmentation operations based on reservation history and customer travel preferences with a view to sending targeted communications, Predicting and anticipating future behaviors, Developing statistics and commercial scores, and carrying out reporting, Providing context data for offer tool when a customer visits the website or makes a reservation, Knowing and managing the preferences of new or repeat customers, Sending newsletters, promotions and tourist, hotel or service offers, or contacting by telephone, Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys, Taking into account the right to object, Using a dedicated telephone service to search for persons staying at Sopwell House in the event of serious events affecting the hotel (natural disasters, terrorist attacks etc.).

6. Use a trusted third party to cross-check, analyze and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your customer profile, and to allow us to send you personalized offers.

7. Improving Sopwell House services, especially: Carrying out surveys and analyses of questionnaires and customer comments, Managing claims/complaints, Offering you the benefits of our leisure membership

8. Securing and enhancing your use of the Sopwell House website, especially: Improving navigation, Implementing security and fraud prevention.

9. Conforming to local legislation (for example, storing of accounting documents).

7. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA

To guarantee you the right of access and amendment (“Access and modification” clause), we have to share your personal data with internal and external recipients subject to the following conditions:

a. Within Sopwell House, in order to offer you the best service, we can share your personal data and give access to authorised personnel from Sopwell House, including:

• Hotel staff
• Reservation staff using Sopwell House reservation tools
• IT departments
• Commercial partners and marketing services such as an email service provider
• Medical services if applicable
• Legal services if applicable
• Generally, any appropriate person within Sopwell House entities for certain specific categories of personal data.

b. With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with required services and improving your stay, for example:

1. External service providers: IT sub-contractors, banks, credit card issuers, external lawyers, dispatchers, printers.

2. Commercial partners: Sopwell House may, unless you specify otherwise to us, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyze and apply certain devices to your data. This data processing will allow Sopwell House and its privileged contractual partners to determine your interests and your customer profile, and will allow us to send you personalised offers.

c. Local authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.

8. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS

For the purposes set out in Clause 7 of this policy, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection. Consequently, in addition to implementation of this policy, Sopwell House employs appropriate measures to ensure secure transfer of your personal data to a Sopwell House entity or to an external recipient located in a country offering a different level of privacy from that proposed in the country where the personal data is collected. Other than those that are required to carry out your reservation, data flows to countries having different levels of personal data protection are regulated by standard contractual manager-to-subcontractor clauses defined by the European Commission. Data flows to the United States are made to entities that belong to Privacy Shield.

9. HOW WE SECURE YOUR INFORMATION

Sopwell House takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are aligned with widely accepted international standards; we apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

For example:

Policies and procedures

• We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
• We have a Business Continuity and Disaster Recovery strategy that is designed to safeguard the continuity of our service to our guests and to protect our people and assets
• We place appropriate restrictions on access to personal information
• We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
• We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies
• Training for employees and contractors
• We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal information and other sensitive data
• We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
Vendor risk management
• We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal information with which they are entrusted in accordance with our security policies and procedures

10. MARKETING

We would like to send you information about products and services of ours and other companies in our group which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the AB Hotels Group. If you no longer wish to be contacted for marketing purposes, please email digitalmarketing@abhotels.co.uk or click the unsubscribe link at the footer of any of our marketing emails.

11. COOKIES

We use cookies when you visit our site. There are four main types of cookies – here’s how and why we use them.

• (1) Site functionality cookies – these cookies allow you to navigate the site and use our features.

• (2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.

• (3) Customer preference cookies – when you are browsing, these cookies will remember your preferences (like your language or location), so we can make your experience as seamless as possible and more personal to you.

• (4) Targeting or advertising cookies – these cookies are used to deliver relevant Google Ads to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/. Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site.

12. STORAGE OF DATA

We’ll hold on to your information for as long as you have a booking with us, and for as long as is necessary to provide support-related reporting, or accounting purposes. We’ll also hold on to your information if reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even if it is no longer needed to provide the services to you.

13. ACCESS AND MODIFICATION

You have the right to access your personal data collected by Sopwell House and to modify it subject to applicable legal provisions. You may also exercise your right to object by writing to the address below. If you have any questions, would like to request access, deletion or changes be made to your information please contact the General Manager directly by sending an email to generalmanager@sopwell-house.co.uk or by writing to the address below:

Sopwell House Cottonmill Lane,

St Albans,

Herts

AL1 2HQ

For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the above details. All requests will receive a response as swiftly as possible and in accordance with applicable law. Substantial access requests may incur an administration charge.

14. UPDATES AND CHANGES TO OUR HOW TO PROTECT YOUR PRIVACY

We may modify this policy from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at Sopwell House.

15. QUESTIONS AND CONTACTS

For any questions concerning the Sopwell House privacy policy, please contact the General Manager (“Access and modification”clause).