The aim of this document is to:
- Set out the data we require from our guests
- Explain why we need the data
- Explain how we use it
- Let you know why we retain guest information after a stay
Who are we?
We are an independently-owned apartment hotel operator, based in Birmingham, providing overnight accommodation to guests – Stayingcool Group Ltd. Our registered office is:
Office 1, Izabella House, 24-26 Regent Place, Birmingham, B1 3NJ
Company No: 0983144
+44 (0)121 285 1250
What data do we store?
We store any data a guest (or a booking agent on a guest’s behalf) gives us to respond fully to:
- A reservation enquiry
- Make a booking
- Enhance the experience of a guest stay
- Send appropriate electronic marketing communications if a guest has ‘opted in’ to receive one of our (no more than) six emails a year.
How do we collect data?
Data is collected via the following means:
- Phone calls
- In person visits
- Booking reservation forms from online travel agencies eg booking.com and Expedia or traditional travel agencies.
We have a cloud-based Property Management System (PMS). A PMS is a database of all the reservations made with us. It is our way of ensuring we have a record of guest bookings so that when you check-in we have an apartment ready for you. Our PMS is provided by Mews Systems.
The following information is stored on the PMS:
- Gender (male, female, other)
- Salutation (Mr/Ms etc)
- First name
- Date of birth (if supplied)
- Company name (if supplied)
- Home postal address
- Email address
- Mobile number
- Landline (if supplied)
- Encrypted (tokenised) credit/debit card details (we are fully PCI compliant)
We may also take a copy of a recognised form of ID eg a passport or driving licence. You can also upload this information yourself during the online check-in process.
We may also store information about special requirements such as food preferences, a disability or medical condition that may affect a guest’s stay with us (if you have supplied this information). Similarly, we may also hold a record of any special occasions that you are celebrating with us and the ages of your children, so we can provide age-appropriate Cool for Kids gifts if relevant. All of this information is stored securely and electronically on MEWS, our cloud-based PMS.
Why do we collect guest data?
(a) We are required by UK law to keep a record of the name and address of everyone staying with us at any given time. For overseas visitors, we are also required to note a guest’s passport number and its place of issue.
(b) We also need a guest’s name, address, contact and ID details to process a booking. We collect this information once, and for these reasons:
- To provide guests with full receipts for their company expenses claims/personal records
- To better protect guests against identity theft if someone tries to use their details to make a booking
- To protect Staying Cool against credit card fraud and chargebacks
- To speed up check-in for returning guests
- For security purposes. We need to know who is staying with us so we can provide that information to the authorities in case of any major incidents or a request from another government service eg track and trace service
- To supply to HMRC (Inland Revenue and VAT offices) if requested
(c) If a person has opted in to receiving communications we will send electronic marketing offers and updates (no more than six per year). Please note that our mailing list is kept separately (on MailChimp) to our PMS.
(d) We use anonymised data such as postcodes, gender and age to monitor who is staying with us and help improve our understanding of guests to aid our marketing efforts.
(e) During the Coronavirus pandemic we were required to keep data (name, phone number and email address plus time of arrival) for 21 days in case they are needed for contact tracing via the NHS Track and Trace scheme. We no longer do this.
How is guest credit card information stored and data security?
Guest information and credit card information is stored on a secure server in the UK. The card information is encrypted (tokenised) and we see only the last four digits of a card number once it has been entered and saved. We never store CVC numbers.
Guest data eg email, address etc is stored on the PMS and is password protected. No public Wi-Fi networks are used in the viewing or processing of data. All company laptops are equipped with ESET security software.
How long do we keep guest data?
We have retained all guest records since we opened in 2005 and have no plans at present to delete these or any future records for the reasons given in points (b), (c) and (d) above.
We are required by our merchant credit card companies to keep full records of all bookings made by credit or debit card for 13 months after check-in. We are also required by law (HMRC) to keep full records for accountancy purposes for seven years.
We have never, nor do we plan to in the future, share guest data with third parties EXCEPT in the two scenarios below:
- If we are subject to a change of ownership or corporate structure and need to pass over guest data from one company to another in order for the transaction to proceed.
- Following a formal information request from the police, bank or credit card company about the dates of a guest stay.
When we communicate with guests
Before, during and immediately after a stay we will need to contact guests about their stay (e.g send a booking confirmation, make sure they know how to get here, send a receipt for completing expenses forms etc).
Thereafter, we will only contact a guest if they have asked us to (opted in to future mailings) and this will usually be by email. If a guest has opted-in and then changes their mind, opting out is easy. Either contact us directly by email to firstname.lastname@example.org or use the unsubscribe button on the email communication from us (usually found in the footer).
Seeing the data we store about you
Please email us and ask us to send you all the data that is stored online via our MEWS property management system.
Guests can ask us to remove any personal data they don’t want us to keep (although we will need to ask for this information again for any future bookings). Or email us at email@example.com and we will remove the data.
The only paper documents we store are:
- Signed guest check-in sheets (before March 2020) showing a guest’s name, the stay dates and apartment number
- Guest credit card payment slips in case of a query from a card provider (if you have paid using our PDQ machine) although most transactions are charged automatically online via our MEWS PMS..
These documents are kept securely for 13 months before being destroyed by a registered shredding company.
If a guest would like to know what details we hold about them offline, for what purpose and to whom they may have been disclosed, they can request this information either by letter or e-mail. We will respond within seven days of receiving a written request to firstname.lastname@example.org
In very limited circumstances we may need to refuse a guest request (if this was the case, we would give you a detailed reason).
Tracking devices and ‘cookies’ on our websites
As part of GDPR, we are required to let you know when we use any tracking devices or ‘cookies’ on our website.
We, and/or third parties, may use pixel tags and place cookies on a user’s device that track users’ behaviour on our website and on other third-party websites.
We use three types of anonymised tracking software on our website to:
- See which forms of online advertising are working (Google Analytics,)
- Tell us how many times a visitor may come to our site before booking (Google Analytics)
- See how visitors use our website so we can make improvements to help the customer journey (Google Analytics, Hotjar and The Hotel Network)
- Serve tailored pop-up information about offers and discounts
- Serve adverts via Google and other third parties (Google).
If you do not wish to have cookies enabled and would like to make a booking, simply give us a call on +44 (0)121 285 1250 or email email@example.com.
Staying Cool is a data controller of guest personal informatoin
For the purposes of GDPR (from 26 May 2018), Stayingcool Group Ltd is a data controller.
How can you contact us?
What if you have a complaint?
Guests can complain to the Information Commissioner’s Office (ICO), which regulates data protection compliance in the UK, if they are unhappy with how we have processed their personal data. There are clear guidelines on how to do this on www.ico.org.uk/concerns
Our privacy statement covers only Stayingcool Group Limited. Links to other websites and any information collected by these sites are not covered by this privacy statement. We would encourage you to reread our privacy statement from time to time, so that you are aware of any changes in how we gather and use personal information. Every time we make an update we will amend the date below.
What if this policy changes?
Policy updated on 20 October 2020