This notice applies to data that is held stored, used and shared by Databasics Hospitality Systems Limited t/a Hotel Perfect (we/our/us) and your rights in relation to personal information.
We are a provider of a software package, Hotel Perfect (Software), and enter into agreements for the use of the Software (Agreement(s)) with hotels (Hotel(s)) pursuant to which the Hotels provide services in relation to accommodation and bookings and other ancillary services (Services) to guests.
We receive personal information in relation to guests from each Hotel with whom we have an Agreement and in these circumstances the Hotel is the data controller and we are the data processor and process personal data in accordance with the respective Hotel’s directions.
We hold personal information that a representative of a Hotel provides to us for the purpose of entering into an Agreement with the Hotel in the capacity of data controller.
We may also hold other information that individuals or people other than guests may give to us which we hold as data controller.
The categories of data that we hold are names and addresses and dates of birth. We do not hold bank card details – these are inputted into a secure payment application within the Software.
We do not collect data from third party sources unless specifically requested in writing by the relevant Data Controller.
We as data processor pursuant to an Agreement(s) with a Hotel(s) will if directed by the Hotel(s) will receive analytical data from booking engine providers which is anonymised.
We as data controller receive analytical data from Google in relation to people visiting/browsing our website which does not contain any personal data.
Basis of Processing
The processing of guest’s and hotel owner’s/representative’s personal data and any booking engine data is necessary for the performance of the Agreement and the provision of Services.
If we are going to process data that we hold in the capacity of data controller, e.g. for marketing purposes to a Hotel, then we will obtain prior consent from the relevant person at the Hotel and give the opportunity to withdraw consent at any time.
We process analytical data from Google in relation to our website on the basis of our legitimate interests seeking to develop our own business and we do not carry out any automatic profiling.
Who we share personal information with
We routinely share personal data with third party suppliers and sub-processors as part of the provision of the Services the categories of which are: hosting, software providers, accountants, consultants. A list is available here. We ordinarily contract with these suppliers on their standard terms and conditions and we need to share data in this manner in order to provide the Services.
If a guest at a Hotel requests that the hotel as data controller provides certain marketing services then we as part of the provision of Services will provide that guest’s data to third parties for that purpose in accordance with the Hotel’s directions but not otherwise.
We will share personal information with law enforcement or other authorities if required by applicable law
We will not share data with third parties for marketing purposes where we hold data in the capacity of data controller unless we are instructed to do so.
How long your information will be kept
We will store guest’s information for the period required for the provision of the Services and as directed by the relevant Hotel as data controller.
Where we hold data as data controller we will hold the data for the duration of the Agreement and any longer period required for us to comply with applicable law (e.g. audit) or in other cases for the duration of the period necessary for the purpose that you provided the data to us or to which you have consented (e.g. any marketing).
No Transfer out of the EEA
We do not transfer personal information outside the European Economic Area (EEA).
A data subject has certain rights including the following: to correct any mistakes in your information; to request the erasure of any information; to withdraw consent to processing for marketing (Rights).
If you are a guest at a Hotel for which we are providing Services then you must contact the Hotel in order to exercise any of your Rights and in general as we can only act in accordance with the Hotel’s instructions.
If you are a Hotel with whom we have an Agreement then we will not necessarily be able to perform the actions in relation to your Rights until the Agreement has ended and we are not required to retain the data by law other than the withdrawal of consent to any marketing to which you may have consented.
We have appropriate security measures in place to prevent personal information from being lost, used or accessed in an unauthorised way. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Third Party Links
Our website may contain hyperlinks or references to third party websites. Any such hyperlinks or references are provided for your convenience only. We have no control over third party websites and accept no legal responsibility for any content, material or information contained in them. The display of any hyperlink and reference to any third party website does not mean that we endorse that third party’s website, products or services. Your use of a third party site may be governed by the terms and conditions of that third party site.
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation gives you the right to lodge a complaint with the supervisory authority which is the Information Commissioner who may be contacted at: ico.org.uk/concerns.
This privacy notice was published on 10 May 2018 and may be changed from time to time.
Databasics Hospitality Systems Limited is a company registered in England under number 03727106 whose registered office is at Tremough Innovation Centre Penryn Cornwall TR10 9TA.
Please write to this registered office address for the attention of GDPR Team or Email: email@example.com Tel 0843 309 1602