Privacy Policy
Introduction
We are committed to protecting and respecting your privacy. This privacy policy contains important information about how we use personal data that we collect from you or that you provide to us.
By accessing the website or providing information, you agree to our privacy practices as set out in this privacy statement. We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version.
If you have any questions regarding this policy or about our privacy practices, please contact us at the relevant address set out below in the ‘Contact Us’ section.
Who we are
Our site is owned and operated by Cross Keys (Peebles) Limited, a private limited company registered in Scotland under company number SC790279, whose registered address is 20 Still Haugh Fountainhall, Galashiels, United Kingdom, TD1 2SL.
Our Data Protection Officer is Richard Spanner, and can be contacted by e-mail at info@crosskeyspeebles.com; by telephone on 01721 563 120, or by post at Barony Castle Estate, Eddleston, Peebles, EH45 8QW.
Cross Keys (Peebles) Limited is registered with the Information Commissioner’s Office under registration reference ZB693558.
The information we collect from you
Personal data is information that can be used to uniquely identify or contact a single person. We will collect and process information about users of our website and hotel guests, in order to provide our services. Therefore, we may process any information, including personal data, that our hotel guests provide to the hotel or to any online travel agency relating to the hotel guests’ arrangements.
Personal data processed by us may include, but is not limited to: name, address, e-mail address, phone number and credit card information, date of birth, records of our interactions and travel information.
We will hold your personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us. We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations.
Reasons/purposes for processing information
We process personal information to enable us to provide all our services as a hotel; promote and advertise our business, maintain our own accounts and records; support and manage our employees; the use of CCTV systems for crime prevention.
We process information relevant to the above reasons/purposes. This may include:
personal details
family details
lifestyle and social circumstances
education and employment details
financial details
goods and services
We also process sensitive classes of information that may include:
racial or ethnic origin
religious or other beliefs
trade union membership
physical or mental health details
offences and suspected offences
criminal proceedings, sentences and outcomes
visual images; personal appearance and behaviour
Who the information is processed about
We process personal information about:
staff
customers, clients
suppliers
service providers
complainants, enquirers
consultants and professional advisers
offenders and suspected offenders
individuals captured by CCTV images
How we collect your information
We collect personal data from and about users of our website and our hotel guests through the provision of our services.
Information you give us
This is information about you that you give us directly through our website or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our website or services, when you report a problem and when you provide us with details relating to the nature of any query or problem.
Details you provide relating to your proposed travel arrangements, including relevant hotel bookings and related information.
Information we collect about you
When you visit our website we will automatically collect standard internet log information and details of visitor behaviour patterns using a third party service, Google Analytics. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
Information we receive from other sources
We use a third party, Siteminder.com, to process room bookings through our website.
How we might use your information
We use information held about you in order to administer any contracts between you and us and for the legitimate interests of our business
Information you give to us
We will use this information:
to provide you with information, products or services that you request from us;
to carry out our obligations under any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
to provide you with information about goods or services we feel may interest you. If you change your mind and decide that you do not want us to use your data in this way, please use the unsubscribe option when we contact you;
to notify you about changes to our service;
to ensure that content from our website is presented in the most effective manner for you and for your computer.
Information we collect about you
We will use this information:
to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to improve our website to ensure that content is presented in the most effective manner for you and for your computer or other device;
to allow you to participate in interactive features of our service, when you choose to do so;
as part of our efforts to keep our website safe and secure;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
Information we receive from other sources
We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive) and to facilitate the hotel booking and related services of hotel guests.
We may aggregate your data into an anonymised form to help us provide more useful information to our customers and to understand which parts of the website are of most interest to visitors.
Who we might share your information with
Where necessary or required we share information with:
employees
customers and clients
family, associates and representatives of the person whose personal data we are processing
suppliers
current, past and prospective employers
educators and examining bodies
business associates
professional advisers
financial organisations
employment and recruitment agencies
credit reference agencies
debt collection and tracing agencies
other companies in the same group
central government
police forces and security organisations
CCTV for crime prevention
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
Transfers
It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA).
Any transfers made will be in full compliance with all aspects of the data protection act.
Your rights
You have the right to ask us not to process, or to stop processing, your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us on the details set out below in the ‘Contact Us’ section.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How you can access and update your information
You have the right to access the personal information that we hold about you in many circumstances. This is called a subject access request. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge except in exceptional circumstances.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information.
We strive to maintain accurate, complete, and relevant personal information for the purposes identified in this privacy statement. If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
You have the right to object to us processing your personal information if we are not entitled to use it any more or to have your information deleted or have its processing restricted in certain circumstances. You also have the right to port your personal data in certain circumstances.
If you would like to exercise any of these rights, please contact us using the details set out below in the ‘Contact Us’ section.
You also have the right to lodge a complaint with the supervisory data protection body that regulates us if you have concerns about how we use your personal information.
Security precautions in place to protect against loss, misuse or alteration of data
We have implemented reasonable measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
These include:
physical security and access to all premises;
all access to computer hardware is password protected, with encryption and default security firewalls in place;
staff access to personal information is given on a need to know basis only. Tight controls, consistent with the Payment Card Industry standard (audited annually), are maintained in relation to the use, storage and processing of PII credit card data;
Regular training of staff in relation to storage; and
Otherwise in accordance with Cross Keys (Peebles) Limited’s Data Protection Policy.
The safety and security of your information also depends on you. Any content, including personal information, that you contribute to be shared, published or transmitted to other users of the website, is visible to other users and can be read, collected, or used by them. We urge you to be careful about giving out information in public areas of any of the website. You understand and acknowledge that, even after removal, copies of your content, including personal information, that you contribute to be shared, published or displayed on a website, or transmitted to other users of a website, may remain viewable in cached and archived pages. Although we take efforts to protect your personal information, we cannot guarantee the security of your personal information transmitted to a website. Any transmission of personal information is at your own risk.
Cookies
The website may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us to improve and to deliver a better and more personalized service by enabling us to:
Estimate our audience size and usage patterns;
Store information about your preferences, allowing us to better customize the services according to your individual interests;
Speed up your searches;
Recognize you when you return to the website; and
Deliver targeted advertising based on products or content you have shown an interest in.
You may refuse to accept cookies by activating the appropriate settings on your browser. Check with your provider to find out how to disable cookies. Please note that certain features of the website may not be available if cookies are disabled.
Recruitment
By submitting your resume or other personal information to us you acknowledge that we may use and transfer data as described in this Privacy Notice.
You may provide personal information to us related to education, employment, contacts, preferences, job qualifications, and jobs when you submit an application. You may also choose to provide us with additional information, such as resumes, CVs, transcripts, references, and compensation requests. We recommend that you do not disclose sensitive personal information (e.g., height, weight, religion, philosophical or political beliefs, financial data, sexual orientation, membership of a trade union or political party) in your resume/CV or any materials in support of your application. To the extent you provide sensitive personal information you expressly authorize us to handle such details as specified in this Statement.
We will use your personal information for recruitment purposes, and if you are offered a job or become employed by us we will use it for other employment-related purposes. These purposes include, but are not limited to: verifying past employment and/or education, checking references, confirming ability to legally work in the relevant country, contacting you and/or your emergency contacts at home if necessary, setting/adjusting compensation, job duties and titles, administering benefits, including health insurance, administering savings and pension plans, managing performance, withholding and payment of applicable taxes and complying with legal and regulatory obligations.
We may also retain your information after the recruitment process is complete to contact you about potential future opportunities or for record keeping purposes for a period of three years from the date of your application. However, we may retain your information for longer in an anonymized form for statistical purposes. If you provide information about others (i.e. reference contact details), please ensure you have informed them that you will be providing their information.
By submitting your resume/CV or other information and any subsequent application materials to us, you agree that we may use such information for recruitment, hiring and employment purposes.
Contact us
If you have any questions regarding this policy or about our privacy practices please contact us by email at info@crosskeyspeebles.com; by telephone on 01721 563 120, or by post at Barony Castle Estate, Eddleston, Peebles, EH45 8QW.