Privacy & Cookies Policy
The Chartridge Conference Company Ltd (The Company) has created this privacy & cookies policy in order to demonstrate our firm commitment to privacy.
This privacy & cookies policy applies to the processing by The Company of your personal data. The Company takes your privacy very seriously and treats all your personal data with great care. The Company acts in accordance with the applicable data protection legislation.
When you visit our website, make a reservation, contact us, purchase products from us or visit one of The Company properties, we collect information from and about you. Some of the information we collect may be classed as personal data under data protection legislation, that is, “any information relating to an identified or identifiable natural person”. It may be collected any time you submit it to us, whatever the reason may be.
This privacy & cookies policy describes which personal data is collected and for which purposes this personal data is processed by The Company. It also states which rights you have under applicable data protection legislation.
DATA MANAGEMENT: For the purpose of applicable data protection legislation, the data controller of your personal data is The Chartridge Conference Company Ltd, 6 Hunting Gate, Hitchin, Hertfordshire, SG4 0TJ.
COLLECTING YOUR PERSONAL DATA
We will observe the principles of data avoidance and data minimisation. That means that we will collect, process and use as little data as possible.
The Company collects information about you in the following ways:
Information you give to us. This includes personal data collected:
• Through our Website when you send an enquiry, register, commence or complete an online transaction to use our products and services.
• When you contact our reservations team to make a booking or use the facilities at any of our venues. Facilities include, but are not limited to, accommodation, meeting rooms, bar and/or restaurant, guest Wi-Fi.
• When you have provided your consent, in order to:
o subscribe to any of our marketing communications
o complete customer surveys, enter competitions or provide feedback
• When we do business with you, which will usually include:
o Full or partial contact details including names and addresses (including business details if you are making a corporate booking), telephone and email details.
o If you have special requirements then it may also be necessary to collect details about diet or disability or any other preferences that you may have.
o Car parking arrangements at our properties may also make it necessary for us to collect your car registration number for your visit to us.
o We collect payment card information from you should you choose to use this form of payment for purchasing or guaranteeing use of our products and services.
o We may also collect your birthdate and other significant dates for making special offers to you around your birthday and other anniversaries.
o From our overseas guests we may also collect passport details.
Information automatically collected. This includes information and personal data collected:
In all of the above mentioned cases the processing of such data is carried out anonymously, that is to say it is impossible to assign and therefore identify any individual person from this collected data.
• CCTV; we operate CCTV systems at our properties. These are in operation and video recordings may be made. This activity is carried out for security and service reasons for the better management of The Company’s properties and security for all its guests and staff.
WHY DO WE PROCESS YOUR PERSONAL DATA?
Regardless of which property you visit, your personal data will be stored in (i) centralised systems which are under the control of The Company and accessible by authorised staff of The Company or our suppliers, and (ii) some local systems controlled solely by the relevant The Company property(s).
We use the information we collect about you to process your bookings, answer your queries, process purchases, and provide our venue and restaurant facilities and services. With your consent, we will contact you via our marketing and sales channels (email/phone/post/SMS) about other related products and services which we feel may be of interest to you. Our marketing communications are generally sent by email but we may sometimes use other methods of delivery such as by post or SMS.
We mainly collect, store and process personal data at two different stages: (i) before you decide to visit one of our properties and (ii) when you visit, or have visited, one of our properties.
i. Before you decide to visit one of our properties
When you visit our Website www.chartridgevenues.com , we collect information about your use of the Website. This includes both information we collect directly from you, and information we collect about your behaviour. This information may constitute ‘personal data’ under applicable law. We use this information to provide you with (personal) offers, both on our Website and via advertisements on other Websites you visit.
Generally; we may use other companies to serve third-party advertisements when you visit and use the Website. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Website and other Websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies’ use of their tracking technologies is subject to their own privacy policies.
Targeted advertising; we use Website information to provide you with (personal) offers, both on our Website and via advertisements on other Websites you visit. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Website, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.
ii. When you visit or have visited one of our properties
When you make a reservation, you will have to provide us with your name, email address, phone number, the dates you are staying with us and a credit card token or other payment information as applicable. We use this personal data to process the reservation, for billing purposes, and to allow us to communicate with you about your reservation. When you stay in one of our properties, we will collect personal data about your preferences, use of our services, and location.
Overview of activities under stage (i) and (ii):
We may at each of the stages outlined above use your personal data but only when and to the extent the law allow us to. Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• Where you have provided your consent.
For your convenience, we have made an overview of activities that involve the processing of your personal data, and the corresponding legal basis/legal bases that allow us to process this data:
Purpose/activity – Legal basis
1 First of all, we store the personal data you provide to us in our systems for administrative purposes. Consent. Where required, enter into or perform a contract to which you are a party
2 Government regulations require us to ask you to provide us with certain information when you arrive at a Company property. This may include information such as: birth date, nationality, place of residence, date of arrival and profession. Compliance with a legal obligation
3 We will have to verify your identity when you arrive at a Company property. We will use your passport or other identification document. We will not store a copy of your passport, except to the extent permitted by law. Enter into or perform a contract to which you are a party. For the purposes of our, or a third party’s, legitimate interests, including keeping our records up to date
4 We store your personal data in our database(s), also after your transaction has been completed and after you have stayed in one of our properties to the extent required by law, to be able to contact you and welcome you again in the future. Compliance with a legal obligation, for the purposes of our legitimate interests, including: keeping our records up to date, managing our on-going relationship with you
5 For many of our business purposes we use cloud based services. Therefore, for technical and organisational reasons, it is necessary that your personal data is transferred to servers located in the UK and the US, or to servers located in countries outside of the European Economic Area (‘EEA’). Enter into or perform a contract to which you are a party, for the purposes of our, or a third party’s, legitimate interests, including: the provision of administration and IT services and network security, preventing fraud
6 We process your booking, howsoever made directly via our Website or via a third party (online) booking agent. Enter into or perform a contract to which you are a party
7 We offer and provide services and products you request from us or which we may think you are interested in, via email, telephone or other media. These marketing communications contain commercial offers and news of The Company and related third parties. We use the email address you provide to send the newsletter to. If you no longer wish to receive the newsletter, you can unsubscribe and we will no longer send you these marketing communications. Consent, where required, enter into or form a contract to which you are a party, for the purposes of our, or a third party’s, legitimate interests
8 We use credit card data or other payment data for invoicing purposes. Enter into or perform a contract to which you are a party
9 If you would like to park in one of our parking areas we may collect your license plate number for security purposes. Enter into or perform a contract to which you are a party
10 We collect data on your use of our Wi-Fi services for security and anti-piracy purposes (such as: IP address, your device’s MAC address, connections made, location, etc.). We do not process the content of traffic. Consent, where required. For the purposes of our, or a third party’s, legitimate interests, including maintaining appropriate IT and network security
11 We endeavour to provide a high level of security of both the information we store as well as our facilities, (IT) systems and premises, by means of encryption, physical security measures, passwords, company procedures and policies and professional IT support. Personal data may be processed in this context by The Company and its vendors. For the purposes of our, or a third party’s, legitimate interests, including: Maintaining appropriate physical and IT/network security
12 We endeavour to prevent our services and facilities (properties) from being used for illegal purposes, of any kind. Personal data may be processed in this context by The Company and its vendors, such as through CCTV surveillance. Vital interests. For the purposes of our, or a third party’s, legitimate interests, including: Protecting you during your stay
13 We engage in activities required for compliance with legal obligations, third party claims or requests from public authorities, such as (i) the mandatory storage/containment of certain information because of a criminal investigation, (ii) requests from third parties for access to information (iii) any further instructions from third parties, such as supervisory authorities, that involve data processing. Consent (if required). Enter into or perform a contract to which you are a party. For the purposes of our, or a third party’s, legitimate interests. Compliance with a legal obligation
14 If you have special requirements then it may also be necessary to collect special categories of personal data in relation to diet or disability. Consent
SHARING YOUR DATA
We may share your personal data as follows:
• Third parties designated by you; we may share your personal data with third parties where you have provided your consent to do so.
• Our third party service providers; we may share your personal data with our third party service providers who provide services such as payment processing, information technology and related infrastructure provision, business support (operational and administrative), customer service, the processing and delivery of marketing communications to you, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data. Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes.
• Affiliates; we may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Privacy Statement. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.
• Corporate restructuring; we may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• Other disclosures; we may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Privacy Statement; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
We do not share your data with any third parties outside of the above processing arrangements and we do not share your data with any business external to our group for their own marketing purposes. From the data we collect, you should only ever receive marketing communications from The Company and its venues.
INTERNATIONAL DATA TRANSFERS
In some instances it is necessary to transfer your personal data overseas. Any transfers will be made in full compliance with all aspects of the applicable regulations.
For many of our business purposes we use cloud based services. Therefore, for technical and organisational reasons, it is necessary that your personal data is transferred to servers located in the UK or US, or to servers located in countries outside of the EEA. When we transfer the data to a country outside of the EEA that does not offer an adequate level of data protection, we will ensure compliance with applicable law by way of EU Model Clauses, EU-US Privacy Shield-certification, or other legally accepted safeguards, as applicable.
The GDPR provides the following rights for individuals:
Right to revoke consent
If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward.
Right of access to your information
If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by sending an email to firstname.lastname@example.org. We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.
Right to rectification and erasure of data, and restriction of processing
If you believe that our processing of your personal data is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by sending an email to email@example.com.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with Article 20 of the General Data Protection Regulation.
Right to object
You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes or to profiling. You can do this by either (i) opting out by using the option we provide in the relevant direct marketing message (e.g. an email newsletter), or (ii) by sending an email to firstname.lastname@example.org or (iii) by writing to:
The Chartridge Conference Company Ltd
6 Hunting Gate
For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing, i.e. service messages.
General information relevant for all requests and queries
Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law.
The Company will use reasonable endeavours to respond to your request or query within one month. The Company is entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honour your request or answer your query, we will explain our reasons for doing so in our reply.
SECURITY, PROTECTION AND STORAGE OF YOUR DATA
The Company have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state of the art protection measures. A strictly limited amount of people have access to your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. It enables us to recognise you when you come back to the site so we can tell how often you visit the website and helps us to retain information such as the most recent search you used, the venues you viewed etc. The information is not linked to your personal data.
A cookie will typically contain the name of the domain from which the cookie has come, the ‘lifetime’ of the cookie, and a value, usually a randomly generated unique number. Cookies can help a website to arrange content to match your preferred interests more quickly and are used by most major websites. Cookies cannot be used by themselves to identify you. Click here to find out more about cookies.
Some of these cookies are essential to make our website work and have already been set. Others help us to improve your experience by giving us insights into how the website is being used.
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all of the interactive features of our website if cookies are disabled. Please click here to find out how to disable/enable cookies
COOKIES ON OUR WEBSITE
In order to use all the functionality on our website and to make bookings you will need to have session cookies enabled. If you do not wish to have cookies enabled you can make a booking by telephoning your chosen venue directly.
Strictly Necessary Cookies – Always Active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies – Active
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Targeting Cookies – Active
SID, HSID, demographics, VISITOR_INFO1_LIVE, PREF, APISID, GPS, SSID, LOGIN_INFO, YSC, SAPISID
APISID, SSID, PREF, SID, SAPISID, HSID
Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
RETENTION OF INFORMATION
The Company will only retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Statement. This may be up to 4 years, unless a longer retention period is required or permitted by law (which is typically the case in the context of our obligations under tax law).
Should you choose to unsubscribe from our mailing list, please note that your personal data may still be retained on our database to the extent permitted by law.
Our Website has an email sign up for customers and our third party booking provider collects contact information, such as an email address, and demographic information, such as a postal code, when bookings are made.
Users may opt-out of receiving future mailings or completely remove their details from our databases. Our email marketing enables subscribers the opportunity to opt-out of receiving email marketing from us.
This site contains links to other sites. We are not responsible for the privacy practices or the content of such Websites.
The Company is committed to resolve any complaints about its collection or use of your personal data.
In case you have any questions in relation to this Privacy Statement or our practices in relation to your personal data you may send an email to email@example.com.
We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
We have done our best to make sure that this Privacy Statement explains the way in which The Company processes your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date and we will notify you if we make any material updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy statement, the practices of this site, or your dealings with this Website, please contact us.