The Reach Hotel is committed to ensuring that your privacy is protected.  This privacy notice explains how we use the information you provide when placing a booking for services/accommodation/goods.  The Reach will be the controller of your data.

THE PERSONAL INFORMATION WE MAY COLLECT

We currently collect and process the following information: –

• Name
• Address
• E-mail address
• Contact Tel No
• Passport Number (only for non-UK residents)
• Passport place of issue
• Card payment details
• Car Registration Number (only for cars being parked in the Car Park)

HOW WE GET THE PERSONAL INFORMATION AND WHY WE HAVE IT

All of the above personal information we process is provided to us directly by you for the following reason: –

We are collecting your personal data in order to provide you with the service/accommodation/goods you have booked.  We need to collect your persona data for correspondence purposes and/or detailed service provision.  This includes for the purposes of; processing, confirming, providing and charging for accommodation and restaurant reservations and our goods and services.

We may collect your data by phone, through our website or by e-mail.

Under the General Data Protection Regulation UK (GDPR), the lawful basis we rely on for processing this information is Contractual Obligation.  This means that the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract with us.

For non-UK residents under “The Immigration (Hotel records) Order 1972” we are obliged to collect the passport number and place of issue of every person over the age of 16 years who stays at our premises.

Under the General Data Protection Regulation UK (GDPR), the lawful basis we rely on for processing this information is Legal basis.  This means that the processing is necessary for compliance with a legal obligation to which we are subject.

Your passport number and place of issue not be shared but will be open to inspection by any constable or by any person authorised by the Secretary of State.

Your passport details will be retained for 6 years and are stored on the Guest Registration cards.

In order to provide you with a car parking space at a date and time of your choosing we will keep a record of your car registration number.

Under the General Data Protection Regulation UK (GDPR), the lawful basis we rely on for processing this information is Contractual Obligation.  This means that the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract with us.

HOW WE STORE YOUR PERSONAL INFORMATION AND HOW LONG WE RETAIN YOUR DATA

Your hard copy data is securely stored on site at The Reach in locked offices and cabinets with access only to trusted employee’s and only used for the reasons stated in this privacy notice.  We are required to retain your data for 6 years from the end of the current accounting period.

Every website is made up of files and The Reach website requires a hosting service to store them so that they can be viewed online.  Files are uploaded onto a server and the company that owns the server then points the web address to the files.  Our website is hosted by 123 Reg who’s server is based in the UK and the data is encrypted.  If data is transferred by 123-Reg outside the UK by their affiliated companies of third parties they will rely on Standard Contractual Clauses (SCC’s) and rigorous privacy risk assessments.  More information can be found here Data protection and privacy policy | 123 Reg (123-reg.co.uk).

WEBSITE COOKIES

Our website will use cookies.  Cookies are small blocks of data created by a web server while you the user is browsing our website.  These small blocks of data are placed on your computer or other device by the user’s web browser.  Cookies are used to ensure that our website runs effectively.  The only potential share of your data will be when you are completing the contact form and you will be asked to give consent at this point by checking a box.  A list of our standard cookies are as below:-

Ordinary User Cookies

WordPress_test_cookie	checking if cookies are enabled in browser, expires at end of session
Wp_lang	Checks language , expires at end of session
Wp-settings (ID)	Used when admin is editing or previewing website expires after a long time, not sensitive data
wordpress_logged_in_[hash]	Is used to indicate when you are logged in, and who you are (encrypted format). expires at end of session.
wordpress_[hash]	To store the authentication details on login. The authentication details include the username and double hashed copy of the password (encrypted format), expires at end of session
WordPress_test_cookie	checking if cookies are enabled in browser, expires at end of session
wp-settings-{time}-[UID]	Stores time zone, expires after a long time, not sensitive data
Wp_lang	Checks language , expires at end of session

YOUR DATA SUBJECT RIGHTS

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email datamanager@bigginhillairport.com or use the information supplied in the ‘Contact Us’, section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

THE RIGHT TO BE INFORMED

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.

THE RIGHT OF ACCESS

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If answering requests is likely to exceed one calendar month, where we require additional time or (extended by 2 calendar months), or, in the case of repetitive requests, we reserve the right to request payment (for reasonable administrative costs) before processing the request, we will inform you.’

THE RIGHT TO RECTIFICATION

When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

THE RIGHT TO ERASURE (‘THE RIGHT TO BE FORGOTTEN’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data.  This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

Due to the complex nature of Consent and legal exemption, we are not always able to fulfil deletion (“Right to be Forgotten”) requests, and it is essential you understand this before accessing the service.

THE RIGHT TO RESTRICT PROCESSING

You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:

• The accuracy of personal data is contested.
• Processing of personal data is unlawful.
• We no longer need personal data for processing, but the personal data is required for part of a legal process.
• The right to object has been exercised, and processing is restricted pending a decision on the status of the processing.

THE RIGHT TO DATA PORTABILITY

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of Consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

THE RIGHT TO OBJECT

You have the right to object to our processing of your data where;

a) Processing is based on legitimate interest;

b) Processing is for the purpose of direct marketing;

c) Processing is for the purposes of scientific or historic research; or

d) Processing involves automated decision-making and profiling.

DATA SECURITY

To prevent unauthorised access, maintain data accuracy and ensure the correct use of information, we have in place appropriate physical, electronic and managerial procedures to safeguard and ensure information supplied is held securely, in accordance with the Data Protection Act 2018 and the UK GDPR.

HOW TO COMPLAIN

If you have any concerns about our use of your personal information, you can make a complaint to us at The Reach hello@thereachmcr.com