Skip to content

PRIVACY POLICY

THIS PRIVACY NOTICE EXPLAINS HOW WE COLLECT AND USE YOUR INFORMATION WHEN YOU PLACE A BOOKING FOR SERVICES/ACCOMMODATION/GOODS AT THE REACH, MANCHESTER.

Molo Hotels (Manchester M4) Limited, T/A The Reach at Piccadilly, Manchester is committed to ensuring that your privacy is protected. This privacy notice explains how we use the information you provide when placing a booking for services/accommodation/goods. Molo Hotels (Manchester M4) Limited will be the controller of your data.

THE PERSONAL INFORMATION WE MAY COLLECT

We currently collect and process the following information: –

  • Name
  • Address
  • E-mail address
  • Contact Tel No
  • Passport Number (only for non-UK residents)
  • Passport place of issue
  • Card payment details
  • Car Registration Number (only for cars being parked in the Car Park)

HOW WE GET THE PERSONAL INFORMATION AND WHY WE HAVE IT

All of the above personal information we process is provided to us directly by you for the following reasons:

We collect your personal data in order to provide you with the service/accommodation/goods
you have booked. We need to collect your personal data for correspondence purposes and/or
detailed service provision. This includes, for example, processing, confirming, providing, and
charging for accommodation, restaurant reservations, and our goods and services.

We may collect your data by phone, through our website, or by email.

Under the General Data Protection Regulation (GDPR) UK, the lawful basis we rely on for
processing this information is Contractual Obligation. This means that the processing is
necessary for a contract you have with us or because you have asked us to take specific steps
before entering into a contract with us.

For non-UK residents, under “The Immigration (Hotel Records) Order 1972”, we are obliged
to collect the passport number and place of issue of every person over the age of 16 who stays
at our premises.

Under the GDPR UK, the lawful basis we rely on for processing this information is Legal
Obligation. This means that the processing is necessary for compliance with a legal
obligation to which we are subject.

Your passport number and place of issue will not be shared but will be open to inspection by
any constable or any person authorised by the Secretary of State.

Your passport details will be retained for 6 years and are stored on the Guest Registration
cards.

In order to provide you with a car parking space at a date and time of your choosing, we will
keep a record of your car registration number.

Under the GDPR UK, the lawful basis we rely on for processing this information is
Contractual Obligation. This means that the processing is necessary for a contract you have
with us, or because you have asked us to take specific steps before entering into a contract
with us.

HOW WE STORE YOUR PERSONAL INFORMATION AND HOW LONG
WE RETAIN YOUR DATA

Your hard copy data is securely stored on-site at The Reach in locked offices and cabinets
with access only to trusted employees and only used for the reasons stated in this privacy
notice. We are required to retain your data for 6 years from the end of the current accounting
period.

Every website is made up of files, and The Reach website requires a hosting service to store
them so that they can be viewed online. Files are uploaded onto a server, and the company
that owns the server then points the web address to the files. Our website is hosted by 123
Reg, whose server is based in the UK, and the data is encrypted. If data is transferred by 123
Reg outside the UK by their affiliated companies or third parties, they will rely on Standard
Contractual Clauses (SCCs) and rigorous privacy risk assessments. More information can be
found here: Data protection and privacy policy | 123 Reg.

WEBSITE COOKIES

Our website will use cookies. Cookies are small blocks of data created by a web server while
you, the user, are browsing our website. These small blocks of data are placed on your
computer or other device by the user’s web browser. Cookies are used to ensure that our
website runs effectively. The only potential sharing of your data will occur when you are
completing the contact form, and you will be asked to give consent at this point by checking a
box. A list of our standard cookies is provided below:

Ordinary User Cookies

  • WordPress_test_cookie: Checking if cookies are enabled in the browser, expires at
    the end of the session.
  • Wp_lang: Checks language, expires at the end of the session.
  • Wp-settings (ID): Used when an admin is editing or previewing the website, expires
    after a long time, not sensitive data.
  • wordpress_logged_in_[hash]: Indicates when you are logged in and who you are
    (encrypted format), expires at the end of the session.
  • wordpress_[hash]: Stores authentication details on login. Includes the username and
    a double-hashed copy of the password (encrypted format), expires at the end of the
    session.
  • wp-settings-{time}-[UID]: Stores the time zone, expires after a long time, not
    sensitive data.

YOUR DATA SUBJECT RIGHTS

As a data subject whose personal information we hold, you have certain rights. If you wish to
exercise any of these rights, please email data.controller@thereachmcr.com or use the
information supplied in the ‘Contact Us’ section below. To process your request, we will ask
you to provide two valid forms of identification for verification purposes. Your rights are as
follows:

THE RIGHT TO BE INFORMED
As a data controller, we are obliged to provide clear and transparent information about our
data processing activities. This is provided by this privacy notice and any related
communications we may send you.

THE RIGHT OF ACCESS
You may request a copy of the personal data we hold about you free of charge. Once we have
verified your identity and, if relevant, the authority of any third-party requestor, we will
provide access to the personal data we hold about you as well as the following information:
a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
If there are exceptional circumstances that mean we can refuse to provide the information, we
will explain them. If answering requests is likely to exceed one calendar month, or we require
additional time (extended by two calendar months), or in the case of repetitive requests, we
reserve the right to request payment (for reasonable administrative costs) before processing
the request. We will inform you accordingly.

THE RIGHT TO RECTIFICATION

If you believe we hold inaccurate or incomplete personal information about you, you may
exercise your right to correct or complete this data. This may be used with the right to restrict
processing to ensure that incorrect/incomplete information is not processed until it is
corrected.

THE RIGHT TO ERASURE (‘THE RIGHT TO BE FORGOTTEN’)

Where no overriding legal basis or legitimate reason continues to exist for processing
personal data, you may request that we delete the personal data. This includes personal data
that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
Due to the complex nature of consent and legal exemption, we are not always able to fulfil
deletion (“Right to be Forgotten”) requests, and it is essential you understand this before
accessing the service.

THE RIGHT TO RESTRICT PROCESSING

You may ask us to stop processing your personal data. We will still hold the data but will not
process it any further. This right is an alternative to the right to erasure. If one of the
following conditions applies, you may exercise the right to restrict processing:

  • The accuracy of personal data is contested.
  • Processing of personal data is unlawful.
  • We no longer need personal data for processing, but the personal data is required for
    part of a legal process.
  • The right to object has been exercised, and processing is restricted pending a decision
    on the status of the processing.

THE RIGHT TO DATA PORTABILITY

You may request that your set of personal data be transferred to another controller or
processor, provided in a commonly used and machine-readable format. This right is only
available if the original processing was on the basis of consent, the processing is by
automated means, and if the processing is based on the fulfilment of a contractual obligation.

THE RIGHT TO OBJECT

You have the right to object to our processing of your data where:
a) Processing is based on legitimate interest;
b) Processing is for the purpose of direct marketing;
c) Processing is for the purposes of scientific or historical research; or
d) Processing involves automated decision-making and profiling.

DATA SECURITY

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of
information, we have in place appropriate physical, electronic, and managerial procedures to
safeguard and ensure information is held securely, in accordance with the Data Protection Act
2018 and the UK GDPR.

HOW TO COMPLAIN

If you have any concerns about our use of your personal information, you can make a
complaint to us at The Reach: data.controller@thereachmcr.com

BOOK YOUR NEXT STAY