Glenfinnan House is aware of its obligations under the UK General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with GDPR, the types of personal data that we collect and process about our guests and web-site visitors. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
Glenfinnan House is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:
Glenfinnan House Hotel
Glenfinnan
by Fort William
Highland Region
PH37 4LT
Email: info@glenfinnanhouse.com
In relation to your personal data, we will:
Personal data means any information capable of identifying an individual. It does not include anonymized data. We may process certain types of personal data about you as follows:
We may also process Aggregated Data from your personal data, but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.
Where we are required to collect personal data by law, or under the terms of the contract between us and you, if you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver the Services to you). If you don’t provide us with the requested data, we may have to cancel your order of the Services. If we do, we will notify you at that time.
There are 6 lawful reasons for processing personal data, which are:
We collect personal data about you through a variety of different methods including:
We do not collect sensitive data.
It is not our intent to process data from anyone under the age of 16. If you are aware of anyone having submitted data to us relating to an individual under the age of 16, please let us know at info@glenfinnanhouse.com and will immediately stop processing and delete any personal data relating to that individual. If we become aware of having been provided data relating to an individual under the age of 16 (without parental consent) we will immediately stop processing and delete any personal data relating to that individual.
Your data will be shared within the Company where it is necessary for staff to undertake their duties in provision of the Services to you.
We also share some of your data with the following third parties:
Information |
To Whom |
Purpose |
Guest name, contact details |
SimpleERB |
Restaurant reservation system |
Guest name, contact details |
Guestline |
PMS guest reservation system |
Guest name, contact details |
JG Collection |
Appointed Sales company for Hotel (ICMI) |
Guest name, contact details |
ICMI Collection |
Appointed Hotel management company |
Guest Name, contact details |
Luxury Restaurant Collection |
Appointed Restaurant Membership Club |
Guest Name, reservation details |
Upsell Guru |
Appointed pre-arrival reservation service |
Guest Name, reservation details |
Workmatrix |
Online reservation booking engine |
Guest Name, contact details |
Guest Activity suppliers |
Based on your request for activities during your stay, limited contact information may be given. |
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data. You can link to their specific Data Privacy Polices here:
We do share your data outside the European Economic Area since we have hotels in the Caribbean, we follow binding corporate rules when moving data using a contractual arrangement with EU approved “standard contract clauses”.
In line with data protection principles, we only keep your data for as long as necessary. Guest details are kept for 13 months otherwise requested to be deleted.
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact our Data Manager:
JVR Consultancy Ltd
635 Bath Road, Slough, Berkshire, SL1 6AE
Email: tom@jvrconsultancy.com
We strive to meet the highest standards when collecting and using personal information. Complaints are taken very seriously, and data subjects are encouraged to bring any issues to our attention.
The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been abused or breached in any way by us, you are able to make a complaint to the ICO at https://ico.org.uk/concerns/.
Or by post, telephone or email:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk.