Who are we?
DUKES Hotel Limited is a limited company registered in England and Wales whose registered office is 35 St James Place, London SW1A 1NY. We operate as Data Controller for the information you provide to us.
DUKES Hotel is committed to protecting your privacy and maintaining the security of any personal information received from you. We strictly adhere to the requirements of the General Data Protection Regulations (GDPR) in the UK.
The purpose of this statement is to explain to you what personal information we collect, and how we may use it under the new General Data protection Regulations (EU) 2016 / 679 (GDPR). We have reviewed and updated our policies, processes and procedures to comply with the GDPR and have updated this Privacy Notice accordingly.
If you have any questions about the protection of your data, please email our Data Protection Officer: [email protected].
Click this link to report a concern to the ICO
Personal information we collect when you interact with us:
The personal information we collect includes:
When you make a booking, we need to know your name, address, username, password, telephone number, email address and card details. This allows us to process and fulfill your booking. You have the option to withhold personal information that is not required for the booking process.
We do not sell, rent or exchange your personal information with any third party for commercial reasons, beyond the essential requirement for credit/debit card validation during purchase. We may be required to give information to third parties such as expert witnesses, law enforcement agencies, courts and other professional advisers.
DUKES Hotel never sends emails asking you to provide personal or credit card information. DUKES Hotel does not disclose buyers’ information to third parties.
Web browser cookies:
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers outside of the EEA.
Your personal identification information is used in a variety of ways, including, but not limited to, when you visit our website, place a booking, subscribe to our newsletter and in connection with other activities, services, features or resources we make available on this site. You may be asked for, as appropriate, name, email address, mailing address, phone number etc. You may, however, visit our site anonymously. We will collect personal identification information from you only if you voluntarily submit such information to us.
Credit Card Information:
Our payment processes are PCI DSS compliant. In booking, to process credit and debit card transactions, the bank or card processing agency may require to verify your personal details for authorisation. We do not store credit card information which is passed through directly to our payment service provider. Your information will not be transferred outside of the EU for any other purpose.
We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access in accordance with the GDPR regulations.
We will send emails to you, for the purpose of informing you of new products, offers and services. You may have consented to us sending you newsletters from time to time as part of the registration process.
If you no longer wish to be contacted, and wish to be unsubscribed from our Newsletter or email communications, please email us on [email protected]
You may also opt out of this notification service by replying to the email that was sent with the word “unsubscribe” (without the quotes) in the subject line.
How we use your information:
We will use your personal information to manage bookings, provision of services, offers, surveys and newsletters you have requested. Specifically:
Automated decision making:
We do not undertake any automated decision, excluding Google Analytics, making using your data, nor do we use your data for profiling or any other investigative purposes.
Security of your data:
We have taken all reasonable steps to ensure that we and our Data Processors adapt industry standard security protection systems to ensure the security of your data.
We have security procedures in place to ensure that we can effectively identify report, manage and resolve any personal data breaches.
We have procedures to deal with key data subject rights, like subject access requests and the right to request deletion.
We are reviewing our key third-party vendor arrangements to make sure we have the appropriate contractual protections in place to satisfy GDPR requirements.
We have an internal GDPR training program running across key areas of the business to increase awareness of how the legislation impacts their day-to-day roles.
We regularly review our data security procedures to ensure they are kept up-to-date.
Your rights under GDPR:
The GDPR provides the following rights for individuals, and please click here for further information:
You exercise your rights by submitting a Subject Access Request. If you would like to exercise any of your rights under GDPR and need assistance, please email our Data Protection Officer on [email protected]
Subject Access Request:
Under GDPR, individuals are entitled, subject to certain exceptions, to request access to information held about them. This is called a Subject Access Request.
Subject Access Requests should be made by email or in writing addressed to the Data Protection Officer (DPO) at [email protected] The DPO can supply a standard request form, although you do not have to use this.
The information that you are entitled to is:
The DPO will always verify the identity of anyone making a subject access request before handing over any personal information. The DPO will require photo ID and/or proof of address. Our aim is to provide the relevant information to you within 30 days.
Your right to complain about us:
If you are dissatisfied with our handling of your requests about the protection of your data you have the right to complain to the Information Commissioners Office (ICO). To report a concern to the ICO click this link.
By email: [email protected]
By letter: Data Protection Officer, DUKES Hotel Limited, 35 St James’s Place, London SW1A 1NY.