Crover House Hotel is committed to respecting and protecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this privacy statement to explain to you the information practices of in relation to the information we collect about you.
For the purposes of the GDPR the data controller is:
- Crover House Hotel
- Lough Sheelin, Mount Nugent, County Cavan
- When we refer to ‘we’ it is Crover House Hotel
Please read this Statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who are we?
Our Data Protection Officer / GDPR Owner and data protection representatives can be contacted directly here:
- Laura Clinton
- Email: Lclinton@croverhousehotel.ie
- Tel: 049 854 0206
Purpose for processing your data
This refers to a combination of information such as your name, contact details, travel preferences and special needs/disabilities/dietary requirements that you supply us or is supplied to us via online reservations, including your social preferences, interests and activities and any information about other persons you represent (such as those on your booking). Your information is collected to secure reservations for business operations and to enhance your guest experience. We will update your information whenever we can to keep it current, accurate and complete.
Why are we processing your data? Our legal basis
For the purpose of providing you with our services, security, incident/accident management or insurance, etc., we will collect and process your information for the purposes set out below and in line with guidance from the Data Protection Commisioner (Ireland).
These purposes include administration, service, quality and improvement-related activities, customer care, product innovation and choice, business management, operation and efficiencies, risk assessment/management, security, fraud and crime prevention/detection, monitoring, research and analysis, social media, reviews, advertising, purchasing preferences, activities and trends.
In order for us to provide you with our service, Crover House Hotel need to collect personal data for the following basis,
- Contractual – Crover House Hotel needs to process your data as this is necessary in relation to a contract of OTA’s & Own Brand to which the individual has entered into or because the individual has asked for something to be done so they can enter into a contract.
In any event, Crover House hotel are committed to ensuring that the information we collect and use is appropriate for this purpose and does not constitute an invasion of your privacy.
How will Crover House Hotel use the personal data it collects about me?
Crover House Hotel will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
How We Keep Your Information Safe
We protect your information with security measures under the laws that apply, and we meet international standards. We keep our computers, files and buildings secure. When you contact us to ask about your information, we will ask you to identify yourself. This is to help protect your information.
How Long We Keep Your Information
To meet our legal and regulatory obligations, we hold your information while you are a customer and for a period of time after that. We do not hold it for longer than necessary. Crover House Hotel hold data for a period of 24 months however personal data may be kept for a longer period for archiving purposes.
Who are we sharing your data with?
We may pass your personal data on to third-party service providers contracted to Crover House Hotel in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with Crover House Hotel procedures.
If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your explicit consent, unless we are legally required to do otherwise.
The third parties that we pass your personal data to are:
- Crm Providers
- Processing credit card payments
- Guest satisfaction survey providers
- Performing analysis of our services and customer demographics
- Communicating with you, such as; by way of email or survey delivery
- Customer relationship management
We have issued all our third-party processors with a Data Processor checklist asking them GDPR specific questions
If we transfer personal data to a third party or outside the EU we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
Data subject rights:
Crover House Hotel facilitate you, our clients, rights in line with our data protection policy and the subject access request procedure. This is available on request.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access: you have the right to request a copy of the information that we hold about you.
- Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
- Right of portability: you have the right to have the data we hold about you transferred to another organisation.
- Right to object: you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Crover House Hotel refuses your request under rights of access, we will provide you with a reason as to why.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
Additional information we are providing you with to ensure we are transparent and fair with our processing
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. Crover House Hotel will process personal data in accordance with our retention schedule. This retention schedule has been governed by our internal governance.
In the event that you wish to make a complaint about how your personal data is being processed by Crover House Hotel or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Organisation Name’s data protection representatives Data Protection Officer / GDPR Owner.
Failure to provide further information
If we are collecting your data for a contract (e.g. Life policy or motor insurance policy) and you cannot provide this data the consequences of this could mean the contract cannot be completed or details are incorrect.
If we have received your personal data from another source:
Crover House Hotel have collected your personal data from Online Travel Agents & Own Brand.
We want to share any other information required to demonstrate that the processing is fair and transparent.
The Categories of personal data we have collected are: Name, Personal Contact details and requirements to ensure guest requirements are met during your stay.
This data will be shared with our Internal Departments.
If we have received your personal data from another source we will endeavour to share with you:
- one month of obtaining the personal data, in accordance with the specific circumstances of the processing;
- at the first instance of communicating in circumstances where the personal data is used to communicate with the data subject;
- when personal data is first disclosed in circumstances where the personal data is disclosed to another recipient.
Your privacy is important to us. If you have any queries, questions or comments regarding this Statement, please do not hesitate to contact us.