PRIVACY NOTICE

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are

Millstream Hotel (Bosham) Limited (company no. 02273740) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation 2016 (“GDPR”) which applies across the European Union (including in the UK) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. The GDPR will be supplemented in due course by additional UK specific data protection legislation including the Data Protection Act 2018.

The personal information we collect and use

Information collected by us from you

We collect personal information when you stay with us in our hotel, when you reserve a table at our restaurant or when you expressly sign up to our mailing list or Loyalty Club. We collect the following personal information when you provide it to us:

  • Title, name, address, telephone number, email address plus secondary contact details (as required for multiple guests)
  • Financial data including payment details (e.g. credit card details) and transaction details about your bookings
  • In course of our Loyalty Club services we also collect your date of birth, title and anniversary (if applicable and if you choose to provide this information to us)
  • Any other information that we are required or need to obtain from you in order to provide our services – this will be made clear to you when you ask to receive any of our services
  • Any other information you may choose to provide to us from time to time

Information collected from other sources

We may be provided by information about you by a fellow guest or diner who is making a reservation or booking for multiple individuals.

We may also collect the above information from third party booking sites. These sites should have their own privacy policies as to how they use your data.

CCTV systems are installed at our premises. We are responsible for the CCTV systems at our premises.  All internal and external CCTV cameras are clearly labelled or otherwise notified to staff and visitors and are visible.  Typically, they are positioned on the exterior of the building, the car park and the reception area, but may be repositioned from time to time to ensure their effective use. Images are recorded and retained for the period of 4 weeks. This is primarily to assist with security and safety of our staff and visitors to our premises, although in rare cases we may use CCTV footage in investigations.

How we use your personal information

We use your personal information to:

  • Ensure we are able to offer you appropriate accommodation to stay in our hotel, to confirm your booking and to contact you regarding and during your stay. We will send you confirmations as well as other communications related to your stay with us;
  • Reserve a table in our restaurant and to confirm that reservation with you;
  • With your explicit consent to add you to our mailing list, this option is offered when you make a booking at our hotel or restaurant. This involves us sending periodic emails or postcards to you with news about our hotel and restaurant as well as special offers. We currently use MailChimp to distribute these emails. You may easily unsubscribe on any email you receive, you can also contact the details at the bottom of this policy to do this for you or to opt out of receiving hard copy materials;
  • To sign you up to our Loyalty Club which is run by our trusted partner Explosive Marketing, this is so that we can send you offers as part of the loyalty scheme. When you sign up to the loyalty club, you will have access to amend your details at any time;
  • Invoice you for our services and collect unpaid bills;
  • To monitor the security and safety of our guests and diners and their property.

Who we share your personal information with

We routinely share the data listed above with our marketing partners MailChimp and Explosive Marketing for them to process it on our behalf.  We also use a third party system called ResDiary to manage our restaurant bookings and Guestline to manage room bookings. This data sharing enables us to offer you the most efficient service and to receive special offers and news from us if you have opted into our marketing scheme or Loyalty Club.

We will share personal information with law enforcement or other authorities if required by applicable law or by order of court or other competent regulatory body.

We will not share your personal information with any other third party to use for their own purposes unless permitted by applicable law.

Some of the information you provide to us may be transferred to, stored and processed by third party organisations which process data for us and on our behalf. These third parties may be based (or store or process information) in the UK or elsewhere including outside of the EEA. As with many small businesses, these third parties may include third party IT platforms (including cloud based platforms), suppliers of administrative and support services and suppliers of other specialist products.

If we merge with another business entity or divest a part of our business or carry out internal corporate restructuring, your data may be disclosed to our new business partners or owners or the new corporate entities.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice; please see section “Keeping your information secure” below.

Reasons we can collect and use your personal information

We must have a lawful basis for processing your information; this will vary on the circumstances of how and why we have your information. We rely on:

  • Your consent being given for one or more specific purposes e.g. signing up to receive marketing emails from us or being part of our Loyalty Club
  • The processing being necessary performance of a contract between us e.g. you stay at our hotel or reserve a table in our restaurant
  • The processing being necessary to comply with a legal obligation e.g. providing information to HMRC or to regulatory bodies
  • The processing being necessary to protect your or someone else’s vital interests e.g. you were unfortunate enough to fall ill or have an accident while on our premises
  • The processing being necessary for our legitimate interests e.g. to make our services more efficient, to develop our service offering or to carry out fraud prevention activities

We may occasionally process special categories of information i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, processing of biometric data for the purpose of uniquely identifying individuals or health data. For example, you may tell us about a particular medical requirement that you would like to be accommodated during your stay or you may tell us about a dietary requirement or allergy for you or a fellow diner when reserving a table in our restaurant. We must have a further lawful basis for processing this information. We generally rely on:

  • Your explicit consent being given for one or more specific purposes e.g. you tell us about a medical requirement in order to ensure a suitable room is available for your stay
  • The processing being necessary to protect your or someone else’s vital interests and you are unable to consent e.g. you suffer an allergy reaction whilst eating at our restaurant
  • The processing being necessary to exercise, establish or defence legal claims

How long your personal information will be kept

We will hold the data collected as listed above for the duration of your relationship with us as a customer, including until we have received all outstanding payments from you, and for so long thereafter as we are required to do so for legal, tax or accounting purposes.

Customer data is kept for a period of five years from the customer’s last visit to the hotel or restaurant.

Transfer of your information out of the EEA

We may transfer your personal information to countries which are located outside the European Economic Area (EEA) or UK as follows:

  • When using outsourced IT or other administrative support services
  • Where you are located outside of the EEA or UK but are looking for to stay at our hotel or make a reservation at our restaurant

Such countries do not always have the same data protection laws as the United Kingdom and EEA but we will ensure that where information is transferred to a country or international organisation outside of the UK / EEA, we will comply with the relevant legal rules governing such transfers that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.

Your rights

Under the GDPR you have a number of important rights free of charge. In summary, those include rights to:

  • access to your personal information
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party where we process that information by automated means and you have provided it to us with your consent or in relation to a contract
  • object at any time to processing of personal information concerning you for direct marketing including profiling
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you [(we do not currently carry out any such processing)]
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email, call or write to using the contact details below
  • let us have enough information to identify you
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them

If you would like to unsubscribe from any email newsletter or special offer you can also click on the ‘unsubscribe’ button at the bottom of the email newsletter or offer. It may take a few weeks for this to take place. Please be aware that unsubscribing from our newsletter will not result in your details being removed from our database and held in suppression until all outstanding invoices due to us have been paid.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We store your data on our hotel reservation system, Guestline. From this system, we will send confirmations as well as other correspondence related to your stay. However, once we have input your payment details to secure a booking, this information is encrypted and our staff do not have access to those details.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Where we transfer information to third parties to enable them to process it on our behalf, we ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.

We may also collect information automatically about your usage of our website using cookies and other technology as set out in the table below. To that effect, we use your IP address (a series of numbers that identifies a computer on the internet) to collect, among other things, internet traffic data and data regarding your browser type and computer.

Cookie What it does
Google Analytics Provides a high level overview of people our using our website so we can see how our different pages are performing.

If you do not want to receive cookies, you may reject them by using your browser settings provided they are not necessary for delivery of our website or services to visitors. Further information on how to manage cookies on your computer.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

You can also contact the ICO at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this privacy notice

This privacy notice was last updated on [25th May 2018].

We may change this privacy notice from time to time as our business and internal practices and/or applicable laws change. We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible via our website and/or otherwise contacting you by post or email) or otherwise than is permitted by applicable law.

How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you:

Millstream Hotel and Restaurant, Bosham, Chichester, West Sussex PO18 8HL

Tel: 01243 573234                 E-mail: info@millstream-hotel.co.uk