We at Guest and the City are committed to safeguarding our client’s personal data. There have been data protection law changes under the new GDPR (General Data Protection Regulation) which will impact how we collect, process, store and safeguard client data. GDPR also provides more rights and gives more control to individuals, such as the right to know what type of data is collected and processed, the right to modify data being held, the right to request any data no longer legally required to be deleted and the right to request a copy of the data being held.
In this privacy statement, when we use the term “we”, “us”, or “our”, we are referring to Guest and the City 2 Broad Street, Brighton BN2 1TJ, East Sussex.
What information we collect?
In order to conduct our business and offer a personalised and valuable service, there are different types of data we collect at the time of booking and upon arrival.
There are six lawful bases for processing data as set in Article 6 of the GDPR. In relation to Room reservations, the data we collect is considered necessary to fulfil the contract (reservation) we have with our clients. We also have a legal obligation in order to comply with the Immigration (Hotel Records) Order 1972 to collect each Guest over the age of 16’s full name and nationality on arrival and keep such records for 12 months.
At the time of booking and on arrival we collect the following data:
1: Full name and Nationality.
2: Passport number & place of issue and next destination
(unless guests are from UK, Ireland, Commonwealth)
3: Contact details: address, telephone number and e-mail address.
4: Credit or debit card details.
How is the collected data processed and stored?
Data is collected by our approved booking site partner on our behalf. The data is then encrypted and transferred to our hotel booking system hosted by Eviivo limited (registered office 154 Pentonville Road, London, N1 9JE company number: 05002392). In relation to credit/debit card data collection and payment processing, we and our booking partners are PCI-DSS compliant as per credit and debit card issuer requirements.
How long do we retain and process your data?
We only request and process data necessary to supply the services and products we offer to our guests. We do not retain or process data for any longer than it is necessary. Credit/debit card details are deleted from our reservation system on the guest’s departure, once outstanding payments have been made.
Data that we are legally required to keep for a longer periods following check-out such as invoice records are retained for 6+1 years and information collected to comply with the Immigration (Hotel Records) Order 1972 for 12 months.
Communication from us before arrival
Any communication you receive from the time of booking up to your arrival date will only be in relation to your reservation, such as the reservation confirmation, invoice or check-in and pre-arrival information e-mails.
Mailing lists and marketing campaigns
During your stay we may ask if you wish to be included in our mailing list so you can receive news, special offers or local events information. We will only include your details once we have your consent by ticking “yes” on the Guest Registration form. You have the right to request your details be removed from our mailing list by using the “unsubscribe” link on an e-mail we send you or by contacting our data controller on . You will receive notification that your details have been removed and you have successfully unsubscribed from our mailing list.
We do not share guest’s personal details with any third party organisation, unless required to do so under UK law.
Use of CCTV
We use CCTV for the purposes of crime prevention and detection. CCTV is located on the entrance to the premises and communal areas on the ground floor. Recordings are kept for around 28 days and are automatically deleted. Access to CCTV monitor and recordings is restricted to both owners.
We may be required to share CCTV data with a UK law enforcement agency if requested to do so for the purposes of crime detection.
The use of CCTV at Guest and the City is registered with the ICO (Information Commissioner’s Office) under registration ZA275657.