Introduction and who we are

St David Aparthotels (collectively referred to as ‘St David Aparthotels’, ‘we’, ‘us’ or ‘our’) respects your privacy and is committed to protecting your personal data.

This Privacy Policy describes how we collect, use, store and disclose personal information that we collect from guests, visitors to our website and individuals who interact with us in person, over the phone, or through other channels.

By accessing our services or providing your personal information, you consent to collecting, using, and disclosing your personal information as described in this Privacy Policy. 

This document sets out the accepted use to ensure that the Company complies with:

• The Data Protection Act 2018.
• The UK GDPR 2016 (General Data Protection Regulation)EU General Data Protection Regulation 2016/679 (UK GDPR).
• Information Commissioner’s Office (the ICO).

It is important that you read this privacy policy so that you are fully aware of how and why we are using your data.

If you book an apartment with ‘St David Aparthotels’ the controller is ‘St David Aparthotels Ltd’. Where a third party provider interacts with your data, we have no influence on the further processing of your data by that company.  You can find information on the processing of your data by the third party in the privacy policy of the relevant company.

Information we collect

Personal data means any information about an individual from which that person can be identified.

We have grouped the different kinds of personal data we may collect, use, store and disclose as:

• Personal information: We may collect personal information such as your name, title, gender, nationality, address, date of birth, telephone numbers, email addresses, payment card information, reservation purpose, signature and special requests you provide to us when making a reservation, checking in, or using our services. 
  For non-UK passport holders, to comply with the Immigration (Hotel Records) Order 1972, we will also collect passport or national identity card details including expiration dates.
  We may also collect the personal information of those who are part of a group booking where necessary, and the age of children to meet your needs and enable us to confirm any restrictions that may apply to a room booking.
• Business information: We may also collect business information, such as company name, business address, business contacts, business telephone numbers and business email addresses, when a company booking is made.
• Transactional information: We may collect information about your reservations, including arrival and departure dates and times, room types and room rates, purchases, and other transactions with us. 
• Usage information: We may collect information about your interactions with us, including your use of our website, preferences, and other usage data. 
• Device information: We may collect information about the device you use to access our website, such as your IP address, browser type, operating system, and other technical information. 

We do not collect any special categories of personal data about you (this includes details about your race, ethnicity, religious/philosophical beliefs, sexual orientation, political opinions, health and genetic/biometric data).

How we collect your information

We use different methods to collect data from and about you, including through:

• Direct interactions: including any information you provide to us when booking.
• Third party suppliers and service providers: we receive personal data about you from third suppliers and service providers when booking.
• Automated technologies or interactions: as you interact with our website we may collect technical data. We collect this data using cookies and other similar technologies. See our cookie policy for further details.

How we use your information

We will use your personal information only when the law permits it.

Under the UK General Data Protection (UK GDPR), the main lawful bases we rely on for processing this information is we have a contractual obligation.

If required, we may also use your personal information in the following situations:

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest or for official purposes.
• Where we need to comply with a legal obligation. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

We will use your personal data in the circumstances where:

• Provide services: We use your personal information to provide the services you request, such as making reservations, processing payments, and responding to inquiries or complaints
• Improve services: We may use your information to improve our services, customise your experience, and analyse usage trends. 
• Communicate with you: We may use your information to communicate with you about your reservations, promotions, offers, surveys, and other updates. 
• Security: We use your information to protect the security and integrity of our website, services and business operations. 

How we share your information

• Suppliers and service providers: We may share your information to service providers, agents, subcontractors, and other organisations necessary for providing services to us or directly to you. This includes cloud service providers, booking agents, marketing agencies, and administrative service providers. Only the necessary information is shared, and we ensure these third parties keep your information secure and use it only as instructed. 
• Payment processors: When you make a purchase through our websites a third-party payment processor handles the transaction securely. We do not store your complete payment card details on our websites or systems. 
• Legal requirements: We may disclose your information as required by law, court order, or government regulation, or when disclosure is necessary to protect our rights, property, or safety, or that of others. 
• Group companies: We may share your personal information with other companies within our group for purposes outlined in the “How we use your information” section. This can include specific or complementary services that only they can provide due to regulatory reasons or services similar to ours but under a different brand. Some of these companies may also act as service providers for us.
• Business Transfers: We may transfer your personal information during a sale or reorganisation of our business or to comply with legal obligations, such as crime detection or contract enforcement. We will always ensure your privacy rights are protected in such cases. 

Your rights

Under certain circumstances and in line with data protection laws, in relation to your personal data, you have the right to:

• Opt-out: You may opt out of receiving promotional emails from us at any time by following the instructions in the email or contacting us directly. 
• Access and update: You may request access, updates or deletion of your personal information at any time by contacting us directly.  
• Objection to processing: You may object to the processing of your data at any time, which is conducted on the legitimate interest basis by contacting us directly.

Data security

Your information will be stored securely and digitally, in line with all GDPR guidance, through our booking platform and service provider. Data will be disposed of by a secure method.

We take measures, in line with GDPR guidance, to protect the security and confidentiality of your personal information, but no method of transmission over the internet or electronic storage is 100% secure. 

Your personal data will be retained only for as long as necessary, in line with GDPR guidance, to fulfil your booking, the purposes for which it was collected or as required by law. Minimal data may be stored for details on repeat bookings to allow a more tailored stay in the future. Once no longer needed, or if requested, your data will be securely deleted. 

Changes to privacy policy

We reserve the right to update or change this privacy policy at any time. Any changes will be effective immediately upon posting the updated privacy policy on our website.  We recommend that you regularly check the changes and review this policy each time you visit our websites. If you do not agree with some aspect of the updated policy, you must notify us immediately to ensure that we comply with our obligations to ensure that you can exercise your rights. 

Contact us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us via email or post:

Email address: [email protected] 

Postal address:        St David Aparthotels
                                   Attn Data Protection Officer
                                   Refuge House,
                                   33-37 Watergate Row South,
                                   Chester,
                                   CH1 2LE

We aim to respond to all valid requests within one month of receipt of the request, in line with GDPR guidance. Where it may take longer, we will notify you and keep you updated.

To help us respond more effectively, we may ask you to provide further information about your request.

Subject Access Requests are free unless they are found to be unfounded or excessive, in which case a small fee may be charged to cover administrative costs. 

We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.

Effective date: November 2024