1. THE HEADLAND HOTEL AND SPA COMMITMENT TO PROTECTING YOUR PRIVACY
The Headland Hotel and Spa is committed to ensuring that your privacy is protected.
This Policy explains when and why we collect personal information about people, how we use it, the conditions under which we may disclose it to others and how we keep it secure. Whilst we will keep all of your personal information confidential, we reserve the right to disclose this information in the circumstances as set out within this policy. The main rules applicable within The Headland Hotel and Spa are founded on seven principles.
The Headland Hotel may change this policy from time to time by updating this page. We recommend you check this page from time to time to ensure that you are happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to marketing@headlandhotel.co.uk or by writing to the compliance officer, The Headland Hotel & Spa, Newquay, Cornwall TR7 1EW. Alternatively, you can telephone 01637 872211. You also have the right to contact the Information Commissioners Office (ICO) at ico.org.uk.

2. CONSENT
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a person. Before providing us with this information, we recommend that you read this document describing The Headland Hotel and Spa’s privacy policy. This Personal Data Protection policy explains why we collect personal data and what we plan to use your personal data for. This forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you accept the provisions of this policy.

3. THE HEADLAND HOTEL AND SPA SEVEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA
1. Lawfulness, fairness and transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.
2. Purpose limitation & legitimacy: We will collect and process your personal data only for the purposes described in this policy.
3. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.
4. Storage: We will hold your personal data for the period necessary for processing in compliance with the provisions of the law.
5. Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. The details of the department to contact and steps to be taken in this respect are shown below in the clause “Access and modification”.
6. Confidentiality and security: We will ensure reasonable technical and organisational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorised use, disclosure or access.
7. Accountability: We document and explain the lawful basis for processing your personal data in accordance with the six lawful bases for processing. We also explain within this document the appropriate measures we have put in place to demonstrate compliance in all areas of data processing.
With sharing and international transfer we may share your personal data with third parties for payment processing, email services and other services essential to the running of the business (such as commercial partners and/or service providers) for the purposes set out in this policy. We will take appropriate measures to guarantee security when sharing or transferring such data.
For any questions concerning the seven principles of The Headland Hotel and Spa’s data protection, please contact the compliance officer at marketing@headlandhotel.co.uk via the details in the clause “Access and modification”

4. SCOPE OF APPLICATION
This policy applies and is not limited to:
1. To all data processing implemented in The Headland Hotel and Spa.
2. To The Headland Hotel and Spa website, including
www.headlandhotel.co.uk/
www.headlandhotel.wearegifted.co.uk/
www.renmor.co.uk/
https://silverpay.app/headlandhotel
https://reswaveuk.northwind.ca//servlet/WebresShowAvailable?hotelid=1773

5. WHAT PERSONAL DATA IS COLLECTED?
At various times, we will be obliged to ask you, as The Headland Hotel and Spa guest, for information about you and/or members of your family, such as:
• Contact details (for example, last name, first name, email, telephone number, address)
• Personal information (for example, date of birth, nationality, medical conditions)
• Information relating to your children (for example, first name, date of birth, age)
• Your credit card number (for transaction and reservation purposes)
• Your arrival and departure dates
• Your preferences and interests (for example, preferred cottage/ hotel room, cultural interests)
• Your questions/comments, during or following a stay at The Headland Hotel.
The information collected in relation to persons under 16 years of age is limited to their name, nationality and date of birth, which must be supplied with a parent/guardian’s permission.

6. WHEN IS YOUR PERSONAL DATA COLLECTED?
Personal data may be collected on a variety of occasions, including but not limited to:
1. When making a reservation with the hotel, cottages, spa or restaurant services.
2. Checking-in and paying.
3. Hotel, cottages, spa or restaurant requests, complaints and/or disputes.
4. Participation in marketing programs or events: Participation in customer surveys, online games or competitions, subscription to newsletters, in order to receive offers and promotions via email.
5. Transmission of information from third parties: Tour operators, travel agencies, GDS reservation systems, and others
6. Internet activities: Connection to The Headland Hotel and Spa Website (IP address, cookies) Online forms (online reservation, forms, The Headland Hotel and Spa pages on social networks, etc.).
7. Gifted Vouchers: When purchasing vouchers from our trusted third-party voucher fulfilment site Gifted. Stated in our scope of application.

7. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA
To guarantee you the right of access and amendment (“Access and modification” clause), we have to share your personal data with internal and external recipients subject to the following conditions:
a. Within The Headland Hotel and Spa, in order to offer you the best service, we can share your personal data and give access to authorised personnel including:
• Hotel staff
• Reservation staff using The Headland Hotel and Spa reservation tools
• IT departments
• Finance departments
• Commercial partners and marketing services such as an email service provider
• Medical services if applicable
• Legal services if applicable
• Generally, any appropriate person within The Headland Hotel and Spa entities for certain specific categories of personal data.
b. With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with required services and improving your stay, for example:
1. External service providers: IT sub-contractors, banks, credit card issuers, external lawyers, Car Parking Rangers, Marketing Agencies.
2. Commercial partners: The Headland Hotel and Spa may, unless you specify otherwise to us, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyse and apply certain devices to your data. This data processing will allow The Headland Hotel and Spa and its privileged contractual partners to determine your interests and your customer profile and will allow us to send you personalised offers in order to offer you the best possible service.
c. Local authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations, this includes emergency and law enforcement services.

8. RIGHT TO BE INFORMED – HOW WE USE YOUR PERSONAL DATA
Our lawful basis for processing is based but not limited to the following principles:
Consent: During the booking process when a request is made to provide your personal data and specified in this privacy policy.

Contractual: When agreeing to our terms and conditions and paying the required deposit.

Fairness: We follow the principle of processing your personal data to ensure it is not unduly, detrimental, unexpected or misleading. The information you provide is reasonably used to providers listed above to offer the best service when catering to individuals with requested services or needs.

Legitimate interests: In order to offer the best possible hospitality service, we request your data listed in Claus 5 to tailor your interests and profile. This includes but is not limited to questions we may ask or comments you may provide which we store securely within your guest profile for future stays. This allows The Headland to offer it’s best possible service when welcoming back previous guests and streamline the booking process.

9. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information.
These standards are applied and reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
• We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
• We have a Disaster Recovery Policy / Procedure in place
• We place appropriate restrictions on access to personal information for users
• We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely

• Training for employees and contractors based on the seven principles of GDPR and our PCI Compliance (PCI DSS).
• We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal information and other sensitive data
• We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
Links to other websites
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over any other websites PRIVACY POLICY.
Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

10. HOW WE SECURE YOUR INFORMATION
The Headland Hotel and Spa takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are aligned with widely accepted standards; we apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
For example: Policies and procedures
• We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
• We have a Business Continuity and Disaster Recovery strategy that is designed to safeguard the continuity of our service to our guests and to protect our people and assets
• We place appropriate restrictions on access to personal information
• We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely

• Training for employees and contractors
• We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal information and other sensitive data
• We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
• Vendor risk management
• We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal information with which they are entrusted in accordance with our security policies and procedures

11. MARKETING
You have a choice about whether you wish to receive information from The Headland Hotel and Spa. In line with ICO we apply the “soft opt in” guidelines this means we will not contact you unless you have previously purchased a product or service, or you have opted out of marketing communication. If then, you no longer want to receive direct marketing communications from us, then you can change your preferences or completely unsubscribe in one of three ways:

• Click the ‘unsubscribe’ or ‘change preferences’ link at the bottom of marketing emails sent to you
• Upon arrival at the hotel for a reservation your registration card will give you the opportunity to opt out of marketing communication. Left blank the soft opt in rule will apply.
• Email marketing@headlandhotel.co.uk
• Telephone 01637 872211 and request to speak to the marketing team

We will process your request within 7 days

12. COOKIES
Our site uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By browsing or using the services we provide on the site, you are agreeing to our use of cookies.
A cookie is a small file of letters and numbers that we store on your browser or the memory of your device. Cookies contain information that is transferred to your device’s memory.

WE USE THE FOLLOWING COOKIES:

Strictly necessary cookies:

These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

Analytical/performance cookies:

They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies:

These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/. Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions on our site.

13. STORAGE OF DATA
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
The Headland Hotel and Spa will hold on to your information for as long as you have a booking with us, and for as long as is necessary to provide support-related reporting or accounting purposes. We’ll also hold on to your information if reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even if it is no longer needed to provide the services to you in order to fulfil any requests or purposes listed above.

We document all data assets within The Headland Hotel and Spa which lists the purpose of holding specific data, requirements for storage, sensitivity, location, acquisition, retention period and classification of security based on the type of data being processed.

For any questions concerning the retention period of data at The Headland Hotel and Spa’s, please contact the compliance officer at marketing@headlandhotel.co.uk via the details in the clause “Storage of Data”

14. ACCESS AND MODIFICATION
You have the right to access your personal data collected by The Headland Hotel and Spa and to modify it subject to applicable legal provisions. You may also exercise your right to object by writing to the address below. If you have any questions, would like to request access, deletion or changes be made to your information please contact the Compliance Officer directly by sending an email to marketing@headlandhotel.co.uk or by writing to the address below. Alternatively, you can telephone 01637 872211.:
The Headland Hotel & Spa,
Newquay,
Cornwall
TR7 1EW

For the purposes of confidentiality and personal data protection, to respond to your request we will need to identify you. If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the above details. Where ICO guidelines advise that a SAR may take up to 30 days to be processed, all subject access requests will be acted upon without undue delay and receive a response as swiftly as possible and in accordance with applicable law.

We reserve the right to charge a nominal admin fee if further subject access requests are deemed manifestly unfounded or excessive requests are made for the same data. This will be decided on a case by case basis.

15. UPDATES AND CHANGES TO OUR HOW PROTECT YOUR PRIVACY
The Headland Hotel may change this policy from time to time by updating this page. We recommend you check this page from time to time to ensure that you are happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

16. QUESTIONS AND CONTACTS
For any questions concerning The Headland Hotel and Spa privacy policy, please contact the Compliance Officer with the subject line “Privacy policy query”