This Privacy Notice (“Notice”) relates to our commercial relationship with our hotel partners and sets out the basis upon which we will collect data from our customers and how you will manage this on our behalf.
Teygon Ltd (“we”, “our” or “us”) understand how important data privacy is and we take its security seriously. Please read this Notice carefully, along with our Terms and Conditions and any other documents referred to in this Notice, to understand how we collect, use and store any personal and business information that relates to the provision of our services (“Services”) via this website (“Site”).
In this Notice, “you” or “your” shall mean you as our hotel partner and “data subject” or “customer” shall be our customers or prospective customers that we interact with on our Site.
It is important that you read this Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data so that you are fully aware of how and why we are using such data. This Notice supplements the other notices or agreements and is not intended to override them.
We respect our customer’s right to privacy and you therefore agree that you will accept the terms in this Notice upon use of our Site and adhere to our Notice. You agree that you will only process personal information in accordance with the Data Protection Legislation which for the purposes of this Notice shall mean: (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 and other applicable privacy laws.
Who are we?
We are Teygon Ltd and we act as a hotel booking intermediary between our customers and you, our hotel partner. We are the data controller of our customers’ personal data being shared with you as the hotel that will provide the accommodation to our customer on completion of their booking with us.
- We are registered in England and Wales under company number 11502370 and our registered office address is Eastside, Platform 1 Kings Cross, N1C 4AX, London, United Kingdom.
We are registered as a data controller with the Information Commissioner’s Office. Our data protection registration number is ZA515332.
- We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Notice. If you have any questions about this Notice, please contact marketing@chicretreats.com.
Why do we need this Policy?
In the course of our business activities and providing our Services, we collect, store and process personal data about our customers, suppliers and other third parties and therefore, in order to comply with the law and to maintain confidence in our business, we acknowledge the importance of correct and lawful treatment of this data.
As an intermediary, our customers will register an interest via our Site, to complete a booking at your hotel and therefore you will receive personal information relating to our customers.
This Notice and any other documents referred to in it sets out the basis on which we will process any personal data we collect from data subjects, for example, our customers and business contacts, or that is provided to us by data subjects or other sources.
This Notice sets out rules on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.
We agree to ensure that all of our directors, employees, consultants and agents comply with this Notice and you will also ensure that any key personnel (such as employees, consultants and agents) that have access to the personal data, also comply with this Notice.
We aim to ensure the correct, lawful, and fair handling of any personal data and to respect the Data Subject’s legal rights.
How this Notice applies to you?
As our hotel partner, you may be controlling, processing or accessing personal information on behalf of us, and as such will be required to comply with this Notice.
You agree that anyone who breaches this Noticemay be subject to such disciplinary actionas may be necessary, and where that individual has breached the Notice intentionally, recklessly, or for personal benefit they may also be liable to prosecution or to regulatory action.
As a data processor, you will enter in to contractual terms with us regarding the security of any personal data. Furthermore, you accept that in addition to such agreement and this Notice, you will also have direct obligations under the Data Protection Legislation, primarily to only process data on instructions and to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk involved.
Our procedures will be in line with the requirements of this Notice, but if you are unsure about whether anything you plan to do, or are currently doing, might breach this Notice you must first speak to our Data Protection Officer.
Our specific data protection measures
In relation to our use of personal data we take the following measures:
| Encryption | Industry standard encryption techniques are deployed across all technologies |
| Erasure, destruction and or deletion | Data deletion is done in accordance to GDPR requirements |
| Transmission via email | We only use industry leading tools for all emailing |
| Transmission of hard copies | Sensitive data is not stored on hard copy |
| Transmission via networks | Data is transmitted via secure and encrypted network connections |
| Storage of emails and email content | We use 3rd party industry leading crm and email tools to store such data |
| Access of employees | Internal training, contractual terms and compliance with our IT Security Notice and Data Protection Policy |
| Access of third parties | Safe and appropriate measures and in accordance with any appropriate contractual terms |
| Storage of hardcopies | Sensitive data is not stored on hard copy |
| Storage of electronic copies | Electronic data is stored on secure servers with limited access to only authorised persons within the company |
| Sharing | Data sharing is in accordance with GDPR recomendations and rules |
| Sub-processing | Consent and contractual terms |
| Viewing on systems | Standard browser encryption technologies are used to ensure any transfer of sensitive data is always safely transmitted |
| Viewing on devices | Standard browser encryption technologies are used to ensure any transfer of sensitive data is always safely transmitted |
| Passwords | Passwords are managed in accordance to GDPR guidelines |
What data do we manage?
Our data is likely to include the following which we have grouped together for simplicity:
- Identity Data includes first name, last name, username or similar identifier, ages, when a customer emails, phones, live chat or otherwise, we may collect information such as their first name, last name, email address and phone number. We may also ask for their date of birth to send future offers.
- Contact Data includes billing address, invoicing address, email address and telephone numbers.
- Financial Data includes bank account and payment card details. We use a third party provider to collect financial data and all credit card information goes through our Site, currently encrypted in the e-commerce industry.
- Transaction Data includes details about payments and other details of our Services the customer has purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.
- Profile Data includesthe customer’s username and password, reservations made, the customer’s interests, preferences, feedback and survey responses.
- Usage Data includes information about how the Customer and you may use our Site and Services.
- Marketing and Communications Data includes customer preferences in receiving marketing from us and our third parties and any communication preferences.
- Interaction Data includes any information that the customer might provide to any discussion forums on the Site.
- Cookies Data like many websites, we use “cookies” to enhance the user’s experience and gather information about visitors and visits to our Site.
- Third Parties and Information we receive from other sources We may receive information about our customers from third parties and it is important to note that we will have informed the customer when we collected that data, that it may be shared internally and combined with data collected on our Site. We are also working closely with our third parties (including, for example, business and you, together with other hotel partners, sub-contractors, advertising networks, analytics providers, search information providers, software suppliers) and may receive information about the customer from you or them.
- Analytics includes third-party analytics services (such as Google Analytics) to evaluate any use of the Site, compile reports on activity, collect demographic data, analyse performance metrics, and collect and evaluate other information relating to our Site and internet usage.These third parties use cookies and other technologies to help analyse and provide us the data. By accessing and using the Site, you consent to the processing of data about you which incorporates any personal data we collect on behalf of a customer by these analytics providers in the manner and for the purposes set out in this Notice.
Security measures and your obligations
We will make sure that the personal data we collect is securely kept and we stop unauthorised processing and prevent its loss, destruction or damage.
We will ensure that only people who are authorised to use personal data can access it and that we have entry controls to our premises and systems, lockable desks and cupboards for confidential personal data and destruction of hard copy documents and digital storage devices.
You agree that you will also adhere to the security measures imposed on you in the Data Protection Legislation. You will implement an IT Security Notice that is in accordance with our requirements in this Notice, any Data Processing Agreement and in compliance with the Data Protection Legislation.
All personal data that may be transferred to you will be sent over in an anonymised form so any quotations must be on this understanding.
At no times, will you use any personal data for any purpose other than as set out in our terms and conditions with you, or our data processing agreement with you.You will not use any of the personal data that you have access to on our Site for any marketing purposes.
As the Data Subject has the right to be forgotten, you agree that you will also delete or remove all personal data if so notified by us in accordance with the requirements of the Data Protection Legislation.
The Data Subject also has the right to restrict / stop any processing of its personal data, and if this is required, you agree that you will do so, upon notification by us, unless there is a legal requirement to continue.
If you are a hotel registered in the United Kingdom, we recommend you register at the Information Commissioners Office for the purposes of compliance with the Data Protection Legislation.
You will not transfer any data outside of the EEA without our consent. In the event it is necessary to transfer any data outside of the EEA, for example your hotel is located outside of the EEA, you agree that you shall do so in compliance with the conditions for transfer set out in Chapter V of the Data Protection Legislation. Chic Retreats require an additional controlled to controller agreement for hotels outside of the EEA so that it is clear the basis on which the hotel transfers data and that appropriate safeguards are taken to ensure in line with GDPR.
What happens if there is a breach?
Subject to the contractual requirements between you and us, you agree that if a personal data security breach occurs, you will notify us immediately upon your awareness of any such breach so that we can manage and respond to it effectively in accordance with the Data Protection Legislation.
Accountability
As we shall keep an audit trail for the purposes of the Data Protection Legislation, you also agree that you shall keep written internal records of all personal data collection, holding, and processing, which shall incorporate the following information:
- Your name and your details, your key point of contact and any applicable third-party Data Controllers that we have already consented to;
- The purposes for which you process personal data;
- Details of the categories of personal data collected, held, and processed by you; and the categories of data subject to which that personal data relates;
- Details (and categories) of any third parties that will receive personal data from you;
- Details of how long personal data will be retained by you; and
- Detailed descriptions of all technical and organisational measures taken by you to ensure the security of personal data