Your privacy is very important to us.
We respect your right to privacy and treat any personal information you give to us with care. This Privacy Policy explains how we collect, use, share, store or otherwise process the personal information we hold about you. We are committed to ensuring the personal information you provide is used for the purpose it was collected and is kept secure.
Your personal information allows us to provide the products and services you have asked for, as well as enabling us to improve those products and services by understanding your interests and preferences. By understanding what you like (and what you don’t) we are able to personalise your experience.
About Genesta Athenaeum LLP
In this Privacy Notice references to “we” or “us” or “The Athenaeum” are to Genesta Athenaeum LLP.
Genesta Athenaeum LLP operates an independent hotel, known as The Athenaeum Hotel & Residences.
In order to provide our services, we will collect and use personal information about individuals. We are the Controller of all personal information we process pursuant to this Policy and we are responsible for complying with data protection laws.
If you have any questions about how we collect, store or use your personal information, you may contact us using the details set out in the “Contact Us” section 8.
Our processing of your personal information
This Policy sets out the legal grounds enabling us to process your personal information.
Where you provide personal information to us about other individuals (for example, members of your family or your employees) we will also be data controller of and responsible for their personal information. You should refer them to this Policy before supplying us data on behalf of others.
What personal information will we collect?
When you engage with us, such as make a booking or view our website, we will collect information about you and that engagement. This may include information such as:
- General identifiers such as your name, address, email address, phone number, date of birth, gender, IP Address and relationship (if any) with any The Athenaeum’s customers.
- Information about your job including job title, role, company and details about the industry you work in.
- Financial information such as your bank details and payment details
- Information obtained during telephone recordings, or if you make a complaint.
- Information about how you have accessed our websites such as any pages or sections you have viewed on our website
- Information about electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication
- CCTV images when you visit our hotels and areas adjacent to our hotels
- Booking information including special requests, meal and room preferences.
- Any other information passed on from you or someone else making the booking on your behalf (for example, your areas of interest such as spa breaks or meetings).
- Customer intelligence and information (including photographs) obtained from publically available sources such company websites and social media sites by our research sales and marketing teams.
- Answers you provide when you respond to competitions, votes and surveys
- Information from specialist market research companies who provide us with additional personal information about you and your household such as income, number of children, occupation, social grade, home ownership status, the products and services you use or intend to use or purchase, and your interests.
- Any other personal information which you may disclose to us when you use our Services at any time
Sometimes we need to collect personal information by law, or under the terms of the contract we have with you. If you fail to provide that information when we request it, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with goods or services). In this case, we may have to cancel the product or service, but we will notify you if this is the case.
How will we collect your personal information?
We will collect information directly from you when you engage with us:
- face to face
- via forms and satisfaction surveys
- by telephone
- by email
- via the CCTV infrastructure
- when you access our wifi service
- via our website, including cookies. You can find more information about this in our cookies policy which can be found here
We will also collect information indirectly when you engage with us via:
- Third parties who are making the booking on your behalf (such as travel agents, OTA’s, company bookers and group organisers).
- Specialist market research companies, who provide us with additional personal information about you and your household.
- Publicly available sources such as internet search engines, social media sites and online forums.
write a review of your stay or engagement with us.
We will combine any personal information about you that we receive from you, from other hotels in our group, and from third parties.
What sensitive personal information will we collect?
Sometimes we will request or receive your “sensitive personal information” in order to fulfil services you have requested. This may include information such as:
- Details of your health condition including any disabilities you may have where relevant for our spa facilities.
- Genetic or biometric data provided on your identification documents
- Racial and ethnic origin provided on your identification documents
What will we use your personal information for?
We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so. All personal information that we obtain about you will be used in accordance with current data protection law and this Privacy Policy. We, or third party data processors acting on our behalf, will process your personal information as follows:
- As necessary, to perform a contract with you, such as a contract to process an order from you for one or more of our Services including, where applicable, taking payment and carrying out fulfilment and delivery.
- As necessary, to comply with a legal obligation, where you exercise your rights under data protection law and make requests; and to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity.
- As necessary, for our legitimate interests in providing the services and ensuring they operate safely, securely and in a commercially suitable way which is tailored to your use and interests, for example:
- to provide you with the services;
- to verify your identity for security purposes;
- to help us to ensure our customers are genuine and to prevent fraud;
- to ensure the security of our websites, mobile applications and other technology systems;
- for the good governance of our business, including keeping financial records, to allow us to pay suppliers and to charge, invoice or refund customers;
- to search credit reference agencies before we provide you with credit;
- by using CCTV, to prevent and detect crime
- to record and investigate health and safety and other incidents which have happened or may have happened
- to provide you with information about our services, to contact you about administrative matters, and to manage and respond to any queries or complaints you make or any correspondence you send us;
- to help us to return lost property to its rightful owner;
- to send you marketing communications which may be of interest to you. These may include information about stays, events, promotions, offers, information about the hotel and the surrounding area
- for the purpose of marketing our services where applicable, processing your personal information, creating custom marketing audiences on third-party websites such as Facebook, and profiling and automated decision-making relating to our marketing;
for market research and statistical analysis and to analyse the use of our services so that we can improve them. - Based on your explicit consent, when you provide us with sensitive personal information about your health, to provide you with tailored services (for example, spa treatments)
What personal information will we collect?
- General information such as your name, address, email address, phone number, date of birth, gender and relationship (if any) with any other The Athenaeum’s customers.
- Information about your job including job title, role, company and details about the industry you work in.
- Financial information such as your bank details and payment details.
- Information obtained during telephone recordings, or if you make a complaint.
- Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found here.
- Any other information passed on from you or someone else making the booking on your behalf (for example, your areas of interest such as spa breaks or meetings).
- Customer intelligence and information (including photographs) obtained as a result of carrying out checks of publically available sources such company websites and social media sites by our research sales and marketing teams.
If relevant, information regarding your helicopter landing requirements including; company, registration of aircraft, pilot’s name, Air Operator Certificate and insurance details.
How will we collect your personal information?
We will collect information directly from you:
- face to face
- via forms, including the Leaders Club application form and satisfaction surveys
- by telephone
- by email
- via our website
As well as obtaining information directly from you, we will collect information from:
- Third parties who are making the booking on your behalf (such as travel agents, OTA’s, company bookers and group organisers).
- Publically available sources such as internet search engines and social media sites
What will we use your personal information for?
There are a number of reasons we use your personal information and for each use we need to have a “legal ground” to do so.
We will rely on the following “legal grounds” when we process your “personal information”:
- We need to use your personal information to enter into or perform a contract that we hold with you. For example, we need to use your personal information to provide you with a service at The Athenaeum hotel.
- We have a legal or regulatory obligation to use such personal information.
- We need to use such personal information to establish, exercise or defend our legal rights.
- We have an appropriate business need to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
- We need to use your personal information for reasons of substantial public interest. For example, to prevent or detect crime and respond to police enquiries.
In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.
When we use your “special categories of personal information”, we must have an additional “legal ground” and we will rely on the following legal grounds in these circumstances:
- It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty.
- We need to use such special categories personal information to establish, exercise or defend legal rights.
- You have provided your consent to our use of your sensitive personal information (e.g. in relation to your booking or use of the hotel facilities). In some circumstances, we may need your consent to process sensitive personal information (e.g. health information). Without it, we may be unable to provide you with your requested service. We will always explain why your consent is necessary.
Who will we share your personal information with?
From time to time, we may share your personal information between our internal departments with The Athenaeum hotel as follows:
- Via internal reports
- Via access to central IT systems
- Where we need to meet your booking requirements
- Where one of our hotel’s is unable to meet your booking requirements but another sister hotel might be able to assist or accommodate you; or
- Where we need to report information within our hotels.
or with the following third parties for the purposes set out above:
- Any agent or representative acting for you
- Financial crime and fraud detection agencies.
- Our industry regulators or watchdogs.
- Selected third parties in connection with any sale, transfer or disposal of our business, including providing you with The Athenaeum customer loyalty benefits.
- Leading Hotels of The World
- Our insurers.
- The police, HMRC and other crime prevention and detection agencies.
- Third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisers.
If you would like further information regarding the disclosures of your personal information, please see the “Contact us” section below for our contact details.
What marketing activities do we carry out?
We have a legitimate interest to market to you. We use your personal information to provide you with information about The Athenaeum hotel’s services or events which may be of interest to you as one of our past or prospective customers. These may include information about stays, events, promotions, offers, information about the hotel and the surrounding area
If you wish to opt out of marketing, you may do so by clicking on the “unsubscribe” link that appears in all emails or telling us when we talk to you.
Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.
How long do we keep personal information for?
We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this Privacy Policy.
We are also required to keep certain information in order to comply with our legal and regulatory obligations.
The exact time period will depend on your relationship with us and the type of personal information we hold. We may be required to retain the personal information for longer periods e.g. to establish, exercise or defend legal rights, such as responding to customer personal injury complaints.
If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 8.
Automated Processing
The Athenaeum carries out automated processing.
We will combine any personal information about you that we receive from you, from other hotels in our group, and from third-parties in order to create marketing profiles.
Marketing profiles include personal information such as information about services you have used, information about when you have visited our hotels in the past, demographic data and, where you have agreed, data from your social media profiles.
For example, we may analyse the personal information of people who have used our services in the past and then compare them with other people in our database. If we identify people in our database who have similar personal information, we may then target marketing to those people, for example by sending direct marketing emails. We may conduct the profiling and marketing automatically.
We conduct these automated decision-making and profiling activities for our legitimate interests in providing the services and ensuring they operate in a commercially suitable way which is tailored to your use and interests.
Your Rights
Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in section 8.
In some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why.
- The right to access your personal information – This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
- Request correction of the personal information we hold about you – This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new information you provide us with.
- Request erasure of your personal information – This enables you to ask us to delete or remove your personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons. We will notify you of these, if applicable, at the time of your request
- Object to the processing of your personal information – Where we are relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms, e.g. a requirement imposed on us by law.
- Request restriction of the processing of your personal information – In some cases, e.g. questions over accuracy, lawfulness, the requirement to hold data or your objection to data usage, you may ask us to suspend the processing of your personal information.
- Request the transfer of your personal information to you or to a third party – If required, we will provide you or a third party of your choice with your personal information in a structured, commonly used, machine-readable format. Note, this right only applies to automated information that you initially provided consent for us to use or information that was used to perform a contract with you.
- Withdraw consent at any time – Where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent we may not be able to provide certain products or services to you. We will advise you if this is the case at the time. Please note that for some purposes, we need your consent in order to provide you with a service. If you withdraw your consent, we may need to cancel your reservation, booking or service. We will advise you of this at the point you seek to withdraw your consent.
- The right to lodge a complaint with the ICO – You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ Making a complaint will not affect any other legal rights or remedies that you have.
How we protect your information
We use a range of organisational and technical security measures to protect your information, including firewalls and access controls, which we review periodically. We also ensure that our employees receive appropriate data security training.
Contact Us
If you would like further information about any of the matters in this Privacy Policy or have any other questions about how we collect, store or use your personal information, you may contact our data protection adviser by using the contact details provided below:
Data Protection Enquiries
Genesta Athenaeum LLP
116 Piccadilly
London
W1J 7BJ
Updates to this Privacy Notice
We may need to make changes to this Privacy Policy periodically, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally.
This Privacy Notice was last updated on: 05 December 2022.