PRIVACY STATEMENT
INTRODUCTION
This is the Privacy Notice of Apex Hotels Ltd, whose registered office is Apex Hotels House, 1 Mid New Cultins, Edinburgh EH11 4DH
(referred to as “Apex Hotels”, “Apex”, “we”, “us” or “our” in the Privacy Notice). Apex Hotels is registered on the Information Commissioner's Office Register; registration number Z5739764.
In terms of data protection law (Data Protection Act 2018 and UK Global Data Protection Regulations) Apex acts as a Data Controller, defined as an organisation that determines the personal data to be collected and the means and purposes of processing that data. Personal data means any data that identifies and relates to a living individual.
As a data controller, Apex Hotels takes data protection seriously and is committed to protecting and preserving the privacy of our guests, for example, when visiting one of our hotels, restaurants, spas or browsing our website at www.apexhotels.co.uk. We will process your personal data in accordance with Data Protection Law and this Privacy Notice. Our designated Data Protection Officer can be contacted at privacy@apexhotels.co.uk or by telephone at +44 (0) 131 441 0440.
Our EU Representative based in Germany is Rickert Law, who can be contacted as below:
Rickert Rechtsanwaltsgesellschaft mbH
- Apex -
Colmantstraße 15
53115 Bonn
Germany
1. PURPOSE OF THIS PRIVACY NOTICE
The information contained in this Privacy Notice describes what personal data we collect and what we will do with your personal data that we collect from our website, with personal data you provide to us in the course of purchasing our products and services, or with personal data that you otherwise provide to us. This Notice also outlines your privacy rights and provides details of how we aim to protect personal data we collect relating to you. You should read this Privacy Notice, together with any other notice we provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data.
2. THE INFORMATION WE COLLECT
Apex Hotels processes your personal data to meet our legal, statutory, and contractual obligations and to provide you with our products and services. We may process the following personal data relating to you:
- Identity Data such as title, name, user ID
- Contact Data such as your address, billing address, email address, telephone numbers
- Financial Data such as bank and payment card details
- Transactional Data such as payments provided from and to you and details of services provided to you
- Technical data, including your IP address, login information, browser type and version, time zone setting and location, browser plug-ins and other technology on the devices used to access our website
- Profile data, including your purchases or orders made by you, your interests and preferences, health information and any feedback or survey responses provided to us
- Usage data, including how you use our website, live-chat service, products, and services
- Marketing and communications data, including your preferences in relation to marketing from us and from any third parties and your preference for method of communication.
- Special Categories data owing to the products, services, or treatments that we offer, Apex Hotels sometimes needs to process sensitive personal information (known as special category data) about you, to ensure your safety and good health – for example allergens. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.
- CCTV Images are used by us in the prevention, detection, and investigation of criminal activity and to keep our guests and staff safe. Images are only stored for a maximum of 28 days. It is our policy not to disclose images to anyone other than the police authorities.
2.1. CHILDREN
Apex Hotels do not knowingly collect personal data from children. If you believe your child has provided personal data to us, please contact us at privacy@apexhotels.co.uk, so that we can delete your child’s information. A child is classed as anyone under of the age of 13.
2.2. PERSONAL DATA OF THIRD PARTIES
If you act on behalf of or make reservations for another person, we will collect their data too for the purposes outlined in this Notice.
2.3. FAILURE TO PROVIDE PERSONAL DATA
In some cases, we may need to collect your personal data by law, or in order to perform our side of a contract we have entered into with you or with a view to entering into such a contract. If you fail to provide the requested data, we may not be able to perform under the contract we have with you, or to enter into the contract with you. In such circumstances, we may have to cancel the contract, or be unable to conclude the contract, which means we would not be able to provide the product or service to you. If that is the case, we will notify you of that at the time.
2.4. COLLECTION OF PERSONAL INFORMATION VIA COOKIES
Personal data regarding a user’s journey through our websites is collected when visiting Apex Hotels. The placement of cookies throughout our websites allows us to enhance the user journey details of which can be found in our Privacy Preference Centre that can be found by clicking Cookies at the bottom of our website. For further information please read our Cookie Policy.
3. WHEN IS MY INFORMATION COLLECTED?
We collect your personal data in a number of ways, for example, when you visit our website, make a reservation, contact us, purchase products from us or visit the physical hotels, when you join our membership schemes we collect data from and about you.
Direct interactions – you may provide personal data to us (e.g., identity, contact details, financial data) when you complete forms or correspond with us by post, phone, email, or other methods. This could include providing personal data when you:
- Make an enquiry to receive our services or products
- Create an account on our website
- Subscribe to our services or publications
- Request marketing material to be sent to you
- Enter a promotion or complete a survey
- Provide feedback to us
- Join our Apex Insider Membership Scheme
- Join our Yu Spa membership
Automated technologies or interactions – when you interact with our website, we may collect some technical data relating to you including details about your devices or browsing patterns, for example. This data may be collected using cookies (see above) or other similar technologies.
Third parties or publicly available sources – we may receive personal data relating to you from third parties or public sources, inside or outside the European Economic Area (“EEA”) including:
- Analytics providers (e.g., Google based outside the EEA, HotJar)
- Advertising networks (e.g., Google, Bing, Facebook, Rakuten)
4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we intend to use your personal data, and the legal basis we will rely upon to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful purpose, depending on the specific purpose for which we are using your data.
Purpose / Activity |
Type of Data (See section ii) |
Lawful Purpose for Processing |
Retention Period |
To process your enquiry, set up a new customer account / profile. |
Identity |
|
Maximum |
To process your booking / reservation, whether made directly with Apex Hotels on our website or with our hotels, central reservations team or via a 3rd party website - for example, an online travel agent or restaurant booking platform. |
Identity |
|
Maximum |
To process Credit Card or other payment data for invoicing purposes. |
Financial Transactional |
|
Maximum |
Under UK legislation, we are legally obliged to collect specific information from you, to verify your identity on arrival, for example, Nationality, Passport Number, and next destination. |
Identity |
|
Maximum 3 years from last stay date |
Apex hotels will store your personal data in our databases
|
Identity |
|
Maximum |
Where applicable, if you park in our car park, we will collect your car registration number. |
Profile |
|
Maximum 3 years from last stay date |
Apex may need to verify your identity when you arrive at the hotel. We will use your passport or other identification document. We will not store a copy of this information. |
Identity |
|
Not Retained |
Apex, at all times, aim to keep the data we store secure on our premises and on our IT systems and platforms. We do this by means of encryption, passwords, access controls, physical security, company policies and IT support. Personal data may be processed in this context by Apex Hotels and its 3rd party vendors. |
Identity |
|
Maximum 7 years from last stay date |
For many of our business services we use cloud-based services, therefore for technical and organisational reasons it may be necessary that your personal data is transferred to servers located outside the European Economic Area (EEA). |
Identity |
|
Maximum 7 years after last stay date |
Apex will collect (meta) data on your use of our Wi-Fi services for security and anti-piracy purposes. |
Technical |
|
Max 2 years |
Apex will track and record your use of our online services, either through cookies or via other means. Cookies enable us and others to monitor your browsing behaviour. |
Technical |
|
Max 3 years after last stay date |
Apex collect automatically generated information for statistical (research) purposes, to tell us how well our services are working. This information may be provided to third parties, but only if permitted by law or if this information cannot be traced back to you. |
Usage |
|
Max 3 years after last stay date |
Apex may collect personal data to safeguard your health whilst staying in our hotels and using our restaurants and Spa. |
Special Categories Profile |
|
Max 3 years after last stay date |
Apex aim to keep its assets, staff and guests secure and safe at all times and to prevent our premises being used for illegal purposes. Though CCTV surveillance Apex, and or 3rd party vendors may process personal data by way of image. |
CCTV Images |
|
3 weeks |
Membership Loyalty Programmes, Accounts, & Relationship Management. Yu Spa, Meldrum Golf Club and Apex Insider. There are a number of activities associated with this purpose, such as: joining and registering you in our Apex Insider Membership Scheme or as a Golf Club or Yu Spa Member, administering these programmes; providing consistent and personalised service based on past usage and the preferences expressed by members; ensuring access to our online service portals; processing payments; notifying members about changes, terms and conditions; and handling members’ requests, inquiries and complaints and gathering Special Category Personal Data includes details about your health if ever relevant to treatments or membership requested. |
Identity |
|
3 years after cancelation of membership |
Apex are required to comply with legal obligations, requests from public authorities, third party claims or access to our data, for instance in the event of a criminal investigation or requests for information or instructions from public authorities in the event of a fire, terrorist attack that involve processing personal data. |
Identity |
|
Maximum |
Apex carry out advertising and marketing activities to promote the Apex brand, the company, and our services both on and offline, and also through third party providers. Apex will use your contact details, information on your hotel stay and information collected through cookies on our website. |
Identity |
|
Maximum of 3 years after last stay date |
Apex may offer to or provide services and products you request from us or which we think you are interested in via email if you have consented to do so. We will use the email you have provided us with from your guest profile. If you no longer wish to receive marketing or promotional information you can use the link to unsubscribe. |
Identity |
|
Maximum of 3 years after last stay date |
5. APEX HOTELS AND REWARDS APP AND ORDER AND PAY SOLUTION
Apex Hotels have provided a Mobile Application and Order and Pay Solution available on our website and App hosted on the Apple iTunes App store, and the Google Play store, terms and conditions of use and information on further Data Privacy can be found here.
6. PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for us to market to you. You will receive marketing communications from us if you have requested these communications specifically by opting in, or if you have purchased similar goods or services from us in the last three years. In any case you will have the option to unsubscribe or opt out by contacting marketing@apexhotels.co.uk, or if the communication is by email, a link within the email.
6.1. THIRD-PARTY MARKETING
We will get your express opt-in consent before we share your personal data with any company outside Apex Hotels for marketing purposes.
6.2. OPTING OUT
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time at marketing@apexhotels.co.uk Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us because of a product/service purchase, warranty registration, product/service experience or other transactions.”
7. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
The personal data you provide to us may be accessed by or given to third parties, some of whom may be located outside the EEA who act for us for the purposes set out in this Notice or for other purposes approved by you. Those parties process information, fulfil and deliver orders, process credit card payments, and provide support services on our behalf.
We may also pass aggregated information on the usage of our website to third parties, but this will not include information that can be used to identify you, either directly or indirectly.
Where you have specifically consented when providing us with your details, we may also allow carefully selected third parties to contact you occasionally about products and services which may be of interest to you. They may contact you by email. You may withdraw your consent to this at any time. If you change your mind about being contacted by these companies in the future, please let us know at marketing@apexhotels.co.uk.
7.1. BUSINESS TRANSFERS
Apex Hotels Group may choose to buy or sell assets. In these types of transactions, information about customers/ employee relevant information and transactions as well as the potential of aggregated and anonymized data as a business asset is transferable.
If an Apex Hotels Group Hotel/ Property asset is acquired by a third party, client information on upcoming guest reservations including contact details and all booking information will be transferred to the third party to fulfil contract with the client and honour reservations in place.
If Apex Hotels Group or substantially all its assets, were acquired, user/ client and employee information would be one of the assets that is reviewed and transferred or acquired by a third party.
You acknowledge that such a transfer may occur, and that any acquirer of Apex Hotels Group assets may continue to use your personal information as set forth in this privacy policy. Countries outside the EEA do not always have strong data protection laws. We will take steps to ensure that your data is used by third parties in accordance with this Notice. Unless required or permitted by law to do so, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.
7.2. INTERNATIONAL DATA TRANSFERS
Some of the third parties that we may disclose your personal data to are based outside the EEA, so their processing of your personal data will involve a transfer of your personal data out with the EEA. Whenever we transfer your personal data out with the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the EU.
- Where we use certain service providers, we may use specific contracts or EU model clauses.
- Where we use providers based in the US, we may transfer data to them if there are secure standard contract clauses in place under GDPR which requires them to provide similar protection to personal data shared between the EU and the US.
Please contact us if you wish to receive further information about the specific mechanism used by us when transferring your personal data out with the EEA.
8. INFORMATION RETENTION
We will retain your personal data for as long as we need it for the purposes for which we collected it, or if we are legally required to do so. The retention period for different types of personal data/purpose is shown in the table above. Further information is available on our retention policy, which can be requested from privacy@apexhotels.co.uk.
Apex Hotels Ltd only ever retains personal data for as long as is necessary and we have strict review and retention policies in place to meet these obligations. Generally, where we have a contractual relationship with you, we will retain your data for a period of seven (7) years from the date our contractual relationship ends unless we are legally required to retain it for a longer period.
Where you have consented to us using your details for direct marketing, we will keep such data for 36 months from the date of your latest consent or until you notify us otherwise and withdraw your consent.
9. DATA SECURITY
Apex Hotels takes all appropriate technical and organisational measures, in accordance with local law requirements, to protect your personally identifiable information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. To this end, we have implemented technical measures such as firewalls and operational measures such as login/efficient password and physical protection.
10. YOUR RIGHTS
As an individual, you have the following rights as a data subject under Data Protection Law in relation to the processing of your personal data:
- Be informed about what and how Apex Hotels processes your personal data, as explained under the Privacy Notice.
- Request access to your personal data (a data subject access request), which enables you to receive a copy of the personal information we hold about you and the check that we are lawfully processing it.
- Request correction of the personal data that we hold about you, to have any incomplete or inaccurate information corrected.
- Request erasure of your personal data, so that we delete or remove personal data where there is no good and lawful reason for us to continue to process it (although in some cases we can refuse this request where we can claim exemptions as a data controller).
- Object to processing of your personal data where we are processing your personal data for direct marketing or where we are relying on a legitimate interest (of Apex Hotels or of a third party) and there is something specific to your situation which gives rise to your objection.
- Request the restriction of processing of your personal data, through the suspension of our processing, e.g., where you want us to establish its accuracy or the reasons for the processing.
- Request the transfer or your personal data to another party in an easily portable.
- Withdraw consent at any time where we are relying on consent to process your personal data (although this will not affect the lawfulness of any processing carried out before the withdrawal of consent).
- Where processing is under a contract or by consent, request that a decision made using automated processing of your personal data, which significantly affects you, be reviewed by an individual to whom you may make representations and contest the decision).
We do not usually charge individuals for any requests made regarding the collection of information. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We will need you to identify yourself properly prior to responding to your request. To this end we may request a valid identification such as a current driver’s licence, identity card or passport.
11. CHANGES TO OUR PRIVACY NOTICE
The Privacy Notice was last updated on 09/02/2020. In order to assist us in keeping the personal data we process about you accurate and up to date for the duration of your relationship with us, it is important that you inform us of any change to your personal data that you have provided to us as soon as possible, by contacting us at privacy@apexhotels.co.uk. We keep our Privacy Notice under regular review, and we will place any updates on our website.
12. QUERIES OR INDIVIDUAL REQUESTS
The full name of our company is Apex Hotels Ltd. We are registered in Scotland under registration number SC073489. Our registered office is Apex Hotels, Apex House, Apex Hotels House, 1 Mid New Cultins, Edinburgh EH11 4DH. Our VAT number is 974 8933 55.
If you wish to place a query about any aspect of how we use your personal data, submit a Data Subject Access Request or to exercise your other rights as an individual under Data Protection Law, please contact us at privacy@apexhotels.co.uk or call us on +44 (0) 131 441 0440 or write to us at Apex Hotels, Apex Hotels House, 1 Mid New Cultins, Edinburgh EH11 4DH.
13. CONCERNS OR COMPLAINTS
Apex Hotels only processes your personal information in compliance with this Privacy Notice and in accordance with the relevant Data Protection Law. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority, the UK Information Commissioner. The website of the UK ICO’s office contains details of how to make a complaint: https://ico.org.uk/.
Update to privacy notice 15/07/2022