We know it may seem like a lot of information, but we want you to be appropriately informed about your rights, how we use your data.
We hope the following sections will answer any questions you may have, but if not, please do get in touch with us.
We may update this notice from time to time. If there is any significant change, we will let you know, but you’re welcome to come back and check it whenever you wish.
2. Who are Warner Hotels?
Warner Leisure Hotels owns and operates country and coastal properties around the UK, offering short adult only breaks.
For simplicity throughout this notice, ‘we’ and ‘us’ means Warner Leisure Hotels, and its business units.
We have a legal duty to protect personal information that we collect under Privacy Legislation such as, the General Data Protection Regulation (GPDR), Data Protection Act 2018 (the “DPA”) and the Privacy and Electronic Communications Regulations 2003, (PECR).
For the purpose of the DPA and PECR, we are the data controller and are located at Warner Leisure Hotels 1 Park Lane, Hemel Hempstead, HP2 4YL.
If you have any queries relating to this policy, you may write to us this address or contact us here.
3. What types of Personal Data do we collect?
- Your Full Name
- Your Address and Postcode
- Your email address
- Telephone Number
- Age and DOB (including additional guests)
- Your Gender
- Additional guest names
- Internet or other electronic network activity information, including information regarding your interaction with our websites, applications, or advertisements.
- Online identifiers such as IP address and session ID’s.
- Booking reference or unique identifiers
- Health & Medical information, (where required, for example if voluntarily provided at booking or to enable participation in an activity or treatment).
- Financial information (e.g. bank/credit/debit details) These will be collected directly by a third party payment provider and tokenised. We will never store your full payment card number.
- Images or footage captured by Photography/CCTV/Body worn camera, ANPR and Poolview (Anti drowning technology in some of our pools)
- Vehicle Information
- Audio voice recording
- Third party letting information
- Research information. For example you may choose to sign up to research panels and or respond to surveys or polls that help us understand our guests opinions and views.
- Competition Data. This is only used for the purposes of the relevant competition and will be subject to the terms and conditions of that competition, which will be notified to you when you enter the competition.
- We may also collect publicly available information from social networking sites such as Facebook, Twitter, YouTube, Instagram, and Snapchat, for example likes, shares, tweets and posts about Warner. This information is provided to us by a third party and used at an aggregate level for analysis purposes.
4. What do we use your data for?
It’s important that you understand how and why we use the personal data that we collect from you. This section sets out the different purposes for which we process personal data and which types of personal data we need for each purpose.
- When you create an account with us we will manage and administer your account and provide you with the relevant services
- When you book a break with us we will process your information to fulfil your break and send you service messages relating to your break..
- When you use My Warner Stay to manage your break and additional services.
- When you engage with us on social media.
- When you download or install one of our applications.
- When you voluntarily contact us with a query, a comment or make a complaint we will ensure your query is appropriately dealt with.
- When you engage with one of our contact centres, we may record audio for training and monitoring purposes
- When you voluntarily enter a prize draw or competition, we will process your data to enable you to participate in that competition and to carry out activities that relate to the competition; for example, letting you know if you have won a prize and or using your details to communicate with you if you are a winner.
- When you book an appointment or attend an event that is provided by a 3rd party supplier we will process your data to the extent required to meet our purposes and fulfil the service to the 3rd party provider and their guests or delegates.
- We may use your contact details to contact you from time to time to ask you to participate in surveys to help us improve our offerings. We use this data for the purposes of analysing insights and information to help us to improve our services and offerings and to help us build more accurate and targeted information for our guests. It may also inform our marketing and promotional activities and help us personalise our offer through our marketing to you. Where we utilise
- From time to time, we may use research panels to conduct market research for us which may involve collecting personal data for the purposes of carrying out research. Where this collection of personal data is by third party research companies, it may be subject to separate privacy policies.
- We may sometimes use anonymised data for certain purposes such as to produce reports or help us understand what type of services you like and don’t like and to ensure our advertising is effective. When used for this purpose, this data does not enable you or any other individual to be identified.
- With your consent, we will use your personal data, preferences, and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. You are free to opt out at any time.
- If you fill in any forms e.g. booking an activity or when going to a spa we will process your data to enable us to fulfil the service booked and to ensure the health and safety of our guests and team members.
- If an accident or incident takes place on one of our hotels we may collect certain data from you to ensure we are able to support those involved and ensure our health and safety procedures are followed.
- We may sometimes receive requests from TV and other companies to film/photograph at our hotels. We also take our own Warner Hotels’ promotional films and photographs on the parks throughout the year.
- To protect our customers, premises, assets and Partners from crime, and to ensure health and safety at all times, we operate CCTV systems on our facilities and car parks which record images for security. We do this on the basis of our legitimate business interests.
- To process payments and to prevent fraudulent transactions we may use third-party fraud protection services (i.e., 3D-Secure services) by which said third-party may receive your personal information to perform the fraud protection services.
- If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.
- We may be required to comply with our contractual or legal obligations to share data with law enforcement and other authorities. For example, when a court order is submitted to share data with Government functions & law enforcement agencies or a court of law e.g. HM Revenue or DWP.
5. How we use Sensitive Personal Information
We do not normally collect sensitive personal information from you as part of the booking process. However, if you make us aware of any special requests voluntarily, for your booking including anything due to specific medical, dietary, or religious requirements, we will note these so that we can do our best to meet your request. We will not process this data for any other purpose.
If you book onsite activities (including, but not limited to, sports, outdoor activities and spa treatments), we ask for information about your health including any existing conditions relevant to the activity and details of who to contact in the event of an emergency.
The information is collected for the following purposes:
- To provide the activities and treatments you want and to ensure you can safely take part
- To ensure we are able to contact someone in an emergency
6. Combining your data for personalised marketing
We want to bring you news and promotional offers that are most relevant to your interests at times. We will use your email address to send you email marketing (including our newsletters and information about new services and competitions when you sign up to receive them from us.)
You can opt out of receiving marketing emails at any time by either following the instructions to unsubscribe in any of the communications we send you or by changing your preferences.
If you opt out of email marketing, we will still send you service communications from time to time such as information about your breaks, and updates to our policies.
We may use information obtained as part of our surveys to enrich our marketing data. If this is the case we will make that clear to you setting out our lawful basis for our processing.
We may use basic demographic information provided to personalise our targeted advertising.
We also promote our content and features via third party platforms such as social media sites like Facebook. This usually works by us sending a hashed or encrypted identifier to the third-party platform which is then matched to the third-party records in order to identify whether you are also a user of their platform. If you are identified as a user this allows us to send promotions and content features that we think you will be interested in.
We may also use Facebook business tools to enable us to send certain information to Facebook. This helps us to evaluate how effective our marketing is.
Facebook acts as a data processor when it provides matching, measurement, and analytics services to us when using Facebooks business tools.
We are joint data controllers with Facebook Ireland when we share Event Data with Facebook Ireland to help target our marketing campaigns, create custom-made audiences and also improve ad delivery and optimisation of our marketing campaigns on Facebook This enables us to make sure we area reaching the right audiences with our marketing campaigns, which in turn helps us recommend the most relevant product or services to you. We have entered into Facebook’s standard joint data controller agreement in accordance with the terms for the use of the relevant Facebook Business Tools: https://www.facebook.com/legal/controller_addendum
Facebook also acts independently as a data controller when it combines our user Event Data with the Event Data from other advertisers to improve and refine its ad targeting algorithm to help it deliver more personalised ads to its users. Further information about how Facebook processes your personal data, including the legal basis Facebook Ireland relies on and the ways to exercise your rights under GDPR against Facebook Ireland, can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy . More information about the security measures that Facebook uses can be found here: https://www.facebook.com/legal/terms/data_security_terms.
We rely on legitimate interests as a legal basis for the processing of your personal data for the targeted promotion of our content on third party platforms. By using your data in this way, we can ensure that our marketing communications with you will be more relevant, and our campaigns reach the right audiences. You can opt out of receiving this type of marketing on other platforms at any time by changing your preferences in the "Privacy settings" section of your Account Settings. We will process this request as quickly as possible but you might continue to see our promoted messages whilst your instruction is being administered.
Our content might appear on third party sites based solely on your behaviours on these sites (for example, after liking our brand or its content on Facebook), or the behaviours of those within your networks (for example, a friend within your Facebook network likes our brand or its content on Facebook, so it appears in your News Feed). These branded messages are controlled by the third party site, but you may be able to update your preferences to stop these messages appearing in future (for example, you can customise your News Feed in Facebook via ‘News Feed Preferences’).
If you download our app, some of the communications that we send to you, including marketing communications, content recommendations and information about new content or features, may be sent by push notification. Push notifications are messages that pop up on your mobile device. You can choose whether or not to receive push notifications from the app through your device settings.
If you use an Android device, your device will automatically opt you in for push notifications and you will need to turn these off if you don't want to receive them. If you use an Apple device, you will be asked when you set up your device if you want to receive push notifications and you can choose to receive them then. If you change your mind, you can change your preferences at any time in your device settings.
7. What is our legal basis for using your data?
Data protection law says that we must tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.
The law on data protection sets out a number of different reasons for which a company may collect and process personal data, including:
In certain circumstances, we can collect and process your data with your consent.
For example, when you tick a box to tell us you would like to receive news and offers from us.
In certain circumstances, we can collect and process your personal data to comply with contractual obligations.
For example, if you book a break with us, we’ll collect your personal information to enable us to book break and communicate with you about details in relation to your booking.
Warner Leisure Hotels may disclose personal information If the law requires us to.
For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement to protect the safety and security of people and property, to pursue available remedies or limit damage and to respond to an emergency
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will use your booking history to send you or make available personalised offers but we will seek your consent to send you marketing.
We may also combine the booking history of our customers to identify trends and ensure we can keep up with demand or develop new services.
We may use responses to Warner surveys to identify trends and make available personalised offers to you.
We may also use your address details to send you direct marketing information by post, telling you about news and services that we think might interest you.
We may contact you regarding market research
In certain circumstances when you book with us and do not choose to opt out from receiving our emails we will use your personal data, preferences and details of your bookings to keep you informed by email, web, text and telephone through our contact centres about relevant news and services including tailored offers, discounts, promotions and competitions. This is known as a (‘Soft Opt In’)
8. Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We ensure appropriate Due Diligence is undertaken to ensure the security of your data.
- We work closely with them to ensure that your privacy is always respected and protected.
- If we stop using their services, any of your data held by them will either be deleted, returned or rendered anonymous.
Examples of the kind of third parties we may work with are:
- Third party suppliers who help us manage our customer data
- Information technology providers who help us to manage our IT systems and ensure that they are secure and protected from fraud and abuse; Direct marketing companies who help us manage our electronic and postal communications with you.
- Third party service providers who carry out our user testing for usData insights and market research agencies.
- Technology solutions providers who help us show you advertising.
- Direct marketing companies who help us manage our electronic and postal communications with you.
- Data Insight and Market research agencies, who may send surveys on our behalf
- Auditors and other professional advisors who help us manage our processes and improve accuracy of our data
- Social Media platforms to show you services that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Policy for details.
- Payment service providers that enable us to fulfil transactions with you.
- Third-party fraud protection services (i.e., 3D-Secure services) by which said third-party may receive your personal information to perform fraud protection services. Activity providers.
- For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- Partnerships we work with to bring certain services or breaks to our guests.
- We may also be required to disclose your personal data where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.
- We may, from time to time, expand, reduce or sell our business and therefore may share data with Prospective buyers of our business or assets. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
- Activity and event providers
- Where you are attending an event organised by a third party at our Resorts, we may share booking details with them to allow the event to be planned effectively. Our legal basis for the sharing of this data is our contractual obligation to our partners.
- If you take out holiday insurance as part of your break, we will pass on details of your booking to our insurers, and their underwriters. This will allow them to administer your policy and any claim.
9. Security on our resorts
The following are operated in our hotels to assist with monitoring & maintaining hotel safety, to prevent and detect crime and; assist law enforcement (where necessary):
- Automated Number Plate Recognition (ANPR).
- Body Worn Cameras (BWC) where required for guest safety - the security team will always inform you before turning their BWC’s on.
- Pool view, some sites may operate drowning prevention technology.
These systems are operated for the protection of our guests, employees & premises from criminal activities.
If we discover any criminal activity or alleged criminal activity through our use of CCTV, we will process this data for the purposes of preventing or detecting unlawful acts.
The Legal basis for our use of this information is in our Legitimate Interests to ensure the safety of guests and employees at our hotels and to assist with law enforcement. We may also use the footage to exercise and defend our legal rights.
10. Where We Transfer and Store Personal Information
The personal information that we collect from our website visitors and guests may be transferred to, and stored at, destinations outside the European Economic Area, (the "EEA”). If we do carry out transfers outside of the EEA, we will ensure the recipient has an adequate level of protection for your personal data and to make sure that it is properly protected. To ensure this we have put in place contractual safeguards with our Data Processors.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
11. How long will we keep your personal data?
Whenever we collect or process your personal data we’ll only keep it for as long as is necessary, for the purpose for which it was collected. This period will be determined based on any business and/or legal requirements.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
If you need further information, please contact us here.
12. How long will we keep your personal data?
You have certain rights in respect of the personal information that we hold about you. Details of these rights are set out below. To exercise any of your information rights, please contact us here. Please note that requests that do not relate to your information rights will not be managed here. For Complaints or guest relations queries please follow our complaints process.
We will process all personal data in line with your rights, in each case to the extent required by and in accordance with applicable law only (including in accordance with any applicable time limits and any requirements regarding fees and charges). We will always respect your personal information rights. For more information on your rights, please see: https://ico.org.uk/your-data-matters/.
13. How can you stop the use of your personal data for direct marketing?
We want to make you aware of the fantastic breaks and services we offer. To do so, we may send you communications via email, text message, push notifications, in-app alerts, direct mail, and social media.
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails to you.
- If you have an account with us you can log in into your account and change your marketing preferences.
- In our apps, you can manage your preferences and opt out from one or all the different push notifications by selecting or deselecting the relevant options in the ‘Settings’ section.
- If you do not wish to see advertising on social media, you can also manage this within your social media platform settings.
- You can contact our Data Protection Team directly by clicking here.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
14. Cookies and other tracking technology
Our website uses “cookies” and other tracking technologies which are placed and stored on your computers’ hard drives, or in their browser memories, if you agree, when you visit our website. These are used for various purposes, including distinguishing you from other website visitors. You can manage all cookies using your browser settings or using a service such as https://www.aboutcookies.org.uk/managing-cookies.
We use Contentsquare in order to better understand our users’ needs and to optimise the service and experience we provide to you. Contentsquare use how visitors interact with our website or applications, mouse or touch movements, scrolls, mouse clicks, screen taps or zoom data, time of engagement etc but only to the minimum extent necessary.
The Contentsquare solution is designed to use 1st party cookies, with expiration of no more than 13 months. See current list of cookies used by the Contentsquare solution at: https://docs.contentsquare.com/uxa-en/#cookies-list. Our Cookieless solution, if enabled by the customer, replaces cookie technology with SessionStorage technology (which expires at the end of the session). For more information, see https://contentsquare.com/privacy-center/audience-measurement-exemption/. For our CS for Apps solution, Online Unique ID is collected and used in customer’s native apps only and stored on device no more than 13 months.
16. How do we protect your personal data?
We treat your information with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps using ‘https’ technology.
We take reasonable measures to protect personal information from unauthorised access, disclosure, alteration, or destruction and keep personal information accurate and up to date as appropriate.
Warner Leisure Hotels employ a robust team of dedicated information security professionals who are responsible for managing our security. The team is responsible for, among many other things, monitoring our system for potential intrusions, responding to incidents, supporting security and regularly reviewing and updating our security controls to protect data.
Sensitive data such as payment card information is processed securely and tokenised to ensure it is protected.
Warner Leisure Hotels maintains a payment card industry (“PCI”) compliance program which helps ensure the security of card transactions. To ensure compliance we have to meet a number of operational and technical requirements to protect your card data.
We will never ask you to send us confidential information or payment card information via email or text message.
We require third parties with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information.
In the event of a security incident, Warner Leisure Hotels will notify regulators and/or consumers as required by applicable laws and regulations.
18. Any questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you: