Privacy, Security and GDPR Statement
Who are we?
TLH Leisure Resort is a United Kingdom hotel group with 4 hotels based in Torquay, Devon. We provide value for money hotel rooms across the four 3 star hotels. In addition we have Aztec Bistro, Aztec Spa and Gym, Aztec Games and Alberts Bar that are open to non residents. We offer memberships to the Aztec Club.
Our Data Protection Officer / GDPR Owner can be contacted directly here: DPO@TLH.CO.UK
In common with other websites and apps, we use SSL (Secure Sockets Layer) encryption to ensure that personal information provided to us is not visible to anybody else when in transit between your computer and our servers. You can tell when SSL is in use by the presence of a small “padlock” symbol in the status bar of your web browser. If you click on the padlock on either the main site, or the hotel booking pages which are operated by Avvio, you will see the details of the Security Certificate. Our online hotel booking system operated by Avvio is secure and your credit card information will be encrypted.
In addition, our web servers are housed behind a secure firewall that prevents access to our databases by unauthorised users. All of our servers are housed in a secure environment with high levels of physical security.
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
What personal data do we collect?
We may collect the following information about you:
- Contact details including title, name, postal and email addresses, postcode, contact telephone numbers;
- Child names and ages when staying in hotel rooms;
- Business information, such as employer details and job title, particularly from our corporate customers;
- Transaction information, including payment and reservation and booking details;
- Purchase history, including the hotels that you have stayed in and requests that you have made.
- Customer communication preferences;
- Customer feedback;
- Computer or device information (e.g. your IP address and operating system).
- Health information via our health questionnaire which is completed on joining Aztec Club and using Aztec Spa.
- Dietary Requirements
We may collect the above information directly or via trusted 3rd parties such as your Group Organiser, your conference organiser, or on line travel agencies such as Booking.com.
Where you book accommodation for other people as a Group Organiser, we will ask you to provide the some of the above information about them (e.g. we will usually ask for the title, first name and surname, and special requests). You should only provide us with information about other people if you have their permission to do so.
Will TLH Leisure Resort share my personal data with anyone else?
We do not sell or pass on your data to any other company for use by them.
We may pass on your personal data to the police or a representative of the court if legally required to do so.
As part of our processing activity for the posting of brochures and special offer leaflets we will send your data to Torbay Mailing Services via encrypted transfer.
Can I find out the personal data that TLH Leisure Resort holds about me?
We will make a reasonable effort to comply with requests to view your personal data. We may require verification of your identity before we process a request to edit or remove your information. Please direct any questions about your information to the TLH Data Protection Officer whose contact details are shown below.
How will TLH Leisure Resort use the personal data it collects about me?
TLH Leisure Resort will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We may use your information for the following purposes:
- Administration and management of room and restaurant and spa bookings
- Processing and management of your gym membership
- Processing payment transactions
- Sending you communications about our products and services that we think may be of interest to you. We may also send you service information communications (e.g. reservation/booking confirmation). Business, website and consumer analysis and reporting
- Correspondence between us, including where you use our online enquiry form on the Contact Us section of the web site.
How long will TLH Leisure Resort keep my information?
We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. TLH Leisure Resort is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
We would like to keep you informed of TLH news and offers by post, phone, email, text. In order to do this we will process your data. Each time we do so we will assess under which legal basis we are operating. Your data will only be processed on the basis of:
- Contractual Obligations – where you have a booking or membership with us
- Legitimate Interest – where you have previously purchased from us and we have an offer to tell you about.
- Consent – where you have specially and freely given your informed consent
Please rest assured that we will not bombard you with emails or post and you may withdraw consent at any time by contacting DPO@TLH.CO.UK and stating you wish to withdraw your consent for full or partial processing. You may also update your preferences on any email communications you may receive from us by using the unsubscribe link at the bottom of all emails.
Exercising your rights
Under the Data Protection Act 2017 and the EU General Data Protection Regulations you have the following rights:
- The right of access to your own personal data.
- The right to request rectification or deletion of your personal data.
- The right to object to the processing of your personal data.
- The right to request a copy of the information you provide us in machine-readable format.
- The right to withdraw your consent to any processing that is solely reliant upon your consent.
Should you wish to exercise any of your rights, you should contact the TLH Leisure Resort Data Protection Officer via email : DPO@TLH.CO.UK
Changes to this Statement
TLH will occasionally update this Statement of Privacy to reflect company and customer feedback. TLH encourages you to periodically review this Statement to be informed of how TLH is protecting your information.
In the event that you wish to make a complaint about how your personal data is being processed by TLH Leisure Resort, you have the right to lodge a complaint directly with the supervisory authority and TLH Leisure Resort’s Data Protection Officer / GDPR Owner.
The details for each of these contacts are:
Data Protection Officer / GDPR Owner contact details
TLH Leisure Resort
Telephone: 01803 400 500
Supervisory authority contact details
Information Commissioners Office
Telephone: 0303 123 1113