Privacy Notice

INTRODUCTION

The Doyle Collection [1] (“Doyle”, “we” or “us”) is committed to protecting and respecting your privacy.

This Privacy Notice is issued on behalf of each company within The Doyle Collection, so when we refer to The Doyle Collection, we or us in this Notice, we are referring to the relevant company in The Doyle Collection responsible for processing your personal data. Doyle Hotels (Holdings) Limited is the controller of and responsible for the Doyle Collection website.

This Privacy Notice (the “Notice”) set out the basis on which any personal data we collect from you or that you provide to us, or that is provided to us relating to you (“Data”) by any means will be processed. It has been updated to comply with the requirements of the General Data Protection Regulation (EC) 2016/679 and UK General Data Protection Regulation (UK GDPR) (“GDPR”).This includes when you, or someone on your behalf, requests information from us, contact us (or we contact you), make a booking, use our websites, link to or from our websites, connect with us via social media, through our central reservations or hotels, or any other engagement we have with you (regardless of where you are based).

This includes when you, or someone on your behalf, requests information from us, contacts us (or we contact you), make a booking, use our websites, links to or from our websites, connects with us via social media, through our central reservations or hotels, or any other engagement we have with you (regardless of where you are based).

Please read the following carefully to understand our use of personal data. Please note that the Notice relates only to the personal data of living individuals.

Information we may collect from or about you

We collect personal data from you which you volunteer when you provide such personal data to us, or via our services with which you interact. We may also be given other personal data relating to you by other persons. These could include, if a booking is made for you by another person, who may be a family member or travelling companion, or a booking agent or other intermediary, working for you or, where you are travelling on business, your employer, or other third-party books on your behalf. We may also obtain such other personal data about you as may be provided to us in the course of our legitimate business activities.

We may collect and process personal data in the course of providing services to you, which could contain your personal data including the following:

your full name; your address; your various email addresses; your various phone numbers including mobile phone numbers; your nationality; financial  information  about  you  including your bank account details; credit card details or other payment details; details of contracts you have entered with third parties for us to provide services  to you;  details of your relationship to other parties; details of your membership of professional or other organisations; your date of birth; details of your children and other relations; medical details including details of allergies; guest preferences including likes and dislikes, your photograph obtained from public sources used in limited circumstances* details of your car registration number; details of your driving licence; details of your Covid vaccination or recovery; details of your passport, and all other personal data which you ask us to process on your behalf, or which is necessary for us to process in order for us to fulfil our role in providing bedroom accommodation, food & beverage, meeting room, Guest Recognition Program or other hospitality related services to you. (*the limited circumstances noted are that of our Guest Recognition Program)

We may also process other data, which is not personal data. In general, we do not collect special category/sensitive personal data from or about you. We will, however, collect personal data volunteered by or about you relating to disabilities, allergies or medical or other dietary requirements, in order to address your needs. We may also need to process such information in the event of an accident or a medical or other emergency during your stay or your use of our other facilities.

When you access our website or wi-fi facilities, your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer, and to offer services to you.

Security Statement

Security and where we store your personal data

To protect your information, on Doylecollection.com we use security measures that comply with Irish Law and meet international standards. This includes computer safeguards and secure files and buildings.
We will take all reasonable care to keep the details of your booking or reservation and credit card information secure.

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We do continue to revise policies and implement additional security features as new technologies become available.

Though we do not seek actively to transfer personal data outside the EEA/UK, some of the external third parties we deal with are based outside the EEA/UK or process personal data outside the EEA/UK, so their processing of your personal data will involve a transfer of data outside the EEA/UK.

Whenever we transfer your personal data out of the EEA/UK, we look to ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and UK Parliament.
• Where we use certain service providers, we may use specific contracts approved by the European Commission and UK Parliament which give personal data the same protection it has in Europe and the UK.
• Where we use providers based in third-countries , we may transfer data  using a valid transfer mechanism, such as entering into standard contractual clauses (SCC) which includes the international data transfer addendum required for the UK, which requires them to provide similar protection to personal data shared between Europe/UKand these third-countries.

Please note that when booking a room in one of our hotels located outside the EEA/UK your personal data will be transferred to this location in order to allow us to fulfil our contract with you and to provide you with services.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA/UK.

How we use your personal data

We will only use your personal data when we have a lawful basis to do so. We obtain and use your personal data that we hold where it is necessary:

• to take steps at your request prior to entering into a contract with you and to carry out our obligations arising from any contracts entered into between you and us including providing you with the services listed below;
• for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
• to comply with our obligations under applicable legislation;
• for reasons of substantial public interest, such as the prevention or detection of crime, or other unlawful acts, subject to appropriate protections as set out in our internal policies and procedures; and/or
• to establish, exercise or defend legal claims.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us, using the contact details below, for more information on the specific grounds we rely on for processing your personal data.

When we refer to our legitimate interests, we mean the interest of our business in conducting and managing our business to enable us to give you the best service/product, understanding your requirements and preferences, and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).

Generally, we do not rely on consent as a legal basis for obtaining and processing your personal data other than in relation to:

• sending direct marketing communications to you; and/or
• information about your health, any disabilities and allergens that you or someone on your behalf volunteers to us to enable us to accommodate your needs during your stay.

Where we are using your personal data on the basis of your consent, you are can withdraw that consent at any time (subject to applicable law) by contacting us at data_protection@doylecollection.com. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

List of services we provide:

• bedroom and suite accommodation
• bars
• restaurants
• meeting spaces event spaces
• loyalty programs
• vouchers
• or other hospitality related services to you

Marketing/promotional offers

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Where you have agreed to receive it, we may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.

We will not share your personal data with any company outside The Doyle Collection for non-Doyle Collection marketing purposes without your express consent.

We may use your personal data to send you information relating to our services, events and products which may be of interest to you. If you do not want us to use your personal data in this way, please notify us to that effect. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time using the contact details set out at the end of this notice.

How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for current year plus six years after the transaction in question. We also need to keep information for that period to be able to deal with any dispute.

Disclosure to third parties

We may disclose your personal data to third parties who provide a service to us and to other companies within The Doyle Collection; such as 1. in the event that we sell any business or assets, in which case we may disclose your Data to the prospective buyer of such business or assets; 2. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, property, or safety of staff or customers.

Sharing Data

We will only pass your personal data to our business partners, to fulfil your requirements, improve our services or where we are required to do so by law. These include your company or travel agents involved in your booking, customer satisfaction surveys, loyalty scheme providers, email marketing provider use only by The Doyle Collection.

Other categories of third party which may have access to your personal data include our professional advisers, including lawyers, banks, auditors and insurers; and relevant statutory bodies and other regulatory bodies and authorities in your jurisdiction, and, where appropriate, the police and courts.

Where these third parties are our processors, we require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Some of the third parties mentioned above, for example many professional advisers and relevant statutory body in your jurisdiction, are controllers who, like us, are subject to specific obligations under data protection law, and who will have their own privacy notices setting out how they deal with personal data.

Please note that gyms and leisure facilities and car parking at a number of our hotels are operated by independent companies. These operators are controllers in their own right and have their own obligations under data protection laws.

Links to other sites

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any data to those websites.

CCTV

For the greater security of our guests and patrons, and to prevent and detect crime, we use CCTV in and around our premises. To obtain information about our use of CCTV contact us at data_protection@doylecollection.com or please see our CCTV policy  here.

Your rights

As an individual, under EU and UK laws you have certain rights to apply to us to provide information or make amendments to how we process data relating to you. These rights apply in certain circumstances and are set out below.

• The right to access data relating to you (‘access right’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to enable us to deal with your request or to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or we have received a number of requests. In this case, we will notify you and keep you updated. Please see Form 1a[2] here

• The right to rectify/correct data relating to you (‘right to rectification’). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Please see Form 2a here

• The right to object to processing of data relating to you (‘right to object’). Where we process your personal data on the basis of a legitimate interest or where there is profiling based on these provisions, you have the right to object to the use of this data. If we process personal data for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes. Please see Form 3a here

• The right to restrict the processing of data relating to you (‘right to restriction’). This enables you to ask us to suspend the processing of your personal data in the following situations: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please see Form 4a here

• The right to erase/delete data relating to you (i.e. the “right to erasure”). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that while you are employed by us and for a reasonable period after the termination of your employment, there will only be very limited circumstances when we will be required to erase any of your personal data. Please see Form 5a here ; and

• In limited circumstances, the right to ‘port’ certain data relating to you from us to another (‘right to data portability’). Note that this right only applies to automated information which you provided to us and where our justification for processing was consent or where we used the information to perform a contract with you. Please see Form 6a here

• You also have the right to make a complaint at any time to the relevant statutory body in your jurisdiction. If you would like us in the first instance to deal with your concerns, please email us at  data_protection@doylecollection.com

Changes to this policy

We reserve the right to change this Notice from time to time in our sole discretion. If we make any changes, we will post those changes online at www.doylecollection.com/privacy-notice so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide data after we post any such changes, you accept and agree to this Notice as modified.

Cookie usage and storage

Contact Us

Questions, comments, requests and complaints regarding this Notice and the information we hold are welcome and should be addressed to us at data_protection@doylecollection.com

All requests will be dealt with promptly and efficiently, and in accordance with the requirements of the GDPR.

___________

[1] The Doyle Collection comprises Doyle Hotels Holdings Limited and other group undertakings see Appendix 1 for more information

[2] Under GDPR you are not obliged to complete any mandated forms. However, completion of the relevant form (1a-6a) would assist us in dealing with your request in an effective and efficient manner

Appendix 1

Doyle Hotels (Holdings) Limited and other group undertakings are the controllers of and responsible for processing your personal data and comprises of the following entities

Doyle Hotels (Holdings) Limited, 156 Pembroke Road, Ballsbridge, Dublin D04 HP48, Ireland, trading as The Doyle Collection

West Hotel Trading Company Limited Balfe Street, Dublin D02 CH66, Ireland, trading as The Westbury

Doyle London Hotels Limited, 47 Welbeck Street, London, W1G 8DN, United Kingdom, trading as The Marylebone

Doyle Bloomsbury Hotel Limited, 16-22 Great Russell Street, London WC1B 3NN, United Kingdom, trading as The Bloomsbury

Doyle Kensington Hotel Limited, 109-113 Queen's Gate, South Kensington, London, SW7 5LP, United Kingdom, trading as The Kensington

Doyle Hotels (UK) Limited, Prince Street, Bristol   BS1 4QF, United Kingdom trading as The Bristol

P.V. Doyle Hotels Limited, Western Road, Cork, T12 X2AH, Ireland, trading as The River Lee

P.V. Doyle Hotels Limited, Jones' Road, Dublin 3, D03 E5Y8, Ireland, trading as The Croke Park

Doyle Dupont LLC, 1500 New Hampshire Avenue NW, Washington DC, 20036, United States, trading as The Dupont Circle