- Do you use this data for any other purpose than the fulfilment of our contract with you; namely for anything other than the delivery of the service accommodation to our customer?
Corus & Laura Ashley Hotels does not use personal data for any other purpose other than for the legitimate purpose and interest in delivering the service of accommodation to our Customers.
- Do you share this data with any other party and if so who and why?
Corus & Laura Ashley Hotels does not actively share Customer Data. However, Guestline as our PMS provider, has access to this data and would be deemed as a Data Processor under the GDPR Rules. We have obtained a GDRP Compliance statement from Guestline.
Corus only shares Employee data on the basis of business needs and requirement and legitimate interest.
- What period do you retain the data for? (i.e. what period after fulfilment of the contract do you retain the data for prior to disposing of it?)
A maximum of 2 years for Customers and 7 years for Employees as set out hereunder:
(a) For all Clients of the Hotel once the Client is no longer a guest at the hotel and there are no outstanding matters between the Hotel and the Client, the Hotel will delete all personal data of the Client further to existing legal requirement for two (2) years after the Client’s last use or stay at the Hotel and in any event after that two-year period within seven (7) days of the settlement of any outstanding balance or issues, whichever is the later;
(b) For all Employees we will retain personal data for during the period of the employee’s employment and for seven (7) years after the employee leaves the employment of Corus Hotels Ltd and thereafter destroy the same by handing all related files to a certified Data shredding company and remove all related files from our database;
(c) Personal data of all Marketing Communications expressly consented to by the Client will be deleted upon the Client opting-out or unsubscribing from further marketing communications. The Client will be provided clear boxes to ‘Opt-Out’ or an ‘unsubscribe’ to from any further communication at any time and will not receive any such communication material thereafter. The unsubscribe link will be at the end of an email.
- Do you have a process in place that would allow you to respond effectively and timely to requests from us to ascertain the data that you are holding on one of our customers, to correct any errors in that data and following fulfilment of the contract to comply with an individual’s request to erase their data?
Yes – you may contact our Data Processing Officer at DPO@corushotels.com
You have a right to access the personal information that is held about you. Please refer to details of your right by click on this link Guest Access Rights on our GDPR Portal. To obtain a copy of the personal information Corus Hotels & Laura Ashley Hotels holds about you, please email us at DPO@corushotels.com enclosing your postal details and the details of your request.
Alternatively, you can write to us at the following address:
Data Protection Officer
Corus Hotels Ltd
1 Auckland Park
- What steps have you taken to secure and protect the data? In particular from a breach or other cyber-attack.
- Where and how is the data stored?
Physical Data: Is stored at the Front Desk. The data card is locked in a cabinet and is accessible by authorised personnel of Corus and Laura Ashley Hotels only. Authorised personnel must sign in and out every time the deal with a secure key.
Electronic Data: Data on our PMS system is only accessible by a secure password
Destruction of Physical Data: Pursuant to our GDPR Policy physical data which is secured in a locked cabinet with a security key is handed on or before the end of 2 years from the date such data come into being to an authorised and certified Data Shredding Company.
- Who can access the data and what controls are in place to prevent unauthorised access?
We have a GDPR Policy and Process in place as to who can access such data. As a hotel operator, the individuals who can access such data are Corus and Laura Ashley Hotels’ authorised personnel particularly the Front Desk who need to deal with such data on a business need an/or legitimate interest basis.
- What is your notification plan in the event of a data breach?
The Data Protection Officer at Corus Hotels Ltd shall promptly within 48 business hours or immediately after a weekend or a business day after a bank holiday notify the Information Commissioner’s Office and the affected party:
- of any data breach and the circumstances of such breach;
- the circumstances of such breach;
- the steps taken to remedy the breach and
- prevent similar recurrence