Privacy Policy

Effective Date: 01.07.2025

Version 1.0

1. Introduction

Andrew Brownsword Hotels (‘ABH’) (referred to as “we”, “our” or “us”) is committed to protecting your personal data in accordance with applicable UK data protection law; The UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications Regulations 2003 (‘PECR’) and the Data (Use and Access) Act 2025. This also includes (and is not limited to) other applicable laws such as the EU GDPR and e-Privacy Directive.

This privacy notice explains how we collect, use, secure and share your personal data, and what rights you have under data protection law.

This privacy notice also applies to other hotels that form part of our group:

• Gidleigh Park
• The Bath Priory
• Amberley Castle
• The Slaughters Manor House
• The Slaughters Country Inn
• Old Swan & Minster Mill
• Buckland Manor
• Sydney House Chelsea
• ABode Canterbury
• ABode Chester

Each hotel group member is a data controller. For certain activities such as reservations and bookings, each acts as a joint-data controller with ABH head office based in Bath.

We are registered with the Information Commissioner’s Office (ICO) under registration numbers:

• Z2160337
• Z2160371
• Z2161301
• Z8875267

2. Contact Information

Head Office:
4 Queens Square
Bath, Somerset
BA1 2HA
United Kingdom

Email: info@brownswordhotels.co.uk
Tel: +44 (0)1225 320470

Contact details for each hotel can be found on their respective websites.

Data Protection Officer (DPO):
Name: RA Data Protection Ltd
Email: ravi@radataprotection.com
Website: https://radataprotection.com

3. Lawful Basis

We process personal data under the following lawful bases:

• Consent
• Contractual obligation
• Legal obligation
• Vital interests
• Our legitimate interests

Where we process special category data (e.g. health information for dietary purposes), we ensure a relevant lawful condition is identified.

4. Data Subjects

We may process data from the following individuals:

• Enquirers
• Customers (Business and Individuals)
• Employees (including job applicants)
• Social media users
• Suppliers/Vendors

5. Personal Data We Collect

• Name
• Postal address
• Email address
• Telephone number
• Recruitment data (e.g. CVs)
• CCTV images (including sound)
• Photographic ID (e.g. passports)
• Payment information
• Booking and reservation information
• Dietary and health information (e.g. allergies, disabilities)
• Events information (e.g. weddings, private dining)

6. How We Collect Personal Data

• Through our websites
• Through calls, emails, letters
• Paper forms completed at hotels
• Social media interactions
• Through third parties (e.g. recruitment companies, booking sites)

7. How We Use Personal Data

• To communicate regarding our services
• To process job applications
• For internal records
• To process bookings, refunds and cancellations
• To improve our website and services
• For legal compliance and dispute resolution
• Marketing and promotional communications
• Security and premises protection
• Handling enquiries or complaints

8. Third Parties We May Share Data With

We do not sell or rent personal data. However, we may share data with:

• Employee benefit providers
• IT, legal and compliance advisers
• Caterers and event suppliers

We also share data with authorities where required by law or to protect our legal rights.

9. Hotel and Other Bookings

Bookings can be made directly or via third parties (e.g. Booking.com). We only share limited information necessary to confirm bookings.

10. Children’s Data

We do not market to children. We only collect the number and ages of children to ensure suitable accommodation and pricing.

11. Joint-Data Controller and Data Sharing

For some activities (e.g. bookings, HR, finance), we act as joint controllers within the ABH group, ensuring lawful and secure data sharing.

12. CCTV

Our hotels use CCTV for crime prevention, safety, and legal defence. Signs are displayed in relevant areas.

13. Call Recordings

Calls may be recorded for training and monitoring and are deleted after the retention period.

14. Recruitment

Recruitment data is processed in accordance with our Recruitment Privacy Notice.

15. Marketing and Social Media

We only send marketing communications with consent. We use social media (e.g. Facebook, LinkedIn, X) to share news and promotions.

16. Data Transfers Outside the UK

If data is transferred outside the UK, we ensure lawful transfer mechanisms are used (e.g. adequacy decisions, standard contractual clauses).

17. Cookies

Please refer to our Cookie Notice for details on cookies used and consent management.

18. Links To Other Websites

We are not responsible for external websites or their privacy practices. Please refer to their privacy notices.

19. Data Retention

We retain personal data only as long as necessary to meet legal, regulatory, and operational obligations, after which data is securely deleted or anonymised.

20. Data Security

We implement appropriate security measures and limit access to authorised personnel only. Any incidents are investigated and, where required, reported.

21. Payment Card Processing

We use accredited third-party providers to process payments securely. For more information, contact us.

22. Data Subject Rights

• Right to be informed
• Right to access
• Right to rectify
• Right to erase
• Right to object
• Right to data portability
• Right to restrict processing
• Right to not be subject to automated decision-making

You can exercise these rights by contacting us. ID verification may be required.

23. Concerns and Complaints

If you have concerns, please contact us. You can also complain to the ICO at https://ico.org.uk/make-a-complaint/.

24. Privacy Notice Updates

We review and update this notice periodically. Please check back regularly for the latest version.