Rocco Forte & Family (Hotel Management) Limited together with its direct and indirect subsidiaries and affiliates, and all of the separate and distinct legal entities that manage hotels and resorts on its behalf worldwide (collectively referred to as “Rocco Forte Hotels”, “we”, “us”, “our”) takes the issue of safeguarding your privacy seriously.

This privacy notice (“Privacy Notice”) together with our Website Terms and any other documents referred to in these documents, describes what information we collect from hotel guests, Restaurants, Bar & Spa guests, visitors to www.roccofortehotels.com and other websites and mobile Apps operated by us, Gift Certificate buyers and any other individuals who contact us (collectively each referred to as a “guest”, “user”, “you”, “your”). We will also identify the way in which Rocco Forte Hotels uses this information for legitimate business purposes and to better serve the needs of our current and prospective guests. Please note that this website is not intended for children under the age of 16.

Please read these documents carefully. By visiting our website or otherwise interacting with us by, for example, using our services, you acknowledge the processing activities undertaken by us which are described in this Privacy Notice, our terms and any other related documents referenced herein. Please note that any websites that may be linked to our websites are subject to their own privacy notice.

If you have any questions about this notice, please contact us by email at dataprivacy@roccofortehotels.com or write to our office at Rocco Forte Hotels, Data Privacy Enquiries, 70 Jermyn Street, London, SW1Y 6NY. Please note your enquiries will be received during UK office hours and we will aim to respond to your enquiry as soon as reasonably possible.

We may change this Privacy Notice from time to time and will let you know about any changes, including by posting them on our website. Your continued use of our website after any such changes have been made will amount to your acknowledgement of the amended notice.

This version of our privacy notice was published in July 2017.

Contents

1.    What Is Personal Information?

2.    What Personal Information Might We Collect About You?

3.    Cookie Statement

4.    Why Do We Capture And Store Your Personal Information?

5.    Legal Basis For Processing

6.    Disclosure Of Your Information

7.    How Is My Personal Information Secured?

8.    Is My Personal Information Transferred Overseas?

9.    How Long Is My Personal Information Retained?

10.  Your Rights

  1. 1.       What is Personal Information?

“Personal Information” or “Personal data” means any information relating to an identified or identifiable natural person (each a ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Information may include name; address; email address; phone number; IP address; location data; payment details; information about movements around our websites and other digital media such as mobile app or social media; information concerning your interests; bookings; purchases and product and service preferences; data captured in authentication and tracking logs; and information collected from cookies and similar technologies.

  1. 2.      What personal information might we collect about you?

We may process the following personal data about you:

Information you give us. You may give us information about you by, even partially, filling in forms, setting up a user account or profile, subscribing to newsletters and other services, making or cancelling a booking or ordering a product, making applications in respect of job postings, uploading information on our website, putting in an "enquiry" about one of our hotels or resorts, using our enquiry form or participating in one of our on-line surveys, participating in prize draws or promotions or by communicating with us by e-mail, phone or otherwise, e.g. by calling one of our Reservation Offices (or third party office) or by contacting a particular hotel or resort directly. This information may include your name, email address, billing address, room preferences or special requests, phone number, guarantee and deposit information to secure your reservation, the content of any email you send to us and any other similar information. You are under no obligation to provide this information, but without it, we may not be able to provide you with some of our content, services or information you may request.

Information collected during your stay with us. We record your itemised spending and other expenses billed to your room. Information particular to your stay may also be stored (i.e. health issues, payment difficulties, special requests, service issues). The information specific to your stay is stored in the property management systems and is combined with information from previous visits that you have made to that hotel or to any other hotels within the group. Certain information regarding your service preferences is also stored centrally by us and may be made available to other Rocco Forte Hotels properties. In addition, we may retain the content of any document (including letters, comment cards, electronic documents such as e-mails and other similar forms of communication) that you send to us before, during or following your stay. 

Information we collect about you. With regard to each of your visits to our website or app we may collect:

  • information that does not reveal your personal identity, for example, the type of destination you are seeking information on. We use this aggregated data mainly for editorial purposes, and we may connect it to any Personal Information, such as your name or address.
  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, date and time you access our website, and the Internet address of the website from which you linked directly to our website, browser plug-in types and versions, operating system and platform and similar information; and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website, pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Information about minors obtained from parents or guardians. Rocco Forte Hotels does not knowingly collect personally identifiable information via our websites from any person we actually know is a person under the age of 18. We may collect personally identifiable information from persons under the age of 18 as part of the guest reservation and registration processes, but always with the consent of such person’s parent or guardian.

Information obtained from someone making a booking on your behalf. If you are entering data on behalf of another person, you warrant to us that you are authorised by that person to enter their personal data into our system, and that information you enter is accurate and correct. If any non-compliance by you with respect to this provision results in any loss or damage being incurred by us, you may be required to compensate us in respect of such loss.

Information about you obtained from third party sources. These third party sources may include credit reference agencies and other third parties. In addition, in preparation for your stay, we may collect your photograph from publically available sources so that we can recognise you in order to provide you with outstanding customer service.

  1. 3.      Cookie Statement

What Exactly Are Cookies?

In order to collect the information as described in this notice, we may use cookies, web beacons and similar technologies on our website.

A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device.

You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. However, some of the services and features offered through our website may not function properly if your cookies are disabled.

Cookies can be first party or third party cookies.

  • First party cookies – cookies that the website you are visiting places on your computer.
  • Third party cookies – cookies placed on your computer through the website but by third parties, such as, Google.

The Cookies Placed On Our Website

We use the following cookies on our website. We may combine information from these types of cookies and technologies with information about you from any other source.

Strictly necessary cookies. These cookies are essential in order to enable you to move around our website and use its features. Without these cookies, services you have asked for cannot be provided. They are deleted when you close the browser. These are first party cookies.

Performance cookies. These cookies collect information in an anonymous form about how visitors use our website and apps. They allow us to recognise and count the number of visitors, see how visitors move around the site when they are using it and identify the regions that they are visiting from. These are first party cookies.

Functionality cookies. These cookies allow our website and apps to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. The information these cookies collect will be anonymised and they cannot track your browsing activity on other websites. These are first party cookies.

Analytics. We may use third party analytics services such as Google Analytics and other providers. These service providers help us analyse how users use our website and to identify user patterns. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by third party analytics service providers on servers outside EEA. The information collected for this purpose (including your IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers. On our behalf third party analytics service providers will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet activity in connection with the use of the website. These service providers may retain and use anonymised, aggregated data collected from users of our Website in connection with their own businesses, including in order to improve their products and services. For information on how to prevent these cookies please click here. In addition, authentication and tracking logs will be used to compile user statistics.

Targeting or advertising cookies. These cookies allow us and our advertisers to deliver information more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of advertising campaigns. They remember that you have visited our website, the length of your visit, the ads you viewed and may help us in compiling your “utilisation profile”. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.

As a result, you may see certain third party ads on other websites based on your visits to our website because we participate in advertising networks administered by third-party vendors, such as Google Adwords, Bing Ads, Yandex, Yahoo, Baidu, Facebook, and other similar service providers. In addition, these ad networks allow us to target our ads to our users considering demographic, users' inferred interests and browsing context. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs and web beacons. The networks use this information to show you ads that are tailored to your individual interests, to track your browser activity across multiple websites, and to build a profile of your web browsing. The information our ad network vendors collect includes information about your visits to websites that participate in the vendors' advertising networks, such as the pages or advertisements you view and the actions you take on the websites. This data collection takes place both on our website and on third-party websites that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts. Further, we may use features of third party analytics service providers for display advertisers. That includes obtaining specific visitor cookie data, such as the source, medium and keywords used to visit our website. To learn more about how to opt out of ad network interest-based advertising access the opt-out tools of the DAA here or Your Online Choices here.

Social Media cookies. These cookies together with social media plug-ins allow you to use functionalities of social media networks such as Facebook, Google’s +1 button, Twitter, Instagram and others on our website. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion. If you use these functionalities, the plug-in and its content are loaded directly from the social media provider’s servers and included in the website by your browser. If you log into your respective social media account at the time you interact with the social media plug-ins on our website, the social media provider will connect this information with your social media user profile. We cannot influence which personal data the social media provider will collect about you. Please see their privacy notices for further information:

Cookie Consent and Opting Out

We assume that you are happy for us to place cookies on your device. Most Internet browsers automatically accept cookies. However, if you, or another user of your device, wish to withdraw your consent at any time, you have the ability to accept or decline cookies by modifying your browser setting.  If you choose to decline cookies, you may not be able to fully experience the interactive features of our website, our platforms and our services.

When you arrive on our website a pop-up message will appear asking for your consent to place advertising cookies on your device.  In order to provide your consent, please click ‘I understand’. Once your consent has been provided, this message will not appear again when you revisit.  If you, or another user of your device, wish to withdraw your consent at any time, you can do so by altering your browser settings. If you do not withdraw your consent we will assume that you are happy to receive cookies from our website.

For more information about which cookies may be placed on your device and how to opt-out, please access the tools of the DAA here or Your Online Choices here.

In some instances, when you opt-out, a new cookie (Opt-Out-Cookie) is placed in your web browser. This tells the third party provider to cease data collection from your browser and prevents advertisements from being delivered to you.

For more information about cookies please visit www.allaboutcookies.org.

  1. 4.      Why do we capture and store your personal information?

We will only process your personal data, in accordance with applicable law, for the following purposes:

(a.)             responding to your queries, comments, complaints and requests;

(b.)             managing and administering your user account;

(c.)             processing your bookings or cancellations;

(d.)             delivering any services, products, information requested by you, including newsletters. We may then send electronic messages at appropriate intervals to the e-mail address you gave us, which may also contain topic-specific advertisements along with editorial information on our products and services. In deciding whether or not to join such lists, please note that they are only used for internal purposes and we do not sell or rent our subscription lists to anyone. You can unsubscribe at any time by email to unsubscribe@roccofortehotels.com or clicking on any of our unsubscribe links or by phone on +44 (0)20 7321 2626. Please note your enquiries will be received during UK office hours and we will aim to respond to your enquiry as soon as reasonably possible;

(e.)             providing you with a customised and premium service. Our goal is to provide you with a personalised customer service before, during and after your stay, whether you are a new or a returning customer. For these purposes we may create a profile including your user account as well as online session data. We store transaction information in our Property Management Systems (“PMS”), including the number of stays you have had at Rocco Forte Hotels. This information may also include details of the number of nights of each stay you have had with us and the number of reservations you made in our Restaurants and in our Spa Outlets. In order to serve you better, this information is available to all Rocco Forte Hotels when you make a reservation and may be used for profiling purposes;

(f.)              verifying your identity, when required; 

(g.)             communicate with you about, and administer your participation in, special events, programs, surveys, contests, sweepstakes, and other offers or promotions;

(h.)             display content on our websites and apps, such as stories, product reviews, comments and photos, provided by you;

(i.)               allowing you to participate in interactive features of our apps and websites, when you choose to do so;

(j.)               process claims we receive in connection with our websites, products and services;

(k.)             handling any job application that you may make to us and managing your login details on our careers platforms;

(l.)               implement and enforce our general terms and conditions of business or any other agreements concluded with you;

(m.)           enabling our suppliers and service providers to carry out certain functions on our behalf, including the hosting of our websites, apps and booking platforms, verification, technical, logistical or other functions, as may be required, in order to make available our website and services. For example, when you make a reservation your credit card number will be verified using by the card provider, but we do not authorise any payments at this point;

(n.)             administering financial operations, including credit checks and debt recoveries;

(o.)             sending you personalised marketing communications and alerts requested by you;

(p.)             serving personalised advertising to your devices,includingdelivering ads based on your interests ascertained from your past searches, visits of subpages on our websites, and other data obtained through the use of “cookies” placed on your devices. Please see our Cookie Statement above;

(q.)             ensuring the security of your user account and our business;

(r.)              preventing or detecting fraud or abuses of our websites, products and services, for example, by requesting verification information in order to reset your account password;

(s.)              administering technical aspects of our website, including troubleshooting, diagnosis of technical and service problems, testing, encryption and similar operations;

(t.)              for internal business operations, includingdata analysis, research, trend analysis, statistical and survey purposes, for example to gather demographic information about our users, determine how much time users spend on webpages of our website and to gather information on how our users navigate through our website. We may wish to contact guests to conduct surveys or focus groups to receive your views on our properties and service delivery. Occasionally we will combine information from a number of guests to better understand trends and guest expectations. When this occurs, all identifiers are removed and the aggregate information cannot be linked to any specific guests;

(u.)             developing and improving our websites, products and services and determining the effectiveness of our business efforts, for example, by reviewing demand for websites, products and services and user comments or other contributions; and

(v.)             to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law. We also record information to comply with financial reporting requirements, including those imposed by auditors and government regulators. We may also collect certain information as required by local laws (e.g. passport number, name of all sleepers’ including kids and partners).

  1. 5.      Legal basis for processing

The legal basis for our processing of your personal data for the purposes described above will typically include:

  • processing necessary to fulfil a contract, such as website terms or booking contract, that we have in place with you, such as the processing for the purposes set out in paragraphs 4 (a.), (b.), (c.), (d.), (e.), (f.), (g.), (h.), (i.), (j.), (l.), (m.) and (n.);
  • processing necessary for our or a third party’s legitimate interests, such as the processing for the purposes set out in paragraphs 4 (f.), (g.), (h.), (j.), (k.), (l.), (o.), (p.), (q.), (r.), (s.), (t.) and (u.), unless consent is required under applicable law;
  • your consent, such as the processing for the purposes set out in paragraphs 4 (o.) and (p.), where such consent is required under applicable law; and
  • processing necessary for compliance with a legal obligation to which we are subject, such as the processing for the purposes set out in paragraph 4 (v.); and
  • other applicable legal grounds for processing.
  1. 6.      Disclosure of your information

There are circumstances where we wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:

  • to our subsidiaries, affiliates, branches or associated offices;
  • to our partner hotels and resorts which we manage on behalf of third party owners. We may share your booking information with such third party owners where it is necessary to fulfil your booking. In addition, health and safety related data or preference information may be shared to enhance your guest experience. Please note if we cease to manage a particular property, all Personal Information remains with us. However, guest information required to process pending reservations and information that is historically shared with the property owner is retained by the property owner.
  • to our outsourced suppliers and service providersin order for themto facilitate the provision of our website, services or content to our users. For example, when you make a reservation via our website or one of our Apps, your information will be transferred to our property management systems in order to complete your booking;
  • to the payer, such as your employer. If your stay has been paid for by a third party we will provide billing information to such paying party;
  • to our analytics partners such as a customer relationship management company and/or a marketing and communications company for statistical and analysis purposes. For example, survey information may be collected by a third party under contract with us;
  • to our advertising partners who enable us to deliver personalised ads to your devices or similar advertising. If you do not wish to receive such ads, please opt out using the tools explained in paragraph 3;
  • subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe at any time;
  • to third party residential property developers. The particular developer's website can be consulted for the developer's policy on the collection, storage and use of such information.
  • to third party service providers and consultants, for example, in order to protect the security or integrity of our business, including our databases and systems and for incident response or business continuity reasons;
  • to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company or new owner.
  • to public authorities where we are required by law to do so; and
  • to any other third party where you have provided your consent.

Our websites may feature blogs, forums and discussion groups. Please be aware that some or all of the information you provide (including Personal Information) in connection with these activities may be made publicly available.

  1. 7.      How is my Personal Information secured?

We endeavour to protect the privacy of your account and other Personal Information that we hold in our records. Unfortunately, we cannot always guarantee complete security. Unauthorized entry or use, hardware or software failures, and other factors, may compromise the security of user information.  Also, while we endeavour to put adequate contractual protections in place we cannot guarantee the security of any Personal Information in databases hosted by third parties.

Each Rocco Forte Hotels property stores Personal Information in a secure location, be it a database, PMS, marketing and research database or a filing cabinet. Furthermore, we take steps to ensure that only designated individuals have access to this information. In addition, due to the personal nature of the information you provide when making a reservation through our website or mobile Apps, Rocco Forte Hotels employs encryption technology to keep your data secure. In relation to sharing, Personal Information obtained by Rocco Forte Hotels or third party Reservation offices will be sent in a secured communication to the relevant hotel or resort.

When you log-in to complete or modify a Booking Profile or a Guest Service Profile, your online interaction with us is protected from eavesdropping using the highest level encryption technology based on the browser you use. In order to ensure your privacy and the protection of information you choose to share with us, we allow only encrypted communications from all of our web forms.

Credit card information is transmitted and stored in encrypted format and only unencrypted when required for taking payments or guaranteeing future stays. Access to unencrypted credit card details is restricted to designated individuals as per PCI DSS industry best practise.

We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) technology, which encrypts information you input and which is certified by the Secure Server Certification Authority. We reveal only the last four digits of your credit card numbers when confirming a reservation or processing on-line purchase transactions. Of course, we transmit the entire credit card number to the appropriate credit card company for verification or during payment. It is important for you to protect yourself against unauthorized access to your password and to your computer. Be sure to sign off when you have finished using a shared computer.

It is important to note that e-mail communication are not secure. This is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the “Contact Us” section of our web site). We recommend that you do not include any confidential information (i.e. credit card information) when using e-mail. For your protection, our e-mail responses to you will not include any confidential information.

Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion.

  1. 8.      Is my Personal Information transferred overseas?

We may transfer your information outside of the country in which it was collected (including to countries where we have hotels under development or operation) for various reasons. These reasons include: the purpose of entering into or fulfilling a contract with you, reserving a room, processing on-line purchase transactions, replying to or taking actions in response to your enquiries or requests, for processing by us or on behalf of the hotels and residences properties managed by us, enhancing personalization of services provided to you, communicating news and promotions to you relating to Rocco Forte Hotels related products and services and other products and services we think may be of interest to you, and statistical and analysis purposes. Our core business systems, including property management systems, are located in data centres within EEA or US or Russia. 

Such transfer of data may be to a country which may not provide the same level of privacy protection as that provided by the country in which the information was collected. However, we will take reasonable steps (including entering into data transfer agreements based on the European Commission model clauses, where required) to ensure that your data is adequately protected by using appropriate technical, organisation, contractual or other lawful means. If you are located in the European Economic Area or the UK, you may contact us for a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances.

  1. 9.      How long is my Personal Information retained?

Your personal data will be retained for as long is reasonably necessary for the purposes listed above or as required by applicable local law. Please contact us for further details of applicable retention periods.

We may keep an anonymized form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

  1. 10.   Your rights

If you wish to exercise any of your rights in relation to your Personal Information, please send your request using the following method of communication.

Right to make subject access request (SAR)

We understand that you may like to know what Personal Information we hold about you. We are happy to assist you with your request. However, to protect your Personal Information we require that you prove your identity to us at the time your request is made. You may also make a request by email.

When you make a request, we will require you to produce some form of photo identification such as a passport or a driver's license and you may be asked to sign a request form. If the request is made in writing via email or letter we require other information so we can check them with our files and satisfy ourselves as to your identity.

The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Personal Information.

Rocco Forte Hotels will respond to any enquiries as soon as possible but no later than within the timeframes prescribed by law.

Rocco Forte Hotels reserves the right to decline access to your Personal Information under certain circumstances, as permitted by law. If your Personal Information is not disclosed to you, you will be provided with the reasons for this non-disclosure.

If you are a My RF Account holder you can access a subset of your guest information on /account/login/ or through the RF Mobile Apps and using your username and password to access your Personal Information.

Right to object to processing, including automated processing and profiling

If at any time you wish for your Personal Information to be deleted from our guest database and systems, or wish to not be part of our profiling module, please contact us.

Rocco Forte Hotels will aim to respond to your enquery within 72 hours. However it might take up to 7 days to have your profile deleted from all our systems.

Right to rectification

Youmay request that we rectify any inaccurate and/or complete any incomplete personal data. 

Right to withdraw consent

You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.

Right to erasure

Youmay request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.

Right to data portability

In certain circumstances, youmay request that we provide your personal data to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services. Although we do not consider that this is relevant to our services, we will comply with such transfer request as required by law. Please note that a transfer to another provider does not imply erasure of your Personal Data which may still be required for legitimate and lawful purposes.

Your right to lodge a complaint with the supervisory authority

We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. A list of EU national data protection authorities can be found here.