Privacy Policy

Information you provide to us
You may give us information by filling in forms, setting up a user account, subscribing to newsletters, making or cancelling a booking, making job applications, uploading information on our website, using our contact form, participating in surveys or promotions, or by contacting us by e-mail, phone or otherwise. This may include your name, email address, billing address, date of birth, room preferences or special requests, phone number, guarantee and deposit information and the content of any email you send to us. You are under no obligation to provide this information, but without it, we may be unable to respond to you and to provide you with the requested services, content or information.

Information collected during your stay
We record your itemised spending and other expenses billed to your room. Information particular to your stay may also be stored, such as service requests, special preferences or health-related requests (which may constitute sensitive personal information; see Section 4 below). Images of you may be captured by CCTV in public areas of our properties such as lobbies and car parks.

Information we collect automatically
With regard to your website visits or app use we may collect: technical information (IP address, browser type, time zone, operating system); and information about your visit (URL clickstream, pages viewed, page response times, download errors, length of visits and page interaction information).

Rocco Forte Friends Programme
Information regarding your preferred methods of communication, booking interests and service and travel preferences, used to personalise your account and provide tailored benefits and offers, subject to your consent where required.

Special category / sensitive personal information
We do not collect special category personal data (such as health data, dietary requirements, mobility requirements, disabilities or medical conditions) unless voluntarily provided by you. Where you share such information, we will use it only with your explicit consent, solely for the purpose of tailoring our service to your needs and ensuring your safety, and will only share it with processors acting on our behalf for that specific purpose. Please also see Section 13 regarding the broader definition of sensitive personal information under Chinese law.

Information from third-party sources
We may receive information from credit reference agencies, online travel agents and other service providers. In preparation for your stay, and in order to provide you with outstanding customer service, we may collect your photograph from publicly available sources so that we can recognise you upon arrival.

Cookies We Use
Strictly necessary cookies. These are essential for our website to function. Security and anti-fraud cookies are also treated as strictly necessary. Without these, we would not be able to provide you with services such as enabling appropriate content through your device.

Performance / analytics cookies. These are used to measure website performance and improve your experience of our website. These cookies are used to collect technical information such as the number of pages visited, which parts of our website are clicked on and the length of time between clicks. All information these cookies collect is aggregated and therefore anonymous. You may opt out of these cookies, but if you do not allow them, we will not know when you have visited our site, and will have less ability to monitor its performance and make appropriate improvements.

Functionality cookies. These are used to recognise you and provide enhanced personalisation during your use of our website, such as greeting you by name and remembering your preferences.
Targeting cookies. These cookies are used to collect information about your browsing habits in order to make advertising more relevant to you and your interests. They do not directly store personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will continue to receive advertising, but this may be less targeted to your interests

Enhanced Conversion Tracking. A Google Analytics 4 feature. Only deployed if you accept targeting cookies and you may opt out at any time.

Managing Your Cookie Preferences
When you arrive on our website, only strictly necessary cookies are installed automatically, along with analytics and functionality cookies as described above. A cookie management banner allows you to adjust your preferences or opt out. If you do not accept any cookies then we will not enable any cookies, other than those that are strictly necessary for the operation of our website. However, if you choose to block all cookies, you may not be able to fully experience the interactive features of our website, our platforms and our services.

We may process your information in accordance with the law as required in order to:

(a) respond to and process your queries, comments, complaints and requests;

(b) process your bookings or cancellations, deliver the services you request, manage your account and send you service communications;

(c) provide a customised and premium service, including customer service before, during and after your stay, and create a guest profile to increase communication relevance;

(d) display guest-contributed content on our websites and apps;

(e) handle job applications, carry out recruitment profiling, manage careers platform logins and use assessment tools. Where AI-assisted recruitment tools are used, we will provide additional information about the logic involved and applicable safeguards;

(f) enable suppliers and service providers to carry out functions on our behalf, including website hosting, verification, technical, logistical or other functions;

(g) send you personalised marketing communications and serve personalised ads to your devices, subject to your consent or as otherwise permitted by law;

(h) administer your participation in special events, programs, surveys, contests, and other offers and promotions;

(i) administer our business including financial operations, credit checks and debt recoveries;

(j) ensure the security of your account, our premises and our business, including CCTV monitoring, identity verification, fraud prevention and enforcement of our terms and conditions;

(k) carry out data analysis, statistical research and trend analysis to develop and improve our websites, products and services;

(l) carry out automated decision-making and profiling within the Rocco Forte Friends Programme to provide customised offers and benefits tailored to your preferences and booking history. This processing is carried out on the basis of your consent, which you may withdraw at any time.

(m) comply with applicable law, including financial reporting, regulatory, court or authority requests, and local law requirements (e.g. passport and co-occupant details); and

(n) ask you to confirm your digital marketing channel preferences and consent.

The legal basis for our processing will typically be:

• Contract: for purposes (a), (b), (c) and (d);
• Legitimate interests: for purposes (e), (f), (h), (i), (j) and (k), including intra-group sharing for internal administration and network security, which are recognised legitimate interests under the UK GDPR as amended by the Data (Use and Access) Act 2025;
• Consent: for purposes (g) and (l), and for personalised marketing profiling within the Rocco Forte Friends Programme. Consent may be withdrawn at any time;
• Legal obligation: for purpose (m); and
• Explicit consent / Article 9 UK GDPR: for special category personal data such as health or dietary information.

If you would like us to stop sending you marketing communications you may use the opt-out link here, the unsubscribe link in our marketing communications. Although we encourage you to use the opt-out link because it is automated, you may also send us a request by phone. Please note your enquiries will be received during UK office hours and we will aim to respond as soon as reasonably possible.

If you, or another user of your device, wish to withdraw your cookies consent at any time, you have the ability to accept or decline cookies by modifying your browser setting. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website, content and services. For more information about which cookies may be placed on your device and how to opt-out, please access the tools of the DAA here, Your Online Choices here or NAI here. In some instances, when you opt-out, a new cookie (Opt-Out-Cookie) is placed in your web browser. This tells the third party provider to cease data collection from your browser and prevents advertisements from being delivered to you.

We may disclose your information in accordance with the law to:

• our subsidiaries, affiliates, branches or associated offices, on the basis of recognised legitimate interests for intra-group administrative purposes;
• our partner hotels and resorts which we manage on behalf of third-party owners, where necessary to fulfil your booking. If we cease to manage a property, personal data remains with us, save for guest information required to process pending reservations and historically shared with the property owner;
• the public where you have contributed to our blogs, forums or discussion groups;
• our outsourced suppliers, service providers, consultants, analytics and CRM partners, marketing and advertising partners;
• online travel agents used by you to make a booking or enquiry;
• the payer, such as your employer who pays on your behalf;
• third party residential property developers, subject to your consent;
• legal entities for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, dissolution or similar event;
• public authorities where required by law; and

any other third party where you have given your consent.

We may transfer your information outside of the country in which it was collected for the purposes and to the parties identified above. Our core business systems, including our Property Management System, are located in data centres within the EEA and the US.

Transfers from UK entities: we will satisfy ourselves that the standard of data protection in the recipient country is not materially lower than UK standards (the UK “data protection test” under the Data (Use and Access) Act 2025), or we will put in place a UK International Data Transfer Agreement or other appropriate safeguard.

Transfers from EEA entities: we will ensure EU GDPR transfer conditions are met, including through Standard Contractual Clauses where required.

If you are located in the UK or EEA, you may contact us for a copy of the applicable transfer safeguards.

We endeavour to protect your information through the measures set out below. Unfortunately, we cannot always guarantee complete security. Unauthorised entry or use, hardware or software failures, events outside our control and other factors, may compromise the security of your information. Nevertheless, we will comply with our obligation to implement appropriate technical and organisational measures to ensure a level of security of personal data appropriate to safeguard against the risks of a personal data breach.

Each Rocco Forte Hotels group company stores guest information in a secure location, be it a database, Property Management System, marketing and research database or a filing cabinet. Furthermore, we take steps to ensure that only designated individuals have access to this information. When you log-in to complete or modify a Booking Profile or a Guest Service Profile, your online interaction with us is protected from eavesdropping using encryption technology based on the browser you use. Credit card information is transmitted and stored in encrypted format and only unencrypted when required for taking payments or guaranteeing future stays. Access to unencrypted credit card details is restricted to designated individuals as per PCI DSS industry best practise. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) technology, which encrypts information you input and which is certified by the Secure Server Certification Authority. We reveal only the last four digits of your credit card numbers when confirming a reservation or processing on-line purchase transactions.

It is important to note that e-mail communications are not secure. There is a risk inherent in the use of email. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the “Contact Us” section of our website). We recommend that you do not include any confidential information (i.e. credit card information) when using email. For your protection, our email responses to you will not include any confidential information.

Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion. Be sure to choose strong login credentials when setting up an account and protect yourself against unauthorised access to your password and to your computer.

We retain personal data for as long as necessary for the purposes described in this notice, including to provide our services to you, manage our relationship with you, comply with legal, tax, accounting, regulatory and reporting obligations, resolve disputes, enforce our agreements and protect our business.   To the extent permissible by applicable law, we retain personal data for as long as necessary to fulfil the following:

• the purposes for which that personal information was provided,
• an identifiable and ongoing business need, including record keeping,
• a specific legal or regulatory requirement, and/or
• a requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings.

This section is for parents, guardians and young people under the age of 18.

Our digital services are intended for adults aged 18 and over. If you are under 18, please ask your parent or guardian before using any of our digital services.

We may ask parents and guardians for information about their children (name, age, gender, preferred language) to recognise all our guests and prepare for children's arrival, for example by providing toys and games in your room. Children may also be captured on CCTV in public areas of our properties. We process this information on the basis of our legitimate interests.

Children's higher protection matters. When providing online services that may be accessed by children, we take into account that: (a) children may be less aware than adults of the risks associated with personal data processing; (b) children have different needs and require different levels of protection at different stages of development; and (c) we take steps to protect and support children when they use our services.

With the specific consent of a parent or guardian, we may send children information about activities and events during their stay. To request deletion of a child's data, please contact dataprivacymanager@roccofortehotels.com.

Where applicable data protection laws apply, you may have the following rights. To exercise any right, please email dataprivacymanager@roccofortehotels.com. We may verify your identity before responding.

Right of Access. To request confirmation of whether we process personal data about you and, where applicable, a copy of that data. We will carry out reasonable and proportionate searches. We will respond within one month or as otherwise required by law.

Right to Rectification. To request correction of inaccurate or incomplete personal information.

Right to Withdraw Consent. Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.

Right to Object. To object to direct marketing (including related profiling) and to certain other processing based on legitimate interests.

Rights relating to automated decision-making. Where a decision is based substantially on automated processing and significantly affects you, you have the right to: (a) be informed; (b) make representations; (c) request human review; and (d) contest the outcome.

Right to Restriction. To request restriction of processing in certain circumstances.

Right to Erasure. To request deletion of your personal information where it is no longer needed for the purpose for which it was collected, subject to overriding legal grounds.

Right to Data Portability. To request your personal data in a structured, machine-readable format, or transfer to another provider where technically feasible.

We do not generally charge a fee for valid requests, though we may charge where permitted by law for manifestly unfounded, excessive or repetitive requests.

Our formal complaints process

If you are based in the UK, in accordance with the Data (Use and Access) Act 2025, we operate a formal data protection complaints process.

To make a complaint about the use of your personal data, you can email us at dataprivacymanager@roccofortehotels.com.

Once we receive your complaint, we will:

• acknowledge within 30 days of receipt, confirming the responsible person or team;
• investigate your concern and contact you for further information if necessary;
• keep you informed of progress; and
• provide our response and outcome without undue delay, including any action taken or reasons why no action was taken. If the investigation takes longer than envisaged, we will update you at the earliest opportunity.

We maintain a complaints log and aim to resolve all complaints fairly and efficiently. In the event you are not satisfied with the outcome of the complaint, you have a right to escalate your concerns to the Information Commissioner in the UK at ico.org.uk.

Your right to contact a regulator in the EEA

In the EEA: your local data protection authority. However, we would appreciate the opportunity to address your concerns before you contact a regulator.