Speybank Limited (‘The Company’)(UK company number SC277631. Registered address - Knockendarroch Hotel,
Higher Oakfield, Pitlochry, PH16 5HT) operates Knockendarroch Hotel & Restaurant in Pitlochry.
The Company stores and uses Guest Data as follows
Guest Data is restricted to basic details provided by the guest - name, address, phone number, email
address and guest specific requests.
Guest Data is held securely in paper form on-site and on electronically by our software and service
We have data sharing agreements in place with each of our service providers – Welcome Anywhere which
provides our secure, web-based hotel management and booking system and Web Smart Media, our webmaster and
email database controller.
Guest Data is held purely for the purposes of managing Knockendarroch Hotel bookings and for contacting
guests on legitimate and necessary Knockendarroch Hotel business. This will include the occasional
newsletter email (approximately quarterly) with Knockendarroch Hotel specific news and offers. Each
newsletter will contain an ‘Unsubscribe’ button which can be activated at any time.
Guest Data is not used by, or sold to, any third party.
Electronic Guest Data will be held until the January following the 5th anniversary of the guest’s most
recent visit to Knockendarroch Hotel. Guest Data held in paper form will be destroyed in the second month
following the visit to the hotel. Email addresses in the marketing database that have not opened a
newsletter in the previous 12 months will deleted from the database each January.
For completeness, an annual audit of electronic Guest Data is carried out to ensure old data is removed and
destroyed. Old electronic data is deleted from the relevant database and related emails are deleted.
Transmission of Data Overseas - The Company will not transfer Guest Data overseas.
Access to and rectification or erasure of personal information
Our guests have the right to access, rectify or request erasure or restriction of processing of any
information The Company may have collected, at any time, subject to the prevailing Data Protection
legislation in force at that time.
If you would like to do so, or if you have any other queries about this policy, please contact our Data
Compliance Officer, Struan Lothian at firstname.lastname@example.org. Any comments or complaints should also
be directed to Struan Lothian at the same address.
Training of Data Processors and Data Breaches
Data Processor numbers are kept to a minimum. They include Struan Lothian, Louise Lothian and up to three
Front of House Managers.
Each Data Processor has a personal, secure login and password for the Hotel Management System and only Data
Processors can access the locked cabinet storing paper-based Guest Data.
Paper booking forms are signed by the Data Processor and together with the use of personal logins for the
Hotel Management System means that there is a sound audit trail in operation.
Data Processors receive training on an annual and ongoing basis regarding The Company’s policies and,
changes to policies, regarding the handling of Guest Data.
The Company’s Data Breach Policy follows the protocols defined by the GDPR legislation.
The Company regularly asks its Webmaster to review the knockendarroch.co.uk website for GDPR compliance and
makes updates as appropriate. The website uses the HTTPS protocol and is in addition otherwise currently
The Internet is inherently insecure. Personal information submitted by means of the Internet may be
vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is
at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal
information is stored in a secure manner. However, we shall have no liability for disclosure of data due to
errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as
‘Hacking’. Any transmission of personal information on or through the use of our website is at your own
Cookies are small pieces of data that websites store in their visitors' web browsers. Other
technologies, including data we store on your web browser or device, identifiers associated with your
device, and other software, are used for similar purposes. In this policy, we refer to all of these
technologies as "cookies".
Cookies help to improve our services and give you a better experience. For example, they can show us which
pages people visit most often, and which are not getting as much attention
If you wish to block cookies you can do this in your browser settings; you can learn more about cookies and
how to block them
If you provide us with your email address we may send you emails, either in reply to specific enquiries
(such as one made using a contact form) or if you have opted in to our email newsletters. You have the
ability to opt out of any of this communication at any time.
We will never provide your personal information or email address to any third parties except where they are
specifically employed to help deliver our own services.
Our email marketing lists are also managed by our webmaster, Web Smart Media. Therefore, some personal information may be shared with
them for marketing purposes.
Facebook, Twitter and other social networks
These services provide social buttons and similar features which we use on our website - such as the
"Like" and "Tweet" buttons. To do so we embed code that they provide and we do not
control ourselves. To function, their buttons generally know if you're logged in; for example Facebook
uses this to say "x of your friends like this". We do not have any access to that information, nor
can we control how those networks use it. Social networks therefore could know that you're viewing
this website, if you use their services (that isn't to say they do, but their policies may change). As
our website is remarkably inoffensive we imagine this is not a concern for most users.
We measure visitors to our website using Google Analytics. This records what pages you view within our
site, how you arrived at our site and some basic information about your computer, such as the web browser
you use and the screen resolution. All of that information is anonymous - so we don't know who you are;
just that somebody visited our site. The information we collect from analytics helps us understand what
parts of our sites are doing well, how people arrive at our site and so on. Like most websites, we use this
information to make our website better. Any data collected by Google Analytics that is associated with
cookies, user identifiers or advertising identifiers is retained for a period of up to 26 months. You can
learn more about Google Analytics or opt out if
We use Welcome Systems Limited to take bookings through our website. We do this to provide a reliable and
secure booking process while concentrating on our real business of hospitality. Any personal information you
share when making a booking will be shared with Welcome Systems Limited in order to process it. You can
learn more about Welcome Systems and their approach
Buying gift vouchers
When you order a gift voucher on our website we will record specific personal information about you, such
as your name and email address.
We also log account and transaction history for accounting purposes, and to monitor our business
activities. Your information whether public or private, will not be sold, exchanged, transferred or given to
any other company for any reason whatsoever, without your consent, other than for the express purpose of
delivering the purchased product or service requested.
We use Stripe to process deposit payments made on the website. By using a third party payment processor
such as Stripe we avoid ever coming into contact with your sensitive payment information. When you provide
payment details on our website they are sent to Stripe in tokenised format directly for processing. Less
sensitive information, such as your name, email address, and address will be shared with us in order to
processes your purchase.
We also use Stripe to process Gift Voucher payments made on the website. By using a third party payment
processor such as Stripe we avoid ever coming into contact with your sensitive payment information. When you
provide payment details on our website they are sent to Stripe directly for processing. Less sensitive
information, such as your name, email address, and address will be shared with us in order to processes your
Please note that we have six (secure network) Wi-Fi enabled cameras covering reception, the lounge and the
restaurant. These cameras are primarily used to allow us to maximise the quality of service we provide our
guests during service hours. These five cameras only make (movement triggered) recordings between 10.45pm
and 7.45am which helps us increase hotel security during the night. There are three further cameras covering
the front door and the back door of the hotel and two covering the entrances at Larch House. These cameras
record guests, staff and delivery drivers coming and going from the hotel 24 hours a day and are used for
security and fire safety purposes as recommended by Police Scotland. Only senior management has access to
the live pictures or the recordings. Recordings are not routinely reviewed and are automatically deleted
after seven days.