Speybank Limited (‘The Company’)(UK company number SC277631. Registered address - Knockendarroch Hotel, Higher Oakfield, Pitlochry, PH16 5HT) operates Knockendarroch Hotel & Restaurant in Pitlochry.
The Company stores and uses Guest Data as follows
Guest Data is restricted to basic details provided by the guest - name, address, phone number, email address and guest specific requests.
Guest Data is held securely in paper form on-site and on electronically by our software and service providers.
We have data sharing agreements in place with each of our service providers – Welcome Anywhere which provides our secure, web-based hotel management and booking system and Web Smart Media, our webmaster and email database controller.
Guest Data is held purely for the purposes of managing Knockendarroch Hotel bookings and for contacting guests on legitimate and necessary Knockendarroch Hotel business. This will include the occasional newsletter email (approximately quarterly) with Knockendarroch Hotel specific news and offers. Each newsletter will contain an ‘Unsubscribe’ button which can be activated at any time.
Guest Data is not used by, or sold to, any third party.
Electronic Guest Data will be held until the January following the 5th anniversary of the guest’s most recent visit to Knockendarroch Hotel. Guest Data held in paper form will be destroyed in the second month following the visit to the hotel. Email addresses in the marketing database that have not opened a newsletter in the previous 12 months will deleted from the database each January.
For completeness, an annual audit of electronic Guest Data is carried out to ensure old data is removed and destroyed. Old electronic data is deleted from the relevant database and related emails are deleted.
Transmission of Data Overseas - The Company will not transfer Guest Data overseas.
Access to and rectification or erasure of personal information
Our guests have the right to access, rectify or request erasure or restriction of processing of any information The Company may have collected, at any time, subject to the prevailing Data Protection legislation in force at that time.
If you would like to do so, or if you have any other queries about this policy, please contact our Data Compliance Officer, Struan Lothian at email@example.com. Any comments or complaints should also be directed to Struan Lothian at the same address.
Training of Data Processors and Data Breaches
Data Processor numbers are kept to a minimum. They include Struan Lothian, Louise Lothian and up to three Front of House Managers.
Each Data Processor has a personal, secure login and password for the Hotel Management System and only Data Processors can access the locked cabinet storing paper-based Guest Data.
Paper booking forms are signed by the Data Processor and together with the use of personal logins for the Hotel Management System means that there is a sound audit trail in operation.
Data Processors receive training on an annual and ongoing basis regarding The Company’s policies and, changes to policies, regarding the handling of Guest Data.
The Company’s Data Breach Policy follows the protocols defined by the GDPR legislation.
The Company regularly asks its Webmaster to review the knockendarroch.co.uk website for GDPR compliance and makes updates as appropriate. The website uses the HTTPS protocol and is in addition otherwise currently compliant.
The Internet is inherently insecure. Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our website is at your own risk.
Cookies are small pieces of data that websites store in their visitors' web browsers. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. In this policy, we refer to all of these technologies as "cookies".
Cookies help to improve our services and give you a better experience. For example, they can show us which pages people visit most often, and which are not getting as much attention
If you wish to block cookies you can do this in your browser settings; you can learn more about cookies and how to block them here.
If you provide us with your email address we may send you emails, either in reply to specific enquiries (such as one made using a contact form) or if you have opted in to our email newsletters. You have the ability to opt out of any of this communication at any time.
We will never provide your personal information or email address to any third parties except where they are specifically employed to help deliver our own services.
Our email marketing lists are also managed by our webmaster, Web Smart Media. Therefore, some personal information may be shared with them for marketing purposes.
Facebook, Twitter and other social networks
These services provide social buttons and similar features which we use on our website - such as the "Like" and "Tweet" buttons. To do so we embed code that they provide and we do not control ourselves. To function, their buttons generally know if you're logged in; for example Facebook uses this to say "x of your friends like this". We do not have any access to that information, nor can we control how those networks use it. Social networks therefore could know that you're viewing this website, if you use their services (that isn't to say they do, but their policies may change). As our website is remarkably inoffensive we imagine this is not a concern for most users.
We measure visitors to our website using Google Analytics. This records what pages you view within our site, how you arrived at our site and some basic information about your computer, such as the web browser you use and the screen resolution. All of that information is anonymous - so we don't know who you are; just that somebody visited our site. The information we collect from analytics helps us understand what parts of our sites are doing well, how people arrive at our site and so on. Like most websites, we use this information to make our website better. Any data collected by Google Analytics that is associated with cookies, user identifiers or advertising identifiers is retained for a period of up to 26 months. You can learn more about Google Analytics or opt out if you wish.
We use Welcome Systems Limited to take bookings through our website. We do this to provide a reliable and secure booking process while concentrating on our real business of hospitality. Any personal information you share when making a booking will be shared with Welcome Systems Limited in order to process it. You can learn more about Welcome Systems and their approach to privacy.
Buying gift vouchers
When you order a gift voucher on our website we will record specific personal information about you, such as your name and email address.
We also log account and transaction history for accounting purposes, and to monitor our business activities. Your information whether public or private, will not be sold, exchanged, transferred or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
We use Sagepay to process deposit payments made on the website. By using a third party payment processor such as Sagepay we avoid ever coming into contact with your sensitive payment information. When you provide payment details on our website they are sent to Sagepay in tokenised format directly for processing. Less sensitive information, such as your name, email address, and address will be shared with us in order to processes your purchase.
We use Stripe to process Gift Voucher payments made on the website. By using a third party payment processor such as Stripe we avoid ever coming into contact with your sensitive payment information. When you provide payment details on our website they are sent to Stripe directly for processing. Less sensitive information, such as your name, email address, and address will be shared with us in order to processes your purchase.
Please note that we have five Wi-Fi enabled cameras covering reception, the lounge and the restaurant. These cameras are primarily used to allow us to maximise the quality of service we provide our guests during service hours. These five cameras only make (movement triggered) recordings between 10.45pm and 7.45am which helps us increase hotel security during the night. There are three further cameras covering the front door and the back door of the hotel. These cameras record guests, staff and delivery drivers coming and going from the hotel 24 hours a day and are used for security purposes as recommended by Police Scotland. Only senior management has access to the live pictures or the recordings. Recordings are not routinely reviewed and are automatically deleted after seven days.