PRIVACY NOTICE

As a guest (including potential guests) of Chiltern Firehouse (“Firehouse”, “we”, “us” and “our”) or as a visitor to our website, we wish to inform you that we will process your personal data on the basis described in this notice. Chiltern Firehouse, or simply the Firehouse, is the principal brand operated by Chiltern Street Hotel Limited. When you visit the Firehouse’s website (https://www.chilternfirehouse.com/) or come to the Firehouse (located at 1 Chiltern Street London W1U 7PA), your personal data will be dealt with (i.e. processed) in line with this notice.

1. The type of personal data we collect

We generally collect and process the following types of personal data.

Information concerning your use of our website and, for guests of the Firehouse, our services.
Personal information including, for example, your name, address, contact details and, for guests of the Firehouse, other identifying or personal information to allow us to personalise your stay and offer a more tailored service and experience, including (if you share it with us) personal information such as aliases/nicknames, date of birth, marital status, names of friends affiliates and family members travelling with you and your/their interests and preferences.
For guests of the Firehouse, health data (for example, as may be relevant to your dietary requirements or to help ensure your stay with us is as comfortable and safe as possible).

For guests of the Firehouse, passport/travel document information and information such as your transaction history, reservation information, products/services purchased, obtained or considered, , and financial and transaction data, including bank account and payment card details and information about payments from you.

We may also process a limited amount of personal data belonging to friends of guests (i.e. anyone who visits the Firehouse at their invitation). In this notice, references to guests should, where applicable, be taken to include their friends who visit us in that context.

2. How we collect your personal data and why we have it

Whether a guest of the Firehouse or a visitor to our website, most of the personal data is provided to us directly by you. If you are part of a group of guests, then it may be provided by one of the other members of your party.We may also, for guests of the Firehouse, receive personal data from the following sources in the following scenarios:

Through travel agents and online travel agents
Through Lifestyle concierges (payment details, names)
Via App based reservations systems (name only)
Any PAs and/or production assistants our guests may appoint to act on their behalf

Please let us know if any of your personal data you have provided, or that you believe we may have received from a third party, needs to be corrected or updated.

3. Why we process your personal data

Principal uses of your personal data for visitors to the website and guests of the Firehouse, we will use your personal data to interact with you regarding your use of the website and to respond to any questions you may have about the Firehouse or our services. For guests of the Firehouse, we will additionally use your personal data to interact with you regarding your visit to the Firehouse and in relation to its hospitality and other services that you have used, have requested, or may be interested in. This will include the provision of hospitality and accommodation as well as more tailored services and special requests. Other uses of your personal data for visitors to the website and guests of the Firehouse, we will also use your personal data for some or all of the following purposes.

To offer our services to you in a personalised way.
To communicate with you about our services, including services you have requested from us and other information which we consider may interest you or be relevant to you.
To notify you about changes to our services.
To deal with any enquiries or complaints you or others make.
To administer all other aspects of our relationship with you, including to keep business and accounting records, to carry out office administration, to administer and process payments you make, to verify your identity where required to use any of our services, and as otherwise required or permitted by law or in connection with running our business.
To analyse and understand how people use our website and/or services and to improve and develop our relationships with our guests.
To comply with applicable laws and regulations and requests from relevant agencies and/or authorities.
To protect our rights, interests and/or property, and/or that of our partners, you or others.
To protect, enforce or defend our legal rights.

Sharing your personal data with others We do not, and never will, sell your information to a third party without your express consent.We may share your personal data with some or all of the following.

Other members of the corporate group to which the Firehouse belongs.
The Firehouse’s administrative support team
For guests of the Firehouse, banks and payment services providers to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds
For guests of the Firehouse, Law enforcement officials, health professionals or others for compliance with a legal obligation, or a duty of care, to which we are subject, or in order to protect your vital interests or the vital interests of another person
Organisations that store and process information on our behalf, such as carefully selected service providers who work with us to help provide our services or to provide complementary services that support what we do (including administrative support and services, IT/data storage providers, maintenance services, security services, ancillary or supplementary hospitality services, and marketing / PR agencies)
Our insurers and/or professional advisers (such as lawyers and accountants) insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
IT service providers, website and IT/database server providers
For guests of the Firehouse, in connection with the exchange of information for fraud protection and credit risk reduction
For guests of the Firehouse, when providing concierge services (e.g. booking restaurants, travel and entertainment) we will provide personal data, contact information and payment information to applicable third-party vendors.

Exceptional situations We may also disclose your personal data in the following cases:

Where such disclosure is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure
If it is necessary in connection with the transfer of all or part of our business to a third party or in connection with the transfer of all or some of our rights and duties relating to the provision of products or services to you.

Whenever your personal data is transferred to a third party, we will always seek to ensure that it will be adequately protected.

4. Lawful bases for processing your personal data

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing your personal data are:

Contractual necessity: If it is necessary for the performance of our contract with you (applicable to guests and others with whom we enter into contracts – such as suppliers, contractors, advisers and consultants etc.).
Legal obligations: It is necessary so that we can comply with our legal obligations (such as health and safety laws, discrimination and equality legislation and other compliance-related legislation etc.). This basis will predominantly relate to guests of The Firehouse.
Vital interests: It is necessary to protect your vital interests or those of another person (e.g. if there are food allergies etc. of which we need to be aware, or if we need to inform you or another person in connection with any allergies you may have). This basis is only likely to relate to guests of The Firehouse.
Legitimate interests: It is necessary in connection with our legitimate interests and those interests are not overridden by your interests or your fundamental rights and freedoms. This includes communications with you about our services and using your personal data in connection with our own legal and compliance risk management.
Consent: When we seek your consent, we will try to ensure the process by which we obtain it means your consent is freely given, specific, informed and unambiguous. In such cases, you are allowed to withdraw or modify your consent at any time. You can do this by emailing us at dp@chilternfirehouse.com.

Where we process health etc. personal data, which constitutes a special category of personal data (as described in article 9 of UK GDPR), we will routinely seek your explicit consent to that process. This will only relate to guests of the Firehouse. Where we seek your consent, you understand that such consent may be a condition of our providing the services to you and that, where that is the case, if you withhold or withdraw your consent, we may not be able to provide you with certain services.

5. How we store your personal data

Your personal data is securely stored on our servers which are located in the United Kingdom. We retain financial data belonging to guests for 12 months after the relevant visit or stay. We retain guests’ other personal data for the duration of our relationship. In practice, this may mean we retain guests’ personal data indefinitely as part of our commitment to offering a tailored and distinctive guest-experience. We retain the data of website visitors for up to 12 months following their last visit to the website. Following the relevant period, your personal data are deleted. If you would like your personal data to be deleted sooner than that, please let us know in writing. We will dispose of your personal data by shredding hard-copy documents and permanently deleting all electronic records from our devices.

6. Your data protection rights

Under data protection law, you have rights including:

Access – you can ask for a copy of your personal data.
Rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data.
Erasure – you can ask us to erase your personal data in certain circumstances.
Restriction of processing – you can ask us to restrict the processing of your personal data in certain circumstances.
Object to processing – you can object to the processing of your personal data in certain circumstances. This applies, in particular, where the lawful basis on which we process your personal data is our legitimate interests.
Data portability – you can ask that we transfer your personal data to another organization, or to you, in certain circumstances.
Make a complaint – you can complain to a supervisory authority (in the UK, this is the ICO - see below) about our processing of your personal data.
Withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent at any time. You can do this by emailing us at dp@chilternfirehouse.com.

You are not required to pay any charge to us for exercising your rights. If you make a request, we will endeavour to respond promptly and within any legally prescribed timeframes. These rights are subject to certain limitations and exceptions. You can learn more about these rights by reading the ICO guidance on your rights. Please contact us using the data controller details set out below if you wish to exercise any of your data protection rights or if you have any questions about this notice.

7. Data Controller

Chiltern Firehouse (Chiltern Street Hotel Limited) is registered with the Information Commissioner’s Office (ICO) as a data controller for the personal data that it processes. The Firehouse’s registered address for these purposes is: Edison House 223 -231 Old Marylebone RoadLondonNW1 5QT
Our phone number is: 020 7073 7676You can contact us by email at: dp@chilternfirehouse.com Our registration number with the ICO is ZA182815

8. How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at dp@chilternfirehouse.com You can also complain to the ICO if you are unhappy with how we have used your personal data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk