Privacy Policy
Information about how we collect, use, and protect your personal information
- Introduction
We at The Inn Collection Group are committed to protecting your personal information safeguarding your privacy.
This policy explains how we collect, handle and protect the personal information of our:
-
- guests and customers,
- loyalty programme members.
- website users; and
- job applicants.
- About us
Our company’s legal name is Inn Collection Trading Limited. You can find more details of our company, along with general contact information and information about how to make a complaint, on our Company Details page.
If you have any questions about this privacy notice or how we handle your personal information, please contact our marketing team:
marketingteam@inncollectiongroup.com
We are registered with the UK Information Commissioner’s Office, under registration number ZA131740.
You can complain to the UK Information Commissioner’s Office if you are unhappy with how we have used your data. See:
- The personal data that we collect
In this table we have defined and detailed the categories of personal data that we handle, along with information about the sources of that data.
| Category | Details | Sources |
| Contact data | Names, email addresses, telephone numbers, postal addresses, genders and social media account identifiers
Contact data is included in several of the categories described below |
· You
· Lead guests making bookings on your behalf · Online travel agents and other booking intermediaries
|
| Communication data | Contact data, along with information contained in or relating to any communication that you send to us or that we send to you | · You
· Lead guests making bookings on your behalf · Online travel agents and other booking intermediaries · Our website will generate the metadata associated with communications made using the website contact forms |
| Booking and guest data | Contact data, booking types, periods and other booking details, nationalities, passport numbers or other proof of ID, and guest preferences
This category may include special category data relating to guest health or guest religious/philosophical beliefs, although we do not systematically collect such data |
· You
· Lead guests making bookings on your behalf · Online travel agents and other booking intermediaries
|
| Payment data | Credit and debit card details; bank account details; other payment account details | · You
· Our payment services providers |
| Loyalty programme member data | Contact data, membership numbers, account access credentials and marketing preferences | · You |
| Wi-Fi access data | Name, email address, Wi-Fi login credentials and usage information, marketing preferences | · You
· Cookies set on your device when you create an account or log into our Wi-Fi system (see our Cookies Policy for details). |
| Usage and analytics data | IP addresses, geographical locations, browser types and versions, device operating systems, referral sources, lengths of visits, page views and website/app navigation paths, as well as information about the timing, frequency and pattern of service use | · Our website and app analytics systems (see our Cookies Policy for details) and third party social media platforms |
| Content data | Photographs, text and other content that you send to us or share with us, in circumstances in which you expressly or impliedly agree that we may publish the content | · You
· Social media platforms |
| Job applicant data | Contact data, your CV or resume, proof of right to work in the UK, references, and interview and assessment notes and records
We may also collect information about your ethnic origin and religion/faith as part of the job application process |
· You
· Your referees · Recruitment platforms and other recruitment intermediaries · Public sources |
| Call recording data | Recordings of telephone calls | · You
· Our call recording systems |
| CCTV data | Video footage and associated audio | · The CCTV systems installed in and around our inns |
The information that we collected directly from you may be collected in a range of different scenarios, including, but not exclusively, when you visit or book into one of our inns, when you sign up to our mailing list, when you contact us or interact with us, for example on social media or through our website, and when you apply for a job with us.
- Purposes of processing and legal bases
In this table, we have set out the purposes for which we may process personal data and the legal bases of the processing.
| Purpose and details | Categories | Legal basis |
| Relationships and communications:
Managing our relationships and communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, push notifications, post, fax and/or telephone; providing customer assistance and complaint handling |
· Contact data
· Communication data · Booking and guest data · Job applicant data · Loyalty programme member data · Call recording data |
Legitimate interests:
Communications with our website visitors, customers, guests, members and job applicants; the maintenance of relationships, and the proper administration of our business |
| Operations:
Enabling you to visit and stay in our inns, providing accommodation and/or food and drink, operating our business, processing and management of bookings, providing and other services, supplying goods |
· Contact data
· Communication data · Booking and guest data · Job applicant data · Loyalty programme member data · Call recording data
|
Contractual obligations:
Fulfilment of our contractual obligations owed to you Insofar as we process this data for these purposes otherwise than to fulfil out contractual obligations, our processing will be on the basis of legitimate interests: The proper administration of our business Insofar as our operations involve the processing of special category data, we will do so only with your explicit consent |
| Guest tracing:
Enabling us to comply with UK laws relating to the tracing of hotel guests |
· Booking and guest data (insofar as required to be collected by law) | Compliance with legal obligations:
The processing is necessary for compliance with a legal obligation to which we are subject |
| Financial transactions
Taking payments, handling payment queries and refunds, generating invoices, bills and other payment-related documentation, and credit control |
· Booking and guest data
· Payment data |
Legitimate interests:
The proper conduct of our business |
| Direct marketing:
Creating, targeting and sending direct marketing communications by email, SMS, push notifications and post and making contact by telephone for marketing-related purposes Important: Our direct marketing campaigns are directed only at over-18s |
· Contact data
· Communication data · Booking and guest data · Loyalty programme data
|
Consent:
Explicit opt-ins to the marketing communications in question |
| Publications:
Publishing content on our website, through our social media channels and elsewhere |
· Content data | Legitimate interests:
The promotion of our business and communicating with the public regarding our business |
| Job applications:
Processing your application when you apply for a job with us, including using ethnic origin information for diversity monitoring |
· Contact and communication data
· Job applicant data |
Legitimate interests:
Employing personnel in our business However, when we collect information about your ethnic origin, will process this on the basis of legitimate interests: (our interest in monitoring diversity) and on the basis that the processing is necessary for employment purposes authorised by UK law |
| Research and analysis:
Researching and analysing the use of our services, website and app, and other interactions with our business |
· Booking and transaction data
· Guest data · Loyalty programme member data · Usage and analytics data |
Legitimate interests:
Monitoring, supporting, improving and securing our website, services and business generally |
In addition, we may use any of your personal data for the following general purposes, but only to the extent such use is reasonable necessary for the relevant purpose.
| Purpose | Details | Legal basis |
| Record keeping | Creating and maintaining our databases, back-up copies of our databases and our business records generally | Legitimate interests:
Ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy |
| Physical and information security | Prevention of fraud and other criminal activity | Legitimate interests:
The protection of our website, services and business, and the protection of others |
| Insurance and risk management | Obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice | Legitimate interests:
The protection of our business against physical, legal and other risks
|
| Business transactions | Evaluating and conducting mergers, divestitures, restructurings, reorganisations, dissolutions, sales and other corporate transactions | Legitimate interests:
The management, administration, development and transformation of our business |
| Legal claims | Where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure | Legitimate interests:
The protection and assertion of our legal rights, your legal rights and the legal rights of others |
| Legal compliance and vital interests | Compliance with UK laws and protection of individuals | Compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person |
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for another purpose, we will, where required by law, notify you
- Disclosures and international transfers
We may share any of your personal data with other companies in The Inn Collection Group, for intra-group administration reasons.
We may share guest and booking data with online travel agents and other booking intermediaries, to confirm the booking and the fact you stayed at our inn (for payment purposes). Currently, we make use of the following online booking platforms: Expedia, Booking.com, Agoda, Hotels.com, Ebookers and Trivago; however, this may evolve over time as required by the business. Online travel agents and booking platforms will act as independent controllers of your personal information, and their use of tat information will therefore be governed by their own privacy notices and policies.
We may also disclose or transfer personal data to our suppliers and services providers. In some cases, the use of these suppliers and services providers may lead to the transfer of your personal data outside the UK. In these cases, we will ensure that all such transfers are protected: (a) by an adequacy determination under UK data protection law and, where applicable, under EU data protection law; or (b) by appropriate safeguards, such as the UK’s international data transfer agreement and the EU’s standard contractual clauses. If you would like details of our suppliers and services providers to whom we may disclose or transfer your personal data, please do get in touch
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
In addition to the specific disclosures of personal data set out above, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
- Retaining and deleting personal data
In general, personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows for no longer than the maximum retention period set out in the table below, which begins running in each case on the specified reference date.
| Category | Reference date | Maximum retention period |
| Identity, contact and communication data | The date of the most recent contact between you and us | 7 years |
| Booking and guest data | The last date of your last stay with us | 7 years |
| Payment data | The date of the last transaction using those payment details | 7 years |
| Loyalty programme member data | The date of closure of the relevant account | 3 years |
| Usage and analytics data | The date of collection | 24 months |
| Wi-Fi access data | Last date of access to our Wi-Fi service | 3 years |
| Job applicant data | Date of conclusion of the job application process | 6 months, although if you are successful in your application, we will continue to hold your job applicant data in accordance with our employee privacy policy |
| Call recording data | The date of collection | 6 months |
| CCTV data | The date of collection | 30 days
If an incident (crime, legal dispute, insurance claim) is captured: the relevant footage should be kept until the matter is resolved, even if it exceeds the standard retention period |
Notwithstanding the foregoing, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- Your rights
Your principal rights under data protection law are as follows.
| Title | Details |
| Right of access | You can ask for copies of your personal data |
| Right to rectification | You can ask us to rectify inaccurate personal data and to complete incomplete personal data
|
| Right to erasure | You can ask us to erase your personal data |
| Right to restrict processing | You can ask us to restrict the processing of your personal data |
| Right to object to processing | You can object to the processing of your personal data |
| Right to data portability | You can ask that we transfer your personal data to another organisation or to you |
| Right to complain to a supervisory authority | You can complain about our processing of your personal data |
| Right to withdraw consent | To the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent |
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out above. If you make a request, we have one month to respond to you.
You are not required to pay any charge for exercising your rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
- Amendments
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of significant changes to this policy by email.
Last updated: 1st August 2025