Staying Cool's Privacy Policy - Transparency around data is key

We like to keep things simple and transparent at Staying Cool. Hopefully, we’ve done that with our GDPR privacy policy.

The aim of this document is to:

Set out the data we require from our guests
Explain why we need the data
Explain how we use it
Let you know why we retain guest information after a stay

Who are we?

We are an independently-owned apartment hotel operator, based in Birmingham, providing overnight accommodation to guests – Stayingcool Group Ltd. Our registered office is:

c/o Richard Smedley
Woodside House
261 Low Lane
Leeds LS18 5NY

Company No: 0983144

+44 (0)121 285 1250

What data do we store?

Legitimate Interest:

We store any data a guest (or a booking agent on a guest’s behalf) gives us to respond fully to:

A reservation enquiry
Make a booking
Enhance the experience of a guest stay
Send appropriate electronic marketing communications if a guest has ‘opted in’ to receive one of our (no more than) six emails a year.

How do we collect data?

Data is collected via the following means:

Phone calls
Emails
Texts
In person visits
Booking reservation forms from online travel agencies eg booking.com and Expedia or traditional travel agencies.

Digital storage

We have a cloud-based Property Management System (PMS). A PMS is a database of all the reservations made with us. It is our way of ensuring we have a record of guest bookings so that when you check-in we have an apartment ready for you. Our PMS is provided by Mews Systems.

The following information is stored on the PMS:

Gender (male, female, other)
Salutation (Mr/Ms etc)
First name
Surname
Date of birth (if supplied)
Company name (if supplied)
Home postal address
Email address
Mobile number
Landline (if supplied)
Encrypted (tokenised) credit/debit card details (we are fully PCI compliant)

We may also take a copy of a recognised form of ID eg a passport or driving licence. You can also upload this information yourself during the online check-in process.

We may also store information about special requirements such as food preferences, a disability or medical condition that may affect a guest’s stay with us (if you have supplied this information). Similarly, we may also hold a record of any special occasions that you are celebrating with us and the ages of your children, so we can provide age-appropriate Cool for Kids gifts if relevant. All of this information is stored securely and electronically on MEWS, our cloud-based PMS.

Why do we collect guest data?

(a) We are required by UK law to keep a record of the name and address of everyone staying with us at any given time. For overseas visitors, we are also required to note a guest’s passport number and its place of issue.

(b) We also need a guest’s name, address, contact and ID details to process a booking. We collect this information once, and for these reasons:

To provide guests with full receipts for their company expenses claims/personal records
To better protect guests against identity theft if someone tries to use their details to make a booking
To protect Staying Cool against credit card fraud and chargebacks
To speed up check-in for returning guests
For security purposes. We need to know who is staying with us so we can provide that information to the authorities in case of any major incidents or a request from another government service eg track and trace service
To supply to HMRC (Inland Revenue and VAT offices) if requested

(c) If a person has opted in to receiving communications we will send electronic marketing offers and updates (no more than six per year). Please note that our mailing list is kept separately (on MailChimp) to our PMS.

(d) We use anonymised data such as postcodes, gender and age to monitor who is staying with us and help improve our understanding of guests to aid our marketing efforts.

(e) During the Coronavirus pandemic we were required to keep data (name, phone number and email address plus time of arrival) for 21 days in case they are needed for contact tracing via the NHS Track and Trace scheme. We no longer do this.

How is guest credit card information stored and data security?

Guest information and credit card information is stored on a secure server in the UK. The card information is encrypted (tokenised) and we see only the last four digits of a card number once it has been entered and saved. We never store CVC numbers.

Guest data eg email, address etc is stored on the PMS and is password protected. No public Wi-Fi networks are used in the viewing or processing of data. All company laptops are equipped with ESET security software.

How long do we keep guest data?

We have retained all guest records since we opened in 2005 and have no plans at present to delete these or any future records for the reasons given in points (b), (c) and (d) above.

We are required by our merchant credit card companies to keep full records of all bookings made by credit or debit card for 13 months after check-in. We are also required by law (HMRC) to keep full records for accountancy purposes for seven years.

Third parties

We have never, nor do we plan to in the future, share guest data with third parties EXCEPT in the two scenarios below:

If we are subject to a change of ownership or corporate structure and need to pass over guest data from one company to another in order for the transaction to proceed.
Following a formal information request from the police, bank or credit card company about the dates of a guest stay.

When we communicate with guests

Before, during and immediately after a stay we will need to contact guests about their stay (e.g send a booking confirmation, make sure they know how to get here, send a receipt for completing expenses forms etc).

Thereafter, we will only contact a guest if they have asked us to (opted in to future mailings) and this will usually be by email. If a guest has opted-in and then changes their mind, opting out is easy. Either contact us directly by email to hello@stayingcool.localhost or use the unsubscribe button on the email communication from us (usually found in the footer).

Seeing the data we store about you

Please email us and ask us to send you all the data that is stored online via our MEWS property management system.

Guests can ask us to remove any personal data they don’t want us to keep (although we will need to ask for this information again for any future bookings). Or email us at hello@stayingcool.localhost and we will remove the data.

Paper-based data

The only paper documents we store are:

Signed guest check-in sheets (before March 2020) showing a guest’s name, the stay dates and apartment number
Guest credit card payment slips in case of a query from a card provider (if you have paid using our PDQ machine) although most transactions are charged automatically online via our MEWS PMS..

These documents are kept securely for 13 months before being destroyed by a registered shredding company.

If a guest would like to know what details we hold about them offline, for what purpose and to whom they may have been disclosed, they can request this information either by letter or e-mail. We will respond within seven days of receiving a written request to hello@stayingcool.localhost

In very limited circumstances we may need to refuse a guest request (if this was the case, we would give you a detailed reason).

Tracking devices and ‘cookies’ on our websites

As part of GDPR, we are required to let you know when we use any tracking devices or ‘cookies’ on our website.

A cookie is a small token or piece of software that lives on your laptop or smartphone when you visit our website. This enables the cookie to recognise guests when they they return to the site. At times Google and Bing – and possibly other browsers – display our ads on other websites too. Google uses cookies to serve ads based on a user’s prior visits to our website.

Anyone can opt out of Google’s use of cookies by visiting the Google advertising opt-out page. As this is constantly being updated, it is best to search for instructions on how to do this on your favourite search engine.

We, and/or third parties, may use pixel tags and place cookies on a user’s device that track users’ behaviour on our website and on other third-party websites.

We use three types of anonymised tracking software on our website to:

See which forms of online advertising are working (Google Analytics,)
Tell us how many times a visitor may come to our site before booking (Google Analytics)
See how visitors use our website so we can make improvements to help the customer journey (Google Analytics, Hotjar and The Hotel Network)
Serve tailored pop-up information about offers and discounts
Serve adverts via Google and other third parties (Google).

If you do not wish to have cookies enabled and would like to make a booking, simply give us a call on +44 (0)121 285 1250 or email hello@stayingcool.localhost.

Staying Cool is a data controller of guest personal informatoin

For the purposes of GDPR (from 26 May 2018), Stayingcool Group Ltd is a data controller.

How can you contact us?

If you have any questions or concerns about this Privacy Policy and/or our processing of guest personal data, you can get in touch with our Data Protection Officer by email at hello@stayingcool.localhost

What if you have a complaint?

Guests can complain to the Information Commissioner’s Office (ICO), which regulates data protection compliance in the UK, if they are unhappy with how we have processed their personal data. There are clear guidelines on how to do this on www.ico.org.uk/concerns

What our privacy policy covers

Our privacy statement covers only Stayingcool Group Limited. Links to other websites and any information collected by these sites are not covered by this privacy statement. We would encourage you to reread our privacy statement from time to time, so that you are aware of any changes in how we gather and use personal information. Every time we make an update we will amend the date below.

What if this policy changes?

We may make changes to this Privacy Policy from time to time. Any changes we make will be posted on this page.

Policy updated on 20 October 2020

Privacy Policy (GDPR)