Citadel Apartments is fully committed to protecting your privacy and adhering to any requests you may have regarding the storage and use of your information. We pride ourselves on providing a personalised, hassle-free and secure service. In order for us to provide you this service, we need to collect certain information from you, as well as be able to directly contact you in regard to your booking or any enquiries you may have.
On this page we look to explain in plain terms why we collect personal information, the types of information we collect and the rights you have in controlling the data we store.
1) How we collect data
There are numerous ways we may collect your data. Direct means the data has been supplied by you, while indirect suggests the passing of your data from a third party.
- Booking made through our website
- A phone call or email
- When a check-in form is filled out upon checking in
- When browsing our website (once cookies have been accepted)
- Interaction with our social media pages
- When third a third party has been granted your permission to share you details with us
- When working with booking agents to place a guest into an apartment
- If your employer has shared your information with us
- Web analytics services, i.e. Google Analytics
2) Why we store data
We aim to give our guests the best possible experience each time they stay with us, but also offer them tailored services based off previous stay(s) with us. Further, it is absolutely necessary for you to provide certain information when staying with us, if this data is not provided we are unable to offer our service. This necessary information is:
- Home address
- Contact number
- Email address
Additional information may be collected for us to package tailored offers for you based off your previous stay(s), interactions with us and information provided. You can opt-out of receiving these offers at any time.
3) Ways we may use your data include
- When confirming a booking, organising a check-in time or responding to enquiries we will need your contact information. Confirmation of a booking will be communicated though email, organising a check-in time is likely to be communicated through email, but we use phone calls to communicate with our guest when they are nearby the property to allow for a member of a staff to quickly meet and welcome you into the apartment. When communicating this information, we will exclude any promotional content, and only include key information relevant to your stay, hence consent will not be required.
- When you make a booking on our website, in addition to any extras you wish to receive, we use PayFlow gateway to secure the payment. Payflow gateway will collect your card details and name for the payment to be accepted. PayPal gateway uses data encryption to protect your data.
- When guests are required to make ad hoc payment and wish to close this payment by credit card, a member of our team will use an iZettle card reader to take payment. iZettle uses data encryption for the protection of your data.
- When we send guests an invoice via email, we may include a link that sends the guests to 3-D Secure, which is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions.
- Our apartments are listed on a range of Online Travel Agents (OTAs) and bookings agents, whom which we are partners. If your booking is undergone with one of these third-party bodies it is likely that your payment will be completed within the given body, from there the body will liaise with our property management system and provide details of your booking, which may include personal data. A select few OTAs and bookings agents opt not to take payment within their website. In this circumstance, the given body will communicate with us to provide your contact information. From here, we will contact you to arrange payment.
- During your stay with us, we may maintain a digital copy of your ID to comply with our business security measures and for the safety of our guest. Guests can request for us to delete this copy after their check – out.
- When browsing our website, we will ask for permission to employ cookies and tracking technologies to identify any immediate issues within the website and to defend the integrity of our site.
- If you choose to give consent for placing cookies and tracking technologies on our device, we will use your data to better personalise the content of the website to match what we perceive as your interests.
- We keep a profile of our guests, consisting of their personal data, preferences and the details of previous stay(s). We are then able to offer our guests tailored offers and promotions. These offers will be sent via email, and each email will contain a link in the footer that allow the guest to opt-out of any future marketing emails.
- We may upload your data onto the social media channels Facebook, Twitter and LinkedIn and help identify your social media account and deliver targeted ads via custom audiences’ tool.
- If law enforcement or other authoritative bodies deem it necessary for us to share our data, we are legally obligated to comply.
4) What data we may store
As mentioned in section 1, certain information is necessary to collect for us to process your booking and offer you our services. The list below includes this information, plus other data that we may collect depending on the service and the third-party or means used to communicate with Citadel Apartments.
- Home address
- Contact number
- Email address
- Contact number
- Date of birth
- Findings recorded from telephone conversations or emails
- Passport details
- Details of an Identity Document
- Credit card details
- Your image
- Cookies in your browser
- Search terms entered on our website
- Engagement on our social media profiles
- Reviews or comments found on the internet
5) How we store data
We utilise a Property Management System (PMS) database, in which we store the data of our customers. Only our employees have access to our database on the PMS. Access to the PMS is secure, password protected and there is only access for specific employees.
Data stored, or transactions undergone on our website are secure thanks to our up-to-date SSL certificates, confirming encryption and authentication.
6) How long we keep data
We ensure to only keep data for no longer than is necessary for the purpose for which it is processed.
When you book with us we may store your data for up to 7 years, in accordance with the regulation requirements set out by HMRC and Companies House.
If you submit an enquiry, or enter a form of engagement, either directly or through a third party, we may keep your personal information for up to 6 years.
When you opt-in for our email newsletter and/or promoting material, we may keep your data for up to 5 years from the point you last expressed interest/opted-in. Although, if you choose to opt-out or unsubscribe during that 5-year period we shall comply to your request within 48 hours.
Any emails or electronic files are retained for a period up to 7 years.
When data is no longer required we securely delete it from our database and destroy any evidence of us storing your data.
7) Sharing your data
Your data is stored in our PMS database whenever you make a booking or enquire about our services. Certain employees will have access to the PMS database, and therefore your data. Please note that these employees undergo continual training to ensure they are fully proficient in using the PMS and understand how to handle your data in accordance with our policy, which outlines the importance of handling your data responsibly.
Refer to section 3 to identify any other ways we may need to share your data.
8) Tracking technologies
These are the cookies that are strictly necessary for the website to function normally. It must be noted that these cookies cannot be switched off. These cookies do not store personal data.
9) Rights as data subjects
Your rights as individuals, or data subjects are fully outlined in accordance with GDPR. They are outlined below.
- Transparent information, communication and modalities for the exercise of the rights of the data subject.
- Information to be provided where personal data are collected from the data subject.
- Information to be provided where personal data have not been obtained from the data subject.
- Right of access by the data subject.
- Right to rectification.
- Right to erasure.
- Right to restriction of processing.
- Notification obligation regarding rectification or erasure of personal data or restriction of processing.
- Right to data portability.
- The right to object.
- Automated individual decision-making, including profiling.
If you wish to find out more information regarding these rights, you have as a data subject we recommend clicking this link and reading on the desired articles