This policy relates to hotelwizard.co.uk which is owned by Hotel Wizard Ltd, company number 12930781, whose
principal place of business is: 6 Renaissance Court, Crewe, CW1 6FN, UK.
This privacy statement tells you what to expect when we process your personal information. It applies to all HotelWizard website users.
This is the main privacy statement for HotelWizard. It is important for you to read this statement in full to understand how we use your data and your rights in
relation to your data. We need to process personal data in order to deliver your purchases, our newsletter and services to you.
We are committed to protecting your personal data. By your 'personal data' we mean any information about you that you or third parties provide to us.
We are a data controller in respect of personal data that we process in connection with our business (including the products and services that we provide). In this
policy, references to "we", "us", "our" or "HotelWizard" are references to HotelWizard Ltd.
To obtain the best from our services, please keep your personal data (including your email address) accurate and up-to-date. You can do this via your Account
This policy does not extend to any external websites which are linked to from our site. If using a third-party website for further services, please refer to that
Please take the time to read this policy carefully. In opening an account with us and/or providing any personal data to us via our website, you acknowledge that your
personal data will be used in accordance with this policy.
We keep this privacy statement under regular review and will place all updates of this statement on our website as soon as is practicable. We reserve the right to
change the contents of our website and/or this policy at any time, by posting such changes on our website. It is your responsibility to familiarise yourself with these
resources to ensure you are aware of any changes. Your continued use of our website following the posting of any such changes will constitute your acceptance of the
For further information you can contact us as follows:
6 Renaissance Court
For independent advice about data protection issues, you can contact the Information Commissioner:
Wycliffe House, Water Lane
Phone: 0303 123 1113
2. Policy key definitions:
• "I", "our", "us", or "we" refer to the business, HotelWizard Ltd.
• "you", "the user" refer to the person(s) using this website.
• GDPR means General Data Protection Act.
• PECR means Privacy & Electronic Communications Regulation.
• ICO means Information Commissioner's Office.
• Cookies mean small files stored on a user's computer or device.
3. Processing your personal data
Under the GDPR (General Data Protection Regulation) we control and process any personal information about you electronically. 'Personal data' means any information
collected and logged in a format that allows you to be identified personally, either directly, such as your name, or indirectly, such as a telephone number, as a
services. By accepting these terms and conditions, you expressly accept the provisions of this policy
4. Your rights under the GDPR
Under the GDPR your rights are as follows:
• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• the right not to be subject to automated decision-making including profiling.
If you wish to exercise any of the rights set out above, please contact us. No fee is charged for accessing any of your personal data or any of your other rights
listed above. However, if requests are unfounded, excessive or repetitive, we may charge a reasonable fee. In this circumstance, we may also refuse to comply
with your request.
In the case of a request to access personal information, we may need you to help us confirm your identity by supplying specific information about yourself. This
is to ensure that only the person with the right to access the data is receiving it.
We handle subject access requests in accordance with the GDPR. We will try to respond to all legitimate requests within one month, though this could take longer
if the request is unusually complex or there are a number of requests. In this instance, you will be notified and we will keep you updated.
5. What information is collected and how is it used?
HotelWizard will only collect personal information when we need it. The type of information we need from you will relate purely to contact information allowing us to
process a hotel booking and also to communicate with you. When we ask you for information, we will make it clear why we need it. We only collect personal
information when you complete forms on this website, either when you purchase something from us such as a hotel booking; register with our website; or sign up to
Booking a hotel
We will require your name, email address, postal address and telephone number.
It's in our legitimate interests for us to store and use this information as the
basis of ongoing communication with you in order to arrange details of a proposed sale.
In addition, if you normally reside outside of the UK, your nationality and passport number are required as hotels are required to retain a record of the full name and
nationality of guests over 16 years of age.
Should you have any special requirements or allergies, e.g. you or a member of your party are vegetarian, vegan etc - or you have a preference for a room to be situated
on a lower or upper floor, this can optionally be specified during the booking process. Note that requests of this nature are not guaranteed to be fulfilled as the
hotel may be unable to accommodate your request and your booking may be declined as a result. All such requests are processed on a first-come-first-served basis.
Receive email updates / newsletters
We will require your name and email address.
We need your consent to be added to our mailing list.
We will use this information to provide you with emails
and newsletters relevant to HotelWizard and our services.
6. How will we protect the information about you?
We will apply appropriate technical and organisational measures to ensure your personal information is secure. For example, we have systems in place to ensure that
access to personal information is restricted to authorised individuals on a strictly need-to-know basis.
When we need to share personal data with contractors and third party suppliers, our relationships are governed by our contracts with them which include strict data
sharing and confidentiality protocols.
We will not discuss your personal information with anyone other than you and/or, in the case of a hotel booking, the hotel concerned, unless you have given us prior
written authorisation to do so or where we have received a clear verbal instruction from you (as a one-off circumstance).
7. Who will we share your information with?
We will never share personal information with other organisations for third-party marketing purposes.
We will need to share personal information we hold about you with registered hotels, guest houses and other organisations who provide services on our behalf. When
sharing information we will comply with all aspects of current general data protection law. All our data sharing relationships are governed by contracts which
include strict data sharing and confidentiality protocols.
Where sharing is in our legitimate business interests, we may share your information without seeking your consent first. This may be with police, HMRC and other
relevant authorities. We may also share information when required by law for example where ordered by the Court or to protect an individual from immediate harm.
8. What are your rights in relation to your data?
We are committed to upholding your rights in respect of your personal data.
The right to be informed
Through the provision of this and other privacy notices on our website, we’ll be open and transparent about how and why we use your personal information.
The right of access
You have a right to ask us what personal information we hold about you and to request a copy of your information. This is known as a ‘subject access
SARs need to be made in writing and we ask that your written request is accompanied by proof of your address and identity.
If you are seeking to obtain specific information (e.g. about a particular matter or from a particular time period) it helps if you clarify the details of what you
would like to receive in your written request.
If someone is requesting information on your behalf they will require written confirmation from you to evidence your consent for us to release this and proof of ID
(both yours and theirs).
We have 30 calendar days within which to provide the information you’ve asked for (although we will try to provide this to you as promptly as possible).
The right to rectification
You can ask us to rectify your personal data if it is inaccurate or incomplete. Please help us to keep our records accurate by keeping us informed if your
The right to erasure
The right to erasure is also known as ‘the right to be forgotten’. In some circumstances, you can ask us to delete or remove personal data where there is
no compelling reason for its continued processing. This is not an absolute right, and we will need to consider the circumstances of any such request and balance this
against our need to continue processing the data. Our response will also be guided by the provisions of our retention schedule.
The right to restrict processing
GDPR gives you the right to restrict the processing of your personal data in certain circumstances. This means that you can limit the way that we use your data. This
is an alternative to requesting the erasure of your data.
You have the right to restrict the processing of your personal data where you have a particular reason for wanting the restriction. This may be because you have issues
with the content of the information we hold or how we have processed your data. In most cases any restriction will not be put in place indefinitely, but for a certain
period of time.
Note that if you choose to enact the right to restrict processing of your data, this may subsequently hold up a booking/confirmation.
The right to data portability
You have the right to obtain your personal data in a way that is accessible and machine-readable, for example as a CSV file.
The right to object
You can tell us you object to us processing your data to provide update emails.
You can specifically opt-out of emails at any time by following the link at the
bottom of each email.
The right not to be subject to automated decision-making including profiling
Automated individual decision-making is a decision made by automated means without any human involvement. HotelWizard does not apply automated individual
decision-making - with two notable exceptions:
• A guest who causes damage to a hotel - or has been asked to leave a hotel for breaking its terms & conditions - may be blocked from making any future
bookings at all properties owned by the hotel owner;
• HotelWizard does not itself apply credit checking facilities which identify potential fraud. Our partner, Stripe, detects patterns across processed
payments and assesses the risk level during the authorisation of your payment card.
9. How long will you keep my data?
We only hold records during the period of our relationship and for a set period afterwards to allow us to meet our legal obligations, including resolving any follow-up
issues between us. If you opt out of email updates and newsletters your data is removed from processing immediately.
Please contact us if you would like any more information.
11. Data sharing and third-party data processors
across the Internet. HotelWizard may also share information about your behaviour on the Site with third parties (including operators of third-party websites and/or
social networking sites) in order to show you targeted advertisements and other content that has been customised for you.
HotelWizard's website & database is hosted on a server in the United Kingdom. As an absolute minimum, HotelWizard meets the guidelines set out under the GDPR.
For further information regarding GDPR and to review the latest data protection guidance from the Information Commissioner's Office, click