Privacy Notice

  1. WHO WE ARE AND IMPORTANT INFORMATION

    Northland Real Estate Properties (UK) Limited (or, we, us or our) is part of the Sandman Hotel Group and the Northland Properties Corporation, its related entities and subsidiaries and we are committed to protecting and respecting your privacy. Information in this privacy notice covers information collected and used by us in the course of our business.

    This Privacy Notice covers our property’s practices; as a Northland Real Estate Properties branded property and how your information will also be collected and used by any other members of our Group.

    We are the controller and responsible for your personal data and we are committed to protecting your personal data.

    If you would like to learn more about the Group’s use of your personal information, please visit the Northland Properties Corporation, its related entities and subsidiaries privacy policy at https://northland.ca/privacy-policy/ or the Sandman Hotel Group website or privacy statement at www.sandmansignature.co.uk. This Privacy Notice supplements any other notices and privacy policies and is not intended to override them. Our website is not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 18. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take commercially reasonable steps to delete that information. In limited instances, we may have a campaign or program targeted towards children. In these instances, details on the information practices will be presented within the terms and conditions of the program or campaign.

  2. HOW TO CONTACT US

    If you have any questions about this Privacy Notice or our UK data protection practices please contact us by email at ukimarketing@sandmanhotels.co.uk or by post: FAO Marketing Department, Sandman Signature Newcastle Hotel, Gallowgate, Newcastle upon Tyne, NE1 4SD.

    To the extent permitted under applicable law, you may also use the above contact details to exercise your privacy rights, for example, to request access to any of your personal information that we hold. These requests will be reviewed and processed in line with applicable law.

    You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues

    (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

  3. CHANGES TO THIS PRIVACY NOTICE

    In some instances, we may have to change, modify or amend this Privacy Notice in order to comply with the evolving regulatory environment or the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Privacy Notice will be communicated through our website. However, if there are changes made to the use of your personal information in a manner different from that stated at the time of collection we will take appropriate steps to notify you, such as by posting a notice on our website or in our hotel for 30 days prior to the changes taking effect, or by notice provided in information communicated to you as part of your reservation or check-in or by emailing you.

    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

    This Privacy Notice was last updated on [27.02.2024].

  4. THIRD PARTY LINKS TO OTHER SITES

    Our website may contain links to third party websites that are maintained and/or controlled by non-affiliated parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you and we encourage you to review the privacy policy of every website as their privacy practices may differ from ours.

  5. INFORMATION WE COLLECT

    Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

    We may collect information directly from you, about you from other entities of the Group, and automatically as you use our website, sign up to our newsletter, purchase a product or service and if you use our WiFi services at any of our properties.

    1. Information we collect directly from you:The type of information that we collect from or about you varies based on your interaction with our website and services and includes:
      • Reservation Data: Your full name, title, email address, home and business address, phone number, nationality and payment card information.
      • Stay Preference Data: Information such as stay and room preferences made during the course of your reservation such as your preferred room type and specific requests to the hotel.
      • Customer Service Inquiry Data: We collect information from you when you make an inquiry with us, such as inquiries regarding on-property events, including your name, contact information, and information about the event you are planning.
      • Usage Data includes information about how you use ourwebsite, products and services.
      • Contests/Promotions Data: if you choose to participate in one of our competitions or sweepstakes, sign up on property to receive our newsletters or other special offers and promotions, or participate in one of our other services, we collect your name, contact information, and other information that you choose to provide to us.
      • Preference Data: we collect appropriate contact information ifyou consent to receive marketing from us by opting in.
    2. Information we collect from other entities:
      • If you make a reservation through Northland Properties Corporation, its related entities and subsidiaries, they provide us with sufficient information to handle your reservation at our property. Please note that neither of these entities provide us with access to all of your contact information or all of your RSVP Rewards data. As a result, we may request additional information from you (e.g. your email address) if you would like a copy of your folio.
      • Your Employer/Sponsor/Other Payor of Your Account/Travel Agent: Wealso obtain information about you from other parties if you do not make the reservation with us directly or if you are not the responsible payor on your account.
      • Other Guests: if you are a guest of one of our registered guests, we maycollect information about you from the guest.
      • Online sources, such as websites, social media and information sharing platforms: This information may be used to help tailor and improve our services and communicate with you effectively, as we know many of our customers use a range of media channels to communicate and share information. If you use our hotel wifi we may collect certain informationsuch as the information requested when you register to use the service and device information.
      • Social Media Features: We may use various social media features such as the Facebook “Like” button on our websites. Certain information may be shared or otherwise provided to us through your use of these features in conjunction with our services and programs. Subject to your account and privacy settings, we may also be able to see information that you post when using these social media platforms whether or not you are using one of our services. In some instances, depending on the circumstances, we may contact you on these social media platforms. The information you post on social media sites as well as the controls surrounding these disclosures are governed by the respective policies of the social media site where you posted.
    3. Information we collect automatically:We and our service providers use cookies (collected and stored by organisations including, but not limited to, Amadeus IT Group, S.A and Opera Cloud on our behalf), pixels, web beacons, tracking tools and other similar technologies on our website to collect information and provide you with the services that you have requested or participate in and to provide targeted advertising. Subject to local consent requirements, we may use this and other information we collect, such as a hashed email address, to help us and our service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We, and our service providers, also may use the cross-device tracking and other information we learn about you to serve targeted advertising on your devices. We also use the information that we collect to improve our products and services as well as your experience when visiting our websites. Please see Cookies and Other Tracking Technologies below for additional information.We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

  6. IF YOU FAIL TO PROVIDE PERSONAL DATA

    Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

  7. HOW WE USE YOUR INFORMATION

    We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

    • Where we need to perform the contract we are about to enter into or have entered into with you.
    • Where you have given clear consent for us to process your personal data for a specific purpose.
    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • Where we need to comply with a legal obligation.

    Please see the clause 16 (Glossary) in this Privacy Notice to find out more about the types of lawful basis that we will rely on to process your personal data.

    Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

  8. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

    We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

    Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

    Purpose/Activity Type of Data Lawful basis for processing including basis

    of legitimate interest
    To process your reservation request and to enhance your stay. Reservation Data Stay Preference Data Performance of a contract with you

    Necessary for our legitimate interests (in providing hotel accommodation and

    services)
    For customer service purposes. Customer Service Inquiry Data

    Stay Preference Data

    		 Performance of a contract with you

    Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow

    our business)
    To send you newsletters (upon your request). Contests/Promotions Data

    Preference Data

    		 Necessary for our legitimate interests (to keep you up to date with our latest news and updates)
    To provide marketing information to you. Contests/Promotion Data

    Preference data

    		 data in order to provide
    1. Necessary for our legitimate interests (to promote our products/services, to develop them and grow our business)
    2. Where you have given clear consent for us to process your personal
    certain marketing information.

    c) Where you have previously received services from us, information regarding similar services on the basis of soft opt-in.
    To manage our relationship with you which will include notifying you about changes to our terms or privacy policy. Contests/Promotion Data

    Reservation Data Stay Preference Data Preference Data

    		 services)
    To determine the success of our marketing campaigns. Reservation Data Stay Preference Data Usage data Necessary for our legitimate interests (to keep our records updated and to study how successful and profitable

    our campaigns are)
    To protect our rights and interests and the rights and interests of other parties. Reservation Data

    Customer Service Inquiry Data

    Usage Data
    To administer surveys and questionnaires, such as for market research or user satisfaction purposes. Contests/Promotions Data

    Reservation Data

    		 Necessary for our legitimate interests (to keep our records updated and to study how
    1. Performance of a contract with you
    2. Necessary to comply with a legal obligation
    3. Necessary for our legitimate interests (in providing hotel accommodation and
    1. Necessary for our legitimate interests (in providing hotel accommodation and services)
    2. Necessary to comply with a legal obligation
    Customer Service Inquiry Data customers use our products/services)
    For legal purposes, including to respond to requests from law enforcement. Reservation Data Usage Data

    Customer Service Inquiry Data

    		 Necessary to comply with a legal obligation
    For fraud prevention. Reservation Data

    Customer Service Inquiry Data

    Usage Data
    To evaluate the use of our website and to improve the usage of our website. For example, we may review which features of our website are most popular. We also may review your feedback to help us determine how to improve our website. Usage Data our business)
    Marketing. Preference Data a) Necessary for our legitimate interests (to promote our products/services, to develop them and grow our business)

    (b) Where you have given clear consent for us to process your personal data
    1. Performance of a contract with you
    2. Necessary to comply with a legal obligation
    1. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
    2. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow

  9. SHARING YOUR INFORMATION

    We share your personal information with Northland Properties Corporation, its related entities and subsidiaries:

    • If you make a reservation directly with our property, we will share your reservation information as well as information regarding your stay with either Sandman Group or Northland Properties Corporation, its related entities and subsidiaries, depending on which manages the global reservation system for the hotel.
    • Service Providers: entities that assist us in the provision ofservices and that help us improve our products and services. For example, we may share data collected about you online with online advertisers and entities that assist us in our digital marketing.
    • We also share your personal information, which may include information about your stay with us, with other entities in circumstances such as: a) when we believe in good faith that the disclosure is required by law or to protect the safety of hotel guests, employees, the public or our property; b) when disclosure is required to comply with a judicial proceeding, court order, subpoena, warrant or legal process; or c) in the event of a merger, asset sale, or other corporate transaction.
    • If we are unable to service your request or if we think a sisterproperty may be able to provide you with appropriate service, we may share your contact information with the other hotel.
    • Overbook Situations: If we are oversold, we may share your contact information with a different hotel for the purpose of reserving a room for you at the other property.

  10. INTERNATIONAL TRANSFERS

    We may transfer, store and process your personal data outside the UK in sharing personal data with other organisations within the Group and by virtue of our third party service providers, such as Amadeus IT Group. In particular, we use a hotel property management system Opera Cloud whose servers are based in Frankfurt, Germany

    Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented

    • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For further details, please click here.
    • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

    Please contact us using the details at section 2 of this Notice if you would like further information on the specific mechanism used by us when transferring your personal data out of the UK.

  11. COOKIES AND OTHER TRACKING TECHNOLOGIES

    For more information about the cookies we use and how to change your cookie preferences, please see the link [www.sandmanhotels.co.uk/cookies] to access our Cookie Policy.

  12. HOW WE SECURE YOUR INFORMATION

    We take commercially reasonable measures to protect the confidentiality and security of the information that you provide to us. To do this, technical, physical and organisational security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.

  13. MANAGING YOUR PREFERENCES AND INFORMATION

    If you have opted into an email newsletter or receive offers/marketing from us, please follow the instructions in the email or offer to unsubscribe. Please allow up to 10 days for us to process your request.

  14. DATA RETENTION

    We will only retain your personal data in an identifiable form for as long as is reasonably necessary for the purposes we collected it for, including to fulfil the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. By law we are required to hold our guest’s basic information (including Reservation Data) for seven years to deal with any possible disputes or inquires or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Once your personal data is no longer

    needed, it is deleted or anonymised in accordance with our data retention guidelines.

    We will comply with our obligations and safeguard your rights under the UK GDPR at all times.

    In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

    In some circumstances you can ask us to delete your data. Should you wish to do this, please contact gdprinquires@sandmanhotels.co.uk further information about the deletion of your data.

  15. CHANGE OF PURPOSE

    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  16. GLOSSARY LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

Consent means where the individual has given clear consent for you to process their personal data for a specific purpose.

THIRD PARTIES INTERNAL THIRD PARTIES

Other companies in the Group and who are based the UK and provide other accommodation services.

EXTERNAL THIRD PARTIES

  • Service providers based in the UK who provide:
  • Professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances.

    YOUR LEGAL RIGHTS

    You have the right to:

    Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

    Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

    Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to

    process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

    Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw

your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.