Book Now Menu

OR CALL 020 7640 3347

Your privacy is very important to us. We promise to respect and protect your personal information and try to make sure that your details are accurate and kept up to date. This Privacy Notice sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this Privacy Notice carefully. When using our website, this Privacy Notice should be read alongside the website terms and conditions.

1. About Genesta Athenaeum LLP

In this Privacy Notice references to “we” or “us” or “Athenaeum” are to Genesta Athenaeum LLP.

Ralph Trustees Limited operates a group of hotels comprising The Grove, The Runnymede-on-Thames and The Athenaeum.

In order to provide our services, we will collect and use personal information about individuals. We are the Controller of all personal information we process pursuant to this Policy and we are responsible for complying with data protection laws.

If you have any questions about how we collect, store or use your personal information, you may contact us using the details set out in the “Contact Us” section 8.

2. Our processing of your personal information

This Policy sets out the legal grounds enabling us to process your personal information.

Where you provide personal information to us about other individuals (for example, members of your family or your employees) we will also be data controller of and responsible for their personal information. You should refer them to this Policy before supplying us data on behalf of others.

2.1. What personal information will we collect?

When you engage with us, such as make a booking or view our website, we will collect information about you and that engagement.  This may include information such as:

  • General identifiers such as your name, address, email address, phone number, date of birth, gender, IP Address and relationship (if any) with any other Athenaeum customers.
  • Information about your job including job title, role, company and details about the industry you work in.
  • Financial information such as your bank details and payment details
  • Information obtained during telephone recordings, or if you make a complaint.
  • Information about how you have accessed our websites such as any  pages or sections you have viewed on our website
  • Information about electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication
  • CCTV images when you visit our hotels and areas adjacent to our hotels
  • Booking information including special requests, meal and room preferences.
  • Any other information passed on from you or someone else making the booking on your behalf (for example, your areas of interest such as spa breaks or meetings).
  • Customer intelligence and information (including photographs) obtained from publically available sources such company websites and social media sites by our research sales and marketing teams.
  • Answers you provide when you respond to competitions, votes and surveys
  • Information from specialist market research companies who provide us with additional personal information about you and your household such as income, number of children, occupation, social grade, home ownership status, the products and services you use or intend to use or purchase, and your interests.
  • Any other personal information which you may disclose to us when you use our Services at any time

Sometimes we need to collect personal information by law, or under the terms of the contract we have with you. If you fail to provide that information when we request it, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with goods or services). In this case, we may have to cancel the product or service, but we will notify you if this is the case.

2.1.1. How will we collect your personal information?

We will collect information directly from you when you engage with us:

  • face to face
  • via forms and satisfaction surveys
  • by telephone
  • by email
  • via the CCTV infrastructure
  • when you access our wifi service
  • via our website, including cookies.  You can find more information about this in our cookies policy which can be found here

We will also collect information indirectly when you engage with us via:

  • Third parties who are making the booking on your behalf (such as travel agents, OTA’s, company bookers and group organisers).
  • Specialist market research companies, who provide us with additional personal information about you and your household.
  • Publicly available sources such as internet search engines, social media sites and online forums.
    write a review of your stay or engagement with us.

We will combine any personal information about you that we receive from you, from other hotels in our group, and from third parties.

2.1.2. What sensitive personal information will we collect?

Sometimes we will request or receive your “sensitive personal information” in order to fulfil services you have requested.  This may include information such as:

  • Details of your health condition including any disabilities you may have where relevant for our spa facilities.
  • Genetic or biometric data provided on your identification documents
  • Racial and ethnic origin provided on your identification documents
2.1.3. What will we use your personal information for?

We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so. All personal information that we obtain about you will be used in accordance with current data protection law and this Privacy Policy. We, or third party data processors acting on our behalf, will process your personal information as follows:

  • As necessary, to perform a contract with you, such as a contract to process an order from you for one or more of our Services including, where applicable, taking payment and carrying out fulfilment and delivery.
  • As necessary, to comply with a legal obligation, where you exercise your rights under data protection law and make requests; and to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity.
  • As necessary, for our legitimate interests in providing the services and ensuring they operate safely, securely and in a commercially suitable way which is tailored to your use and interests, for example:
      • to provide you with the services;
      • to verify your identity for security purposes;
      • to help us to ensure our customers are genuine and to prevent fraud;
      • to ensure the security of our websites, mobile applications and other technology systems;
      • for the good governance of our business, including keeping financial records, to allow us to pay suppliers and to charge, invoice or refund customers;
      • to search credit reference agencies before we provide you with credit;
      • by using CCTV, to prevent and detect crime
      • to record and investigate health and safety and other incidents which have happened or may have happened
      • to provide you with information about our services, to contact you about administrative matters, and to manage and respond to any queries or complaints you make or any correspondence you send us;
      • to help us to return lost property to its rightful owner;
      • to send you marketing communications which may be of interest to you.  These may include information about stays, events, promotions, offers, information about the hotel and the surrounding area
      • for the purpose of marketing our services where applicable, processing your personal information, creating custom marketing audiences on third-party websites such as Facebook, and profiling and automated decision-making relating to our marketing;
        for market research and statistical analysis and to analyse the use of our services so that we can improve them.
      • Based on your explicit consent, when you provide us with sensitive personal information about your health, to provide you with tailored services (for example, spa treatments)
2.2 What personal information will we collect?
  • General information such as your name, address, email address, phone number, date of birth, gender and relationship (if any) with any other RTL customers.
  • Information about your job including job title, role, company and details about the industry you work in.
  • Financial information such as your bank details and payment details.
  • Information obtained during telephone recordings, or if you make a complaint.
  • Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found here.
  • Any other information passed on from you or someone else making the booking on your behalf (for example, your areas of interest such as spa breaks or meetings).
  • Customer intelligence and information (including photographs) obtained as a result of carrying out checks of publically available sources such company websites and social media sites by our research sales and marketing teams.
2.2.1 How will we collect your personal information?

We will collect information directly from you:

  • face to face
  • via forms, including the Leaders Club application form and satisfaction surveys
  • by telephone
  • by email
  • via our website

As well as obtaining information directly from you, we will collect information from:

  • Third parties who are making the booking on your behalf (such as travel agents, OTA’s, company bookers and group organisers).
  • Publically available sources such as internet search engines and social media sites
2.2.2. What will we use your personal information for?

There are a number of reasons we use your personal information and for each use we need to have a “legal ground” to do so.

We will rely on the following “legal grounds” when we process your “personal information”:

  • We need to use your personal information to enter into or perform a contract that we hold with you. For example, we need to use your personal information to provide you with a service at The Athenaeum hotel.
  • We have a legal or regulatory obligation to use such personal information.
  • We need to use such personal information to establish, exercise or defend our legal rights.
  • We have an appropriate business need to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
  • We need to use your personal information for reasons of substantial public interest. For example, to prevent or detect crime and respond to police enquiries.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “legal ground” and we will rely on the following legal grounds in these circumstances:

  • It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty.
  • We need to use such special categories personal information to establish, exercise or defend legal rights.
  • You have provided your consent to our use of your sensitive personal information (e.g. in relation to your booking or use of the hotel facilities). In some circumstances, we may need your consent to process sensitive personal information (e.g. health information). Without it, we may be unable to provide you with your requested service. We will always explain why your consent is necessary.
2.2.3. Who will we share your personal information with?

From time to time, we may share your personal information between our internal departments of the Athenaeum hotel as follows:

  • Via internal reports
        • Via access to central IT systems
        • Where we need to meet your booking requirements
        • Where our hotel is unable to meet your booking requirements and another hotel might be able to assist or accommodate you; or
        • Where we need to report information within our hotels.

or with the following third parties for the purposes set out above:

  • Any agent or representative acting for you.
  • Financial crime and fraud detection agencies.
  • Our industry regulators or watchdogs.
  • Selected third parties in connection with any sale, transfer or disposal of our business, including providing you with Athenaeum customer loyalty benefits.
  • Leading Hotels of The World.
  • Pride of Britain Hotels.
  • Our insurers.
  • The police, HMRC and other crime prevention and detection agencies.
  • Third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisers.

If you would like further information regarding the disclosures of your personal information, please see the “Contact us” section below for our contact details.

2.3 Where you are a third party supplier

This section will apply if you are a third party supplier to Genesta Athenaeum LLP.

2.3.1 What personal information will we collect?
  • General information such as your name, company address, email address, phone number and company name.
  • Financial information such as your company’s bank details, payment details, VAT number and information obtained as a result of our credit checks.
  • Information obtained during telephone recordings.
  • Any other information passed on from you when providing us with a quote or price list.
  • Information obtained as a result of carrying out checks of publically available sources such as company websites.
2.3.2 What special categories of information will we collect?

We do not collect any special categories information from 3rd parties.

2.3.3 How will we collect your personal information?

We will collect information directly from you:

  • through any written or verbal communications we may have such as via email or telephone (please note that call recording may be used);
  • via our website
  • via forms

As well as obtaining information directly from you, we will collect information from:

Other business companies and representatives

Publically available sources such as internet search engines and company check websites.

Third party providers including (e.g. credit checks service providers.)

Financial crime detection agencies (such as for fraud prevention and checking against international sanctions)

2.3.4. What will we use your personal information for

There are a number of reasons we use your personal information and for each use we need to have a “legal ground” to do so.

We will rely on the following “legal grounds” when we process your “personal information”:

  • We need to use your personal information to enter into or perform a contract that we hold with you.
  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
  • We need to use such personal information to establish, exercise or defend our legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example e.g. to maintain business records, to review our business models, to undertake strategic and operational business analysis of the products and services we offer, to maintain management information, and for internal audit purposes.
  • We need to use your personal information for reasons of substantial public interest. For example, to prevent or detect crime and respond to police enquiries.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “legal ground” and we will rely on the following legal grounds in these circumstances:

  • It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty – such as carrying out fraud, credit and anti-money laundering checks.
  • We need to use such special category personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have given your explicit consent to our use of your special categories of personal information. In some cases we are not able to offer you a contract unless we have your criminal record information.
2.3.5. Who will we share your personal information with?

From time to time, we may share your personal information, as follows:

Within Genesta Athenaeum LLP

We may share your personal information internally between our departments.   We will do this via access to internal reports and centralised IT and marketing systems.

With third parties  and service providers working on our behalf

We may share your personal information with our third-party service providers, agents, sub-contractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, to process payments and send you emails). However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

Third-party product providers we work in association with:

We work with carefully selected Online Travel Agents (OTAs, e.g. Booking.com). When you enquire about us or book with these third parties, the relevant third-party will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. They will be acting as a data controller of your information and we therefore advise you to read their Privacy Policy. These third-party product providers will share required information about you with us (e.g. room type purchased and dates of stay) that we will use in accordance with this Privacy Policy.

When you are using our secure online booking system, your purchase is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions.

We will also disclose your personal information to third parties in the following circumstances:

  • if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
  • if we or substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
  • in order to enforce or apply Our Terms of Use or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
  • to protect the rights, property, or safety of us, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.

Save as expressly detailed above in this section, we will never share, sell or rent any of your personal information to any third party without notifying you and/or obtaining your consent.

If you would like further information regarding the disclosures of your personal information, please see the “Contact us” section below for our contact details.

3. What marketing activities do we carry out?

We have a legitimate interest to market to you.  We use your personal information to provide you with information about The Athenaeum hotel’s, services or events which may be of interest to you as one of our past or prospective customers. These may include information about stays, events, promotions, offers, information about the hotel and the surrounding area

If you wish to opt out of marketing, you may do so by clicking on the “unsubscribe” link that appears in all emails or telling us when we talk to you.

Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.

4. How long do we keep personal information for?

We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this Privacy Policy.

We are also required to keep certain information in order to comply with our legal and regulatory obligations.

The exact time period will depend on your relationship with us and the type of personal information we hold. We may be required to retain the personal information for longer periods e.g. to establish, exercise or defend legal rights, such as responding to customer personal injury complaints.

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 8.

5. Automated processing

Genesta Athenaeum LLP carries out automated processing.

We will combine any personal information about you that we receive from you, from other hotels in our group, and from third-parties in order to create marketing profiles.

Marketing profiles include personal information such as information about services you have used, information about when you have visited our hotels in the past, demographic data and, where you have agreed, data from your social media profiles.

For example, we may analyse the personal information of people who have used our services in the past and then compare them with other people in our database. If we identify people in our database who have similar personal information, we may then target marketing to those people, for example by sending direct marketing emails. We may conduct the profiling and marketing automatically.

We conduct these automated decision-making and profiling activities for our legitimate interests in providing the services and ensuring they operate in a commercially suitable way which is tailored to your use and interests.

6. Your rights

Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in section 8.

In some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why.

You have the right to:

· The right to access your personal information
This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
· Request correction of the personal information we hold about you ►
This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new information you provide us with.
· Request erasure of your personal information ►
This enables you to ask us to delete or remove your personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons. We will notify you of these, if applicable, at the time of your request
· Object to the processing of your personal information ►
Where we are relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms, e.g. a requirement imposed on us by law.
· Request restriction of the processing of your personal information ►
In some cases, e.g. questions over accuracy, lawfulness, the requirement to hold data or your objection to data usage, you may ask us to suspend the processing of your personal information.
· Request the transfer of your personal information to you or to a third party ►
If required, we will provide you or a third party of your choice with your personal information in a structured, commonly used, machine-readable format. Note, this right only applies to automated information that you initially provided consent for us to use or information that was used to perform a contract with you.
· Withdraw consent at any time ►
Where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent we may not be able to provide certain products or services to you. We will advise you if this is the case at the time.

Please note that for some purposes, we need your consent in order to provide you with a service. If you withdraw your consent, we may need to cancel your reservation, booking or service. We will advise you of this at the point you seek to withdraw your consent.

· The right to lodge a complaint with the ICO ►
You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.

 

7. How we protect your information

We use a range of organisational and technical security measures to protect your information, including firewalls and access controls, which we review periodically. We also ensure that our employees receive appropriate data security training.

8. Contact us

If you would like further information about any of the matters in this Privacy Policy or have any other questions about how we collect, store or use your personal information, you may contact our data protection adviser by using the contact details provided below:

Data Protection Enquiries

Genesta Athenaeum LLP

116 Piccadilly

London

W1J 7BJ

info@athenaeumhotel.com

9. Updates to this Privacy Notice

We may need to make changes to this Privacy Policy periodically, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally.

This Privacy Notice was last updated on: 1 December 2022.

If you cannot find the answer you are looking for, feel free to call 020 7640 3557, contact us via our form, or email info@athenaeumhotel.com.