Cardiff Holiday Let's Ltd is dedicated to ensuring that personal information is handled with care and securely, to protect our guests and clients and customers. This page is focused on helping you to understand what information we may collect, how we may use it, and how it is stored and protected. At Cardiff Holiday Let's Ltd we know there is a lot of information to digest on this page and we want to ensure you are fully informed about your rights, and how we may use your data. Hopefully, this page answers any questions you may have, but if you require further assistance please do not hesitate to contact us using the information at the bottom of this page.
GDPR what is it?
"The General Data Protection Regulations come into force on 25th May 2018. The regulations replace the Data Protection Act 1998 the GDPR enforces stricter rules on how companies within the European Economic Area (EEA) are able to process and store your data. The GDPR regulations give individuals more rights to access and manage the data that companies hold about them.
The rules not only apply to all companies that are based within the EU, but also companies that offer products or services to individuals within the EU. The UK government have also already written the new GDPR rules into UK Law, so they will still apply once the UK leaves the EEA upon Brexit.
What are the legal bases for data collection?
The GDPR outlines 6 legal bases that a company may use to collect data from individuals. All data collected and processed must fall under one of these categories, otherwise, the data may not be collected in the first place.
Cardiff Holiday Let's Ltd only use four of the legal bases to collect information. We explain these below, however, if you would like to read about the other legal bases you can find more information on the Information Commissioner's Office website.
Cardiff Holiday Let's Ltd needs to collect and process personal data to perform our contractual obligations with you. This legal basis is normally used when you purchase one of our services.
For Example Cardiff Holiday Let's Ltd needs to collect your Name, Address, Contact Information when creating bookings so that we can send you information on how to access your apartment and our check-in procedure.
Cardiff Holiday Let's Ltd may be required by law to collect and process your personal data.
For Example Cardiff Holiday Let's Ltd can pass details of people involved in fraud or other criminal activity affecting Cardiff Holiday Let's Ltd to law enforcement.
Cardiff Holiday Let's Ltd may collect and process personal data for our own legitimate interests in ways that are reasonably expected to run our business.
For Example Cardiff Holiday Let's Ltd May use booking data to monitor trends in demand to help our marketing and setting our rates.
We may also monitor repeat bookings to offer our guests exclusive discounts and offers.
Cardiff Holiday Let's ltd may collect and process your personal data with your consent.
For Example You tick a box to accept receiving our newsletter.
What personal data does Cardiff Holiday Let's Ltd collect? We collect data at all stages of the customer journey. This is to ensure that we can provide the best customer service and fulfil all our contractual obligations.
How we use the data When you visit our website we anonymously collect data on which pages you visit and how you use our website. We use this data to make improvements to our website and ensure that users are able to easily book our apartments online. You are shown a cookie banner for us to obtain consent to this.
When you make a booking either through the website or via the phone we collect the following information:
Your name Your address Your contact number Your email address Names of all guests Vehicle Registration Number Payment card details
We use this data to fulfil our contractual obligation to you in booking a serviced apartment. We use this information to create your check-in back and provide you with information on what to do on arrival.
We may pass your vehicle registration onto the apartment management company to ensure you can access the car park on arrival. During busy times we may also pass the guest names onto our security team for the safety of our guests.
When you add extras to your booking. If you are using a different payment method to when you created the booking we may collect:
Your payment card details
We use this data to fulfil our contractual obligation to you.
When you make an enquiry through the website contact form we collect:
Your name Your contact number Your email address Booking information
We use this data to respond to your enquiry and monitor the performance of our reservation team.
When you enter competitions we may collect:
Your name Your contact number Your email address
We use this data to pick a winner and keep entries updated on the competition.
When you sign up for our newsletter.
We use this data to send out our monthly newsletter to individuals who have consented to direct marketing.
When you sign up for a corporate rate and the corporate portal.
We use this data to fulfil our contractual obligation to you.
When you access our apartments, key safe, or office.
Some of the apartment buildings we operate in have CCTV which will record your image on entering and exiting the building.
When you are a landlord and you enter into a rental agreement with Cardiff Holiday Let's or any of the listing we manage on behalf of the owners.
We use this data to fulfil our contractual obligation to you. We may collect data from publicly-available sources (such as Land Registry) when you have given your consent to share information or where information is made public as a matter of law. We use this data to check if a landlord is legally permitted to rent their property to us for the use of serviced apartments.
When you interact with us on social media.
We use this data to monitor our customer service performance.
Data use for legitimate interests
We may also process all data that we hold for legitimate interests of the company. This may include the following activities:
Monitoring website performance
Monitoring customer service performance
Monitoring social media performance
Reporting on demand trends within the market to better help plan promotions and rates
Occupancy and revenue reporting
Monitoring corporate client spend and credit
We may use your booking history to offer exclusive discounts
How does Cardiff Holiday Let's Ltd store your data?
Cardiff Holiday Let's Ltd knows how much security matters to all of our customers, therefore, we always treat your data with the utmost care and take all appropriate steps to protect it. We ensure all of our websites are secured using 'https' technology to ensure data in transit is encrypted and secure. Where possible Cardiff Holiday Let's ltd do not store any personal data locally on company premises. All data is stored in our third-party systems and any local copies are immediately destroyed. We have strict data security policies in place that all our staff understand and agree to. This is to ensure that all data is processed and stored correctly and in a secure manner.
Cardiff Holiday Let's ltd ensure all our third-party systems meet the General Data Protection Regulations and are PCI DSS compliant where required, which enforces even stricter rules. Access to these systems is only given to staff members who require it to complete their daily tasks. Each system is secured via a 'https' connection and only accessible via a password-protected portal.
All sensitive data such as payment card details are secured and tokenised outside of the systems our staff can access to ensure they are protected. We regularly monitor our systems for possible vulnerability and attacks, and we carry out penetration testing to identify ways to further strengthen security.
How long do we keep your data?
When we collect or process your personal data we will only keep it for as long as necessary for the purpose for which it was collected. After this retention period, your personal data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for business statistical analysis and planning
Some example retention periods are: Bookings When you make a booking, we will keep any personal data you provide us for ten years so we can comply with our contractual and legal obligations. Online Enquiries When you make an enquiry through Cardiff Holiday Let's website www.roomscardiff.co.uk, we will keep any personal data you provide us whilst we deal with the enquiry. Once the enquiry has been dealt with, all personal information will be deleted, however, we will keep the enquiry messaging for customer service performance monitoring, ensuring that it is non-identifiable.
Who do we share your data with?
Cardiff Holiday Let's ltd will sometimes share your data with trusted third-parties. We have a very strict policy on what information can be shared with third-parties to keep your data safe and to protect your privacy.
We always ensure:
We only provide the information they require to perform their specific services
They may only hold the data we provide for the exact purposes specified in our contract with them
We ensure that they hold your data in a secure manner and that your privacy is protected at all times
If we stop using their services, any data that they may hold will be deleted.
For Example Our security team may be provided with a list of guest names and the apartments they are staying in to ensure they can identify guests whilst on their patrols. We may share information with law enforcement bodies on request and where fraudulent or potentially fraudulent activity is suspected in our premises or systems.
To help fulfil our contractual obligations with you and to help personalise and improve your journey through our websites we currently use the following companies, who will process your personal data as part of their contracts with us:
Where your personal data may be processed
Sometimes we need to share your personal data with third parties outside of the European Economic Area (EEA), such as New Zealand and the USA. If you are based outside of the UK and make a booking we will transfer the personal data that we collect from you to the company in the UK.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-parties outside of the EEA. If we do this, we have procedures in place to ensure that all your data receives the same protection as if it were being processed inside the EEA. If you wish to receive more information about these contracts please contact us using the information at the bottom of this page.
Any transfer of your personal data will follow applicable laws and we will treat all information under the guiding principles of this privacy notice.
The GDPR gives individuals more rights to how companies collect and process their personal data. Under the guidelines you have the following rights:
You should always be informed how personal data will be used at the point of collection
You have the right to request access to any and all personal data that a company holds
You should be able to instruct a company to update and correct any information that they hold on you
You have the right to request a company deletes any personal data that they may hold
You can instruct a company how they can and cannot process your personal data
You have the right to request a copy of all data a company hold on you in an easily usable electronic format
Right to access personal information
Under the new guidelines, you have the right to request a copy of any information Cardiff Holiday Let's Ltd currently holds about you at any time and also to have that information corrected if it is inaccurate. To ask for your information please contact Data protection: Cardiff Holiday Let's Ltd, 311 Wyncliffe Gardens, Cardiff, CF237FA
To ask for your information to be updated please contact a member of the team.
Right to withdraw consent
Whenever you have given us consent to process your personal data, you have the right to change your mind and withdraw that consent at any time.
Where we rely on our legitimate interest
In cases where we are processing your personal data for legitimate business interests, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your data.
You have the right to stop the processing of your data for any and all direct marketing activity through all channels, or selected channels. We must always comply with your request. You can either contact us directly to stop direct marketing or click the unsubscribe button on any marketing email you may receive from us to stop all future marketing campaigns being sent.
Checking your identity
To protect the confidentiality of all personal data we hold, we will ask you to verify your identity before proceeding with any request for information. If you have instructed a third-party to make the request on your behalf, we will ask them to prove they have your permission to do so.
Contacting the regulator
If at any point you feel that your data hasn't been handled correctly, or you are unhappy with any response to requests you have the right to lodge a complaint with the Information Commissioner's Office. You can contact them on 0303 123 1113 or go to www.ico.org.uk/concerns.
If you are based outside of the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country.
We hope that this privacy notice is helpful to understand how and why we process your personal data when using our services. If, however, you have any questions or concerns about the information provided in this notice, or about how we process your data, please feel free to contact us. You can email us or write to us at Data protection:
This is to ensure that experience using the website is the best possible.
You can find out more about the cookies we use by reading our cookie declaration.
What are cookies? Cookies are small files stored in your web browser to help the website interact with you. Without cookies, every time you visit a new page the website thinks you are a new visitor. This would mean for example shopping baskets would empty each time you clicked onto a new page. If you would like to read more about cookies , Wikipedia has a detailed article.
What if I do not want cookies stored on my browser? You can block cookies via your web browser. You can find out specific instructions for your browser via Google. Please note though we provide no guarantee against unexpected results should you choose to block cookies on this website.
What cookies do you store on my browser? Details of the cookies we use on this site are listed below:
CookieMessage - This records the answer you gave regarding accepting our cookies. Without this the cookie notification would pop up every time you went to a new page. Expires in 180 days
PHPSESSID - Allows the website to function correctly such as retaining a shopping basket. Expires when browser shutdown.
Occasionally the way third-party add-ons store cookies change. Because of this the list above may not always contain an exhaustive list of the cookies which are saved. We do regularly audit the cookies stored as a result of visiting our website.