live, work, relax in comfort and style
folders with privacy policy and procedures

privacy policy

our commitment

Executive Serviced Apartments ltd. is committed to protecting your privacy and any personal data which you provide to us.

Your trust and confidence are important to us; therefore, we provide information on how we collect, use and share your information. Our collection, use and sharing of your information is only based on your permission or where allowed by law.

Click on the links below to read esa’s privacy policy. Contact us for further information.

Summary

This Privacy Policy describes how we collect, process, share and dispose of your personal data that we hold.

In order for us to provide you with a service such as providing quote information or fulfilling a booking request we need to collect personal data. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We may pass your personal data on to our service providers who are contracted to us in the course of dealing with you. Our contractors are obliged to keep your details securely and use them only to fulfil the service they provide to you on our behalf. If we wish to pass your sensitive personal data onto a third party, we will only do so once we have obtained your consent unless we are legally required to do so.

Who we are

Executive Serviced Apartments ltd. (“we”, “our”, “us”) is the data controller. The company is registered in England and Wales under company registration number 5106196, at the registered office address: Elizabeth House, 13-19 London Road, Newbury, West Berkshire, RG14 1JL.

Data Protection Officer (DPO)

Executive Serviced Apartments ltd. has appointed Dan Creed as our Data Protection Officer, who can be contacted at dataprotection_esa@esa.co.uk

GDPR compliant

Executive Serviced Apartments ltd. Is committed to compliance with its obligations GDPR (General Data Protection Regulation). The steps we have taken include: keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. Please refer to our GDPR Compliance Statement esa for more details.

Collecting your information

Lawful basis for collecting and using your information

In accordance with the GDPR, we are required to identify and evidence the lawful basis by which we collect your personal data

What are the lawful bases for processing?

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever your personal data is processed:

Consent: where we receive your clear consent to process your personal data for a specific purpose, such as collecting your personal data so that we can keep you up to date with our latest news and offers or for marketing information.
Contract: where the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. For example, if you book a stay with us.
Legal obligation: where the processing is necessary for us to comply with the law (not including contractual obligations). An example of this would be that we are required by law to keep records of who is in our properties in case there is an emergency.
Legitimate interests: where the processing is necessary for the legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. An example of this would be to provide you with information based upon a request or enquiry that you have made.
Vital interests: where the processing is necessary to protect someone’s life.
Public task: where the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.

The information we collect

  • Your name
  • Contact information and preference
  • Geographic information such as your postcode
  • Nationality
  • Vehicle registration
  • Your passport or driving license
  • Your organisation and profession
  • Payment details
  • Information about anyone you’re travelling with
  • Next of kin
  • Images of you in areas of our properties that are covered by CCTV
  • More sensitive information, such as any disability information
  • Information supplied on the devices we provide for you to interact with us

When and how we collect your information

In order for us to provide you with a service such as providing quote information or fulfilling a booking request we need to collect personal data. We collect information in several ways both directly and indirectly. This includes when you:

  • Make an enquiry
  • Book a viewing
  • Book a room online, over email or on the phone
  • Complete our Terms and Conditions
  • Refer a friend
  • Request a photo pack
  • Request a maintenance or housekeeping visit
  • Request a call back from one of our team
  • Create, use or manage an online account
  • Sign up to our Newsletter and promotions
  • Visit our website
  • Visit our properties
  • Use our technology devices
  • Access internet at one of our properties
  • Request an upgrade of services such as Sky
  • Interact with us via online forums, by email, text, or on social media
  • Complete guest satisfaction
  • Post reviews of your stay or interaction with us
  • Complete our market research/customer surveys
  • Enter any competitions or promotions

Third parties

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

If you make an enquiry or booking with us through a third party such as an online travel agent or booking platform, the information that we acquire from or about you will be treated as confidential and will not be disclosed, other than in the normal course of performing services on your behalf, unless your consent has been obtained, the information is required by a court of competent jurisdiction or it is already in the public domain.

It may be disclosed to regulatory bodies for the purposes of monitoring and/or to our internal group compliance function for monitoring with any regulatory rules or codes. It will be necessary to verify who you are, through a series of questions, and that you have a right to discuss the details of a specific client before any confidential information can be divulged.

You should always read the privacy policies of third parties that you provide your personal information to, to ensure your information is being treated in accordance with the GDPR.

How we use your personal information

We will process – that means collect, store and use – the information you provide in a manner that is compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances, the law sets the length of time information has to be kept, but in most cases we will use our discretion to ensure that we do not keep records outside of our normal business requirements.

To improve transparency, we have listed below the ways in which we use your personal and the lawful bases that we have determined for processing:

Lawful basis for collection

1) Consent
2) Contract
3) Legal Obligation
4) Legitimate Interests
5) Vital Interests
6) Public Task

Use of personal information Lawful basis for collection
Provide you with information you have requested either as part of an enquiry or a viewing request 2), 4)
Provide you with the products and services you have requested as part of fulfilling your booking request 2), 3)
Verify your identity 2), 3), 5)
Financial services 1), 2), 3)
Send you marketing related services including market research surveys 1), 4)
Providing you with newsletters 1)
Statistical and analytical analysis 3), 4)
Gather feedback from your stay to improve our services 1), 4)
Improve and tailor our services to your preferences 1), 4)
Monitor, review and control the use of our products and services and content 3), 4)
Meet with and comply to legal obligations 3)
Comply with HSE regulations including any accident and incident matters 3)
Improve your safety while you stay with us 2), 3)
Ensure the safety of our properties 2), 3)
Ensure the safety of our colleagues 2), 3)
Monitor relevant cookie information 1)
Respond to service related requests 2), 3), 4)
Inform you of routine or planned service related updates 2), 3), 4)

Acceptable usage

You may only use our website for lawful purposes and not for any activity that breaches any law, either local, national or international, or is in any way abusive or damaging.

If we determine there has been a breach, we may use your personal data to take appropriate actions that could potentially result in legal proceedings and actions against you.

Data Transfers

We will not transfer personal data to a country or territory outside the European Union unless that country or territory ensures an adequate level of protection for the ‘rights and freedoms’ of data subjects in relation to the processing of personal data.

We may transfer your information to companies that carry out data processing for us such as recording consent permissions that you have provided. Processing is carried out on our instruction and under strict terms which are designed to ensure that the processing carried out meets all the requirements of the GDPR.

Consent

Executive Serviced Apartments ltd. understand ‘consent’ to mean that it has been explicitly and freely given, specific, informed and an unambiguous indication of your wishes by you by statement, or by a clear affirmative action, signifying agreement to the processing of your personal data. Your consent for processing data that has been provided with this as the lawful bases for collection can be withdrawn at any time.

We understand ‘consent’ to mean that you have been fully informed of the intended processing and have signified your agreement, while in a fit state of mind to do so and without pressure being exerted upon you. In most instances consent to process personal and sensitive data is obtained routinely by us using standard consent documents such as opt in marketing consent or forms which include non mandatary fields of completion.

Your rights

You have the following rights regarding data processing, and the data that is recorded about you:

  • To make subject access requests regarding the nature of information held and to whom it has been disclosed.
  • To prevent processing likely to cause damage or distress.
  • To prevent processing for purposes of direct marketing.
  • To be informed about the mechanics of automated decision-taking process that will significantly affect you.
  • Not to have significant decisions that will affect you taken solely by automated process.
  • To take action to rectify, block, erase, the right to be forgotten, or destroy inaccurate data.
  • To request the ICO to assess whether any provision of the GDPR has been contravened.
  • The right for your personal data to be provided to you in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller.
  • The right to object to any automated profiling without consent.

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: you withdraw consent to consent-based processing; the processing is for direct marketing purposes. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

You have the right to access any personal data which is held by us in electronic format and manual records which form part of a relevant filing system. All subject access requests need to be made either by way of email to dataprotection_esa@esa.co.uk or in writing to Dan Creed, Executive Serviced Apartments ltd, 13-19 London Road, Newbury, West Berkshire, RG14 1JL.

All requests will be recorded and considered, there may be circumstances such as those described above which require us or allow us to continue processing your data.

Disclosure of data

We will ensure that personal data is not disclosed to unauthorised third parties which includes family members, friends, government bodies, and in certain circumstances, the Police. The GDPR permits certain disclosures of your personal data without consent so long as the information is requested for one or more of the following purposes:

  • to safeguard national security;
  • prevention or detection of crime including the apprehension or prosecution of offenders
  • assessment or collection of tax duty;
  • discharge of regulatory functions (includes health, safety and welfare of persons at work)
  • to prevent serious harm to a third party
  • to protect the vital interests of the individual, this refers to life and death situations

All requests to provide data for one of these reasons must be supported by appropriate paperwork and all such disclosures must be specifically authorised by the Data Protection Officer.

Retention and disposal of data

We will retain your personal data for no longer than it is required or while there is a legitimate business reason for doing so. We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or where necessary for the establishment, exercise or defence of legal claims.

Personal data will be disposed of in a way that protects your “rights and freedoms” as a data subject such as; shredding, disposal as confidential waste or secure electronic deletion.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Complaints

If you wish to complain to Executive Serviced Apartments ltd. about how your personal information has been processed, you may lodge your complaint directly with the Data Protection Officer by means of email to dataprotection_esa@esa.co.uk or in writing to Dan Creed, Executive Serviced Apartments ltd, 13-19 London Road, Newbury, West Berkshire, RG14 1JL.

You are also entitled to raise your complaint directly to the Information Commissioner’s Office ICO at (ico.org.uk)

If you wish to complain about how your complaint has been handled, or appeal against any decision made following a complaint, they may lodge a further complaint to the Data Protection Officer.

Changes to our Privacy Policy

We may make changes this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

useful links

Ready to book? Follow the links below to enquire about our serviced apartments, book a viewing or browse our other locations.

useful links

Ready to book? Follow the links below to enquire about our serviced apartments, book a viewing or browse our other locations.

Make an enquiry enquiryImage

make an enquiry

Make an enquiry enquiryImage

esa locations

Make an enquiry enquiryImage

book a viewing

ASAP TAS EURA

a proud member of

ASAP TAS EURA

© esa serviced apartments 2018