DATA PRIVACY AND MESSAGING GUIDELINES
These Data Privacy & Messaging Guidelines (the “Guidelines”) set forth the terms and conditions under which Sutton Park provides its service to and for the benefit of its paying guests (hereafter “Guests”). By using the Sutton Park services, the Guest agrees to and accepts the following Guidelines.
These Guidelines form an integral part of the agreement between the Guest and Sutton Park (“the Agreement”) (including Sutton Park’s Terms & Conditions of Booking (the “Ts&Cs”) and must be read in conjunction therewith Except as otherwise provided for herein, the terms and conditions of the Agreement remain unchanged and in full force and effect. If there is conflict between this Guideline and the Ts&Cs, the terms of the Ts&Cs will prevail.
Unless defined otherwise in these Guidelines, capitalised terms have the same meaning as set out in the Agreement.
DATA PRIVACY
Sutton Park shall take reasonable steps to protect personal data (i.e., information that relates to an identified or identifiable natural person) processed in the context of the Agreement against loss and unauthorized access, use, deletion and disclosure; and, as required by applicable laws, process personal data in a manner that ensures appropriate confidentiality and security of the personal data.
The Guest shall provide personal data to Sutton Park only if such disclosure is permitted under applicable laws. Sutton Park shall be a data controller (i.e. determines the purposes and means of the data processing) for any personal data it processes.
To the extent Sutton Park processes personal data that is not guest data in association with the Agreement, such personal data shall be processed by Sutton Park in accordance with the Sutton Park Privacy Statement herewith. Sutton Park warrants that it has, as required by applicable laws, duly and diligently informed (and as required by applicable laws, obtained consents from) its staff members about the processing of their personal data by Sutton Park and the cross-border transfer of their personal data to countries that do not provide for adequate protection of rights of personal data subjects.
Sutton Park shall process personal data that Sutton Park has received from the Guest as part of the Services under the Agreement only so far as necessary to perform the requested reservation services, or as otherwise agreed to between the Parties in writing, in accordance with applicable law, including (if applicable) Directive 95/46/EC and 2002/58/EC (as amended or replaced by subsequent legal acts) on the processing of personal data and the protection of privacy or the EU General Data Protection Regulation or if Guest has obtained explicit consent from the guest to any other use of guest’s personal data.
If Sutton Park will or intends to notify guests or other parties (e.g., competent data protection and/or government authorities) of a data breach (any discovered or suspected incident resulting in accidental, unlawful, or unauthorized destruction of, loss of, alteration of, access to, disclosure of, or use of personal data) involving personal data received by the Sutton Park from the Guest, and the notification will reference Sutton Park, Sutton Park shall first, to the extent permitted by law, provide any draft notification and related correspondence to the Guest and reasonably cooperate with the Guest in finalizing such notification and correspondence and other communication that may follow with the guests or authorities. Guest acknowledges that Sutton Park retains the right to voluntarily inform its users about any such data breach for the avoidance of doubt.
In case the party contracting with Sutton Park is not directly processing personal data of guests under its own control (e.g. as may be applicable in case of chains, property management companies etc.), this Clause 2 shall be read to apply to the Sutton Park ultimately processing the personal data of guests. In such case, either contracting party and/or Guest may be considered the (sole) data controller of any guest data processed in the context of the Agreement.
MESSAGING TOOLS
Sutton Park may from time to time as part of its service to the guest and Guest facilitate the communication between the Sutton Park and the Guest (the “Messaging Service”) using tools provided by Sutton Park. Sutton Park will process communications sent via the Messaging Service (the “Communications”) in accordance with the Sutton Park Privacy Policy. The Guest hereby irrevocably and unconditionally agrees and consents to the processing of Communications by Sutton Park (including any processing, storage, receipt, access, insight and screening of communications by Sutton Park) and states that it has duly and diligently informed (and as required by applicable laws, obtained consent from) the Guest’s employees, agents, representatives, staff members and other individuals of/for/when using the Communication Service for or on the Guest’s behalf (including the processing, receipt, insight, storage, screening and access of such communications by Sutton Park).
PAYMENT CARD SECURITY
To the extent, Sutton Park processes payment card information obtained by any On-line Travel Agency such as Booking.com Expedia etc through the Sutton Park reservation services, Sutton Park is required to comply and to have its service providers comply on an ongoing basis with the requirements, compliance criteria and validation processes set forth in the current Payment Card Industry (PCI) Data Security Standard issued by the major credit card companies.
PRIVACY STATEMENT
First things first – your privacy is important to us. We know that’s the kind of thing all these sorts of notices say, but frankly we mean it. You’ve placed your trust in us by using our services and we value that trust. That means we’re committed to protecting and safeguarding any personal data you give us. We act in your interest and we are transparent about we process your personal data. This privacy statement applies to any kind of information we collect through our platform.
This document describes how we use and process your personal data, hopefully provided in a readable and transparent manner so you can get where we’re coming from without getting bored senseless. Please contact us if you have questions about your personal data, which we’re more than happy to answer
We may amend our Privacy Statement from time to time. If you have any questions about your privacy, please telephone for a copy of our updated Statement to know exactly where you stand. If we make changes to the Privacy Statement which will have an impact on you (for example, if we intend to process your personal data for other purposes than communicated in the past in this Privacy Statement), we will notify you of these changes before the new activities begin.
Sad, but the necessary bit: If you disagree with this Privacy Statement, you should discontinue using our services. If you agree with our Privacy Statement, then you’re all set to book your next visit through us. Let the good times roll!
What kind of personal data does Sutton Park collect?
We can’t help you book the perfect visit without information, so when you use our services there are certain pieces of information we ask for. This is pretty basic stuff – your name, preferred contact details, the names of anybody travelling with you and your payment information. You may decide for yourself to submit special requests for your upcoming Trip (for example, certain preferences). There are also situations in which we receive information about you from others, such as On-line Travel Agents such as Booking.com, Expedia or Trip Adviser to name a few (referred to as OTAs) who automatically collect other information. This is the basic overview of the information we collect, but if you’d like to know more, we go into a lot more detail below.
Why does Sutton Park collect and use your personal data?
The main reason we ask you for personal details is a pretty good one – it’s to help administer your online Reservations and ensure you get the best service possible. We also use your personal data to contact you and to inform you of the latest deals and special offers and other products or services which we believe may be of interest to you. There are other uses too – if you’d like to find out what they are, read on for a more detailed explanation.
How does Sutton Park process communications?
Sutton Park can help you and OTAs exchange information and requests about their services and existing Reservations, directing the communications through the OTAs
What security and retention procedures does Sutton Park put in place to safeguard your personal data?
We observe appropriate and adequate procedures to prevent unauthorized access to, and the misuse of, personal data that we process.
How does The Guest treat personal data of children?
Unless indicated otherwise, this is a service you are only allowed to use if you are over 18 years of age. We only process information about children with the consent of the parents or legal guardians or when the information is provided to use by the parents or legal guardian.
How can you control the personal data you have given to Sutton Park?
You always have the right to review the personal data we keep about you. You can request an overview of your personal data by emailing us at [email protected]. Sutton Park collects and uses information which you provide to us. When you make a Reservation, you are (as a minimum) asked for your name and email address. Depending on the Reservation, we may also ask for your home address, telephone number, payment information, date of birth, the names of any guests travelling with you and any preferences (such as meal preferences and any mobility restrictions) you might have for your Trip.
If you need to get in touch with us or reach out to us through other means (such as through social media or communicating with us by telephone or e-mail) we will collect information from you there too. Guests can also be asked to provide a review to help ensure future guests get exactly what they’re looking for.
Personal data you give us about others.
Of course, you might not simply be making a Reservation for yourself. You may be doing a Trip with other guests whose details you provide as part of the Trip, or you may make a Reservation on behalf of someone else.
At this point we have to point out that it’s your responsibility to ensure that the person or people you have provided personal data about are aware that you’ve done so and have understood and accepted how Sutton Park uses their information (as described in this Privacy Statement).
Personal data we receive from other sources.
It’s not just the things you tell us, though – we may also receive information about you from other sources. These include OTAs and anything we get from them may be combined with information provided by you. When you use OTAs, you provide the reservation details to the OTAs, who then forward your details to us. We also use third party service providers to facilitate payment between Guests and OTAs. These OTAs share payment information so we can administer and handle your Reservation, making sure everything goes as smoothly as possible for you.
OTAs may share information about you with Sutton Park as well – this may happen if you have support questions about your pending reservation, when disputes arise about a Reservation (though naturally we try to ensure that this does not happen)
We use the information collected about you for various purposes. Your personal data may be used in the following ways:
Trip Reservations: First and foremost, we use your personal data to complete and administer your online Trip Reservation, which is pretty central to what we do.
Marketing activities: We may use your information for marketing activities. These activities include using your contact information to send you regular news of travel-related products and services. You can unsubscribe from email marketing communications at any time, just let us know. You can e-mail this to us on [email protected] and we will ensure that your details are removed from our mailing list.
Based on your information, individualised offers may be sent to you on These may be offers that you can book directly with us or on co-branded sites, or other third-party offers or products we think you might find interesting.
Communicating with you: There may be other times when we get in touch, including by email, by post, by phone or by texting you – which method we choose depends on the contact information you’ve previously shared with us. And we process the communications you send to us. There could be a number of reasons for this, including:
Responding to and handling any requests you or your OTA have made. Sutton Park also offers guests and OTAs various means to exchange information, requests, and comments about existing Reservations via the Guest.
If you have not confirmed a Reservation that you have asked Sutton Park to hold for you Sutton Park can contact you with a reminder to continue with your reservation. We believe that this additional service benefits you as it allows you to carry on with a Reservation.
When you use our services, we may send you a questionnaire or invite you to provide a review about your experience with Sutton Park or the OTA.
We may also send you other material related to your Reservation, such as how to contact Sutton Park if you need assistance while you are away, and information that we feel might be useful to you in planning or getting the best out of your Trip
Even if you do not have an upcoming Trip Reservation, we may send you other administrative messages, which may include security alerts.
In order to create a trustworthy environment for you, your fellow travellers, Sutton Park and OTAs , we may use personal data for the detection and prevention of fraud and other illegal or unwanted activities. Similarly, we may use personal data for risk assessment and security purposes, including the authentication of users and reservations. For such purposes, we may have to stop certain reservations or put on hold reservations until we have finished our assessment.
During and after your Trip you book through us, you may be invited to submit a review. We can also enable guests travelling with you or on whose behalf you have booked to provide a review. This invite asks for information about the Sutton Park or Blackpool.
In addition to this, account holders can choose to display a review anonymously. Adding an avatar is also possible. By completing a guest review, you are agreeing that it can be displayed by, for example, the relevant OTA, information page on our websites, on our mobile apps, on our social media accounts and social media apps, or on the online platform of the relevant OTAs business partner’s website for example Trip Advisor. This is to inform other travellers about the quality of the service you used, the destination you have chosen or other experiences you choose to share. This is to help other travellers like you find the right destination and the best accommodation to suit them.
We do not monitor telephone calls.
Finally, in certain cases, we may need to use your information to handle and resolve legal disputes, for regulatory investigations and compliance, to enforce the terms of use of the online reservation service or to comply with lawful requests from law enforcement, such as inappropriate activity via our WIFI
To process your personal data as described above, we rely on the following legal bases:
Performance of a contract: The use of your information may be necessary to perform the contract that you have with us. For example, if you use our services to make an online reservation, we will use your information to carry out our obligation to complete and administer that reservation under the contract that we have with you.
Legitimate interests: We may use your information for our legitimate interests, such as to provide you with the best suitable content of the website, emails and newsletters, to improve and promote our products and services and the content on our website, and for administrative, fraud detection and legal purposes.
Sutton Park relies on the legal basis that the processing of the personal data is necessary for the performance of a contract, specifically to finalise and administer your Trip Reservation. If the required personal data is not provided, Sutton Park cannot finalize the Trip Reservation, nor can we provide customer service. Sutton Park relies on its legitimate commercial business interest to provide its services, to prevent fraud and to improve its services. When using personal data to serve Sutton Park’s or a third party’s legitimate interest, Sutton Park will always balance your rights and interests in the protection of your personal data against the Guest’s rights and interests or those of the third party. Sutton Park relies also where applicable on compliance with legal obligations (such as lawful law enforcement requests). Where needed under applicable law, Sutton Park will assume the Guest’s consent prior to processing personal data for direct marketing purposes, unless notified to the contrary (either by telephone (01253 402648 or e-mail [email protected]).
In certain circumstances, we’ll share your personal data with third parties
The OTA you booked: This one’s pretty crucial for what we do! In order to complete your Reservation, we transfer relevant reservation details to OTA you have booked with. Depending on the Reservation and the OTA, this can include your name, contact details, payment details, the names of the guests travelling with you and any preferences or other information you specified when you made your Reservation. If you have a query about your Trip, we may contact the OTA and ask them to handle your request. Unless payment is made during the booking process via the Sutton Park website, we will receive your credit card details from the OTA for further handling (assuming you’ve provided us with those details during your booking process). In cases of reservation-related disputes, we may provide the OTA with information about the reservation process as needed to handle the dispute. This may include a copy of your reservation confirmation as proof that a Reservation was actually made.
Payment providers and (other) financial institutions: When a chargeback is requested for your Reservation by either you or by the holder of the credit card used to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial institution to handle the chargeback. In order to comply with Data Protection and Money Laundering procedures, and to ensure that all card payments are dealt with securely, all Reservations made via an OTA are handled by EVIIVO.com who are the channel managers for ourselves and many of the OTAs. This may also include a copy of your reservation. We may share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.
Competent authorities: We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our rights or properties.
We work with many OTAs around the world. These OTAs distribute or advertise the Sutton Park’s services. When you make a reservation on one of OTAs websites or apps, certain personal data that you give them such as your name and email address, your address, payment details and other relevant information, will be forwarded to us to finalise and administer your Reservation. If customer service is provided by the OTA, Sutton Park will share details relevant to your reservation with the OTA (as and when needed) in order to provide you with appropriate and efficient support. When you make a reservation through one of the OTAs websites, the OTAs can receive certain parts of your personal data related to the specific reservation such as your name and email address. This is for their own internal purposes (such as analytical purposes) and, if requested by you, for the administration of loyalty programs or marketing.
When you make a reservation on a OTAs website, please also take the time to read their privacy notice if you wish to understand how these OTAs may process your personal data. For fraud detection and prevention purposes and as strictly necessary, we may also exchange information about our users with OTAs. We observe reasonable procedures to prevent unauthorised access to, and the misuse of, personal data.
We use appropriate business systems and procedures to protect and safeguard the personal data you give us. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.
You always have the right to review the personal information we keep about you. You can request an overview of your personal data by emailing us to the email address stated below. Please write ‘Request personal information’ in the subject line of your email to speed things along a bit.
You can also contact us if you believe that the personal information we have for you is incorrect, if you believe that we are no longer entitled to use your personal data, or if you have any other questions about how your personal information is used or about this Privacy Statement. Please telephone us on 01253 402648 or e-mail us at [email protected]