PRIVACY POLICY

This privacy policy tells you how ”F ZEEN RETREATS” use your personal data when you visit our website, when we welcome you as our guest or you otherwise interact with us. In compliant with the General Data Protection Regulation 2018 (GDPR), it also tells you your privacy rights and how the law protects you. When we mention, “we”, “us” or “our” in this privacy policy, we are referring to “F ZEEN RETREATS”.

It is important that you read this privacy policy, together with any other privacy notices we may show you from time to time, so that you are fully aware of how and why we are using your personal data.

This website is not intended for children and we do not knowingly collect data relating to children.

Types of personal data we collect

Personal data, or personal information, means any information about an individual, which can be used to identify that person. It does not include data where the identity has been removed (anonymous data).

We collect a variety of personal information about our guests, customers and visitors to our website.

This personal data falls into these categories:

• Identity Data includes title, gender, first name, maiden name, last name, marital status, date of birth, username or similar identifier and an encrypted version of your login/password. If you interact with us through social media, this may include your social media user name.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Financial Data includes payment card and direct debit/bank account details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, as well as any data which we have added (for example, using analytics and profiling).
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Usage Data includes information about how you use our website, products and services.
• Tracking Data includes information we or others collect about you from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers.
• Marketing and Communications Data includes your preferences in receiving direct marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not ordinarily collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) nor do we collect any information about criminal convictions and offences. The only exceptions to this are: (i) if you provide health data to us as part of a spa booking, we will use this to perform our contract with you, and we need your explicit consent to use your health data as part of that or (ii) you have made the special category data obviously public.

How we collect data

We may collect or receive data in lots of different ways.

You may give us data in person when you are a guest at one of our hotels, for example when you:

• check-in and check-out;
• make use of our accommodation, facilities and services;
• make use of our concierge services;
• attend our events;
• enter a competition, promotion or survey;
• complete a contact details card; and/or
• give us your business card.

You may give us data remotely when you interact with us via this website, by post, phone or email, or through chat or social media, for example, when you:

• sign up to receive our newsletter or other direct marketing;
• make enquiries or request information, or correspond with us generally;
• create an account on our website;
• book accommodation, hospitality, spa treatments or services;
• engage with us on social media;
• enter a competition, promotion or survey;
• leave comments or reviews; and/or

We may get some data automatically, for example, we could collect data about your equipment, browsing or the way you use this website. We may also collect data when you click on one of our adverts (including the ones you see on third party websites or social media). The systems we use for guest management may also collect data automatically to help create a guest profile, which in turn gives us a better understanding of how we can improve your experience with us.

We may get some data from third parties as part of the booking process for our accommodation, hospitality, spa treatments or services at our hotels. For example, when you:

• use third party booking services for accommodation, restaurants, hospitality, spa treatments or other services; and/or
• are our guest as part of a group or corporate booking.

We may receive data about you from various other types of third parties, including:

• from technology partners who help us run our website and mailing list sign-ups;
• from providers of payment and fraud prevention services;
• from analytics providers, advertising networks and search information providers;
• from data partners;
• from feedback and review partners;
• from publicly available sources;
• from social media, where privacy settings are set to public;
• from third parties to whom you have given permission to share your data with us; and/or
• from any third parties who are permitted by law to share your personal data with us.

How and why we use your personal data

We use your personal information in a number of ways, including providing and personalizing the services you request and expect from us, to offer you a high level of hospitality, conduct direct marketing and sales promotions and as set forth below in more detail. We will collect your consent prior to processing your data where required by applicable law.

We are obligated to collect certain data, including your name, address, payment information, and, in certain countries, travel document information, in order to process your reservation. Failure to provide this information will result in our inability to process your reservation. We may use your personal information to provide you with information about meeting and event planning. We may use your personal information to provide or offer you newsletters, promotions and featured specials, as well as other marketing messages in accordance with any communications preferences you have expressed. We use your information to provide in-stay messaging, account alerts, and reservation confirmations and to send you marketing messages. We may provide these communications via email, postal mail, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app messaging, and other means. We may also collect information from your payment card, which can be appended to personal information and used by us to recognize what type of card you have, the bank or network of the card, and present and/or send you targeted marketing messages based on your payment method and in accordance with your communication preferences. We may use your personal information to improve our services and to ensure that our site, products, and services are of interest to you. We may aggregate your personal information with data from third-party sources for purposes of keeping information up to date and analytics. We also rely on information from third parties in order to provide better, more personalized service. For example, if you connect your social media services or other accounts to our services, we may use this information to make your experiences with us more personal and social, or share and use it as described elsewhere in this Statement.

We may process your personal data for more than one legal basis depending on how we are using it. Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regards and take account of these rights.

If you choose not to give us your personal data

When you make a booking with us for accommodation, hospitality, spa treatments or other services, we may need to collect some of your personal data by law, or under the terms of a contract we have with you. This means that if you decide not to give us your data, we might not be able to provide the service, and may have to cancel your booking or gift shop purchase. We will let you know if this is the case at the time, so you can decide what you’d like to do.

Explaining the legal bases for using personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you. For example, when you make a booking at one of our hotels, that’s a contract.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening as part of the check-out process or take steps to keep our website secure.
• Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.

When we are considering legitimate interests, we make sure we think about and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Unless it is necessary for a reason allowable in the GDPR, we will always obtain explicit consent from a data subject to collect and process their data. Where consent is given, a record will be kept documenting how and when consent was given. If the personal data is not obtained directly from the data subject, then this information will be provided to the data subject within a reasonable period after the data are obtained. Where the personal data collected and processed is required to fulfill a contract with the data subject, explicit consent is not required. This will often be the case where the contract cannot be completed without the personal data in question e.g. a dining or room reservation cannot be made without a name, email address and credit card details.

If the personal data is required to be collected and processed to comply with the law, then explicit consent is not required.

Sharing your personal data

We may share your personal data with the third parties set out below for the purposes set out in this privacy policy. We may also share your personal data if the law otherwise permits or requires it.

We may share personal data with the following categories of third parties:

• suppliers and service providers (such as outsourced service providers for administration and hotel management (e.g. booking and reservation systems, customer relationship management systems), technology and media services providers, payment processing and fraud prevention providers, fulfillment partners for the gift shop)
• auditors and professional advisers like bankers, lawyers, accountants and insurers and
• Government, regulators and law enforcement.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not share your personal data outside Europe.