Privacy Policy
This privacy notice tells you what to expect when our organisation collects personal data, and how to contact us should you wish to discuss any aspect of how we handle that data.
Our organisation
Our primary trading company is Modern Hotels (Holdings) Limited, company number 4955, registered in Jersey. There are a number of companies in the group that may process personal data, all of which are Jersey entities unless otherwise noted:
Our travel centre:
• Modern Travel Centre Limited (registered in the UK)
Our lodging houses:
• Granary Apartments Limited
• Ellesmere Apartments Limited
• London and Jersey Investments Limited
• Jabberwocky Trading Limited
Data protection officer
The best means of contact for any query regarding data protection is via email to the Data Protection Officer (“DPO”) dataprotection@themoderngroup.com or by phone on +44 1534 888 822. Although data protection queries to anyone in the company will be forwarded to the DPO by the recipient, a direct email or call to this address or number assures a timely response.
The data we process
We store and process only the data that we need, and we delete it when it’s no longer required: our general retention policy for customer, staff and financial data is to delete or shred it after no more than ten years.
Unless otherwise stated, we don’t pass this data to anyone else and the data is stored on our servers or secure filing areas in Jersey. If you’d like more detail, you’re welcome to get in touch. The primary collections of data we use are as follows.
Customer data
We store and process customer data in order that we can correspond with, and take payments from, our customers. Where customers book directly with us we obtain this information from the customer, though of course if the booking is made through an agent it will be the agent that gives us the data. When we have not done business with you for two years or longer, we will delete your personal data from our computer systems and destroy any paper copies.
We ask all customers for name, address and contact information, along with any requirements for special assistance and/or dietary needs. If you’re not a national of a country in the European Economic Area (EEA) the law also obliges us to record your date of birth and your passport (or other national ID) number.
If you use our health club, we ask for your basic contact details along with relevant health information. The latter is of course essential should you unfortunately be taken ill, and it is stored and used only by the health club team solely for this purpose.
When you book with us we record information about which advertisement you found us from, so we can analyse the performance of our advertising, but we anonymise that data so you can’t be identified from it.
Tenant data
We retain data on the tenants of our lodging houses for the duration of the tenancy. We keep it for no longer than two years after the tenant leaves, and then dispose of it securely. This data also remains in Jersey.
Employee data
We store personal data on our employees so that we can run the company and pay our staff. Please see Applicants and employees, below, for more information on how we deal with this data.
Our email server is in Jersey, and holds all email except that for the health club, for which we use the Gmail service. Google’s general privacy policy is available at https://policies.google.com/privacy.
CCTV data
We have CCTV equipment in our premises in Jersey. This is for crime prevention and security purposes, and access to the recordings is restricted to only a small handful of our staff. Recordings are all stored on a server in Jersey and are over written within 90 days, and we don’t share them except when obliged to do so (e.g. for police investigations).
Phone recordings
We don’t record any inbound or outbound phone calls.
Marketing data
We send customers information about relevant offers and events from time to time, both by post and by email. These mailings are targeted to customers whom we think will be interested, and we don’t do an excessive number.
We also send membership expiry reminders to our health club members.
Exchanging data with other parties
Data processors are third parties who do work on our behalf using personal data we provide to them. They cannot do anything with your personal data unless we instruct them to do so (which includes sharing your data with others), and they must store the data securely and delete it when it is no longer required. We only share data when it’s required.
Our IT systems are managed by an external agency.
As you would expect, the contract between us and our IT support partner contains appropriate clauses regarding information security and data protection, and we carry out regular service reviews.
Reslynx/Guestline
We use Guestline’s Reslynx property management system, which is cloud-based (it runs on Amazon’s platform). You can read Guestline’s data protection statement at https://www.guestline.com/about-us/about-guestline/gdpr.html, and Amazon’s is at https://aws.amazon.com/privacy/.
Travel companies
We pass personal data to travel companies where they need it to provide a service. For example, if we arrange for a coach pickup from the airport we will give the coach company a list of customer names, flight numbers and special assistance requirements.
Travel agents
Where bookings are made through a travel agent we will be provided with basic customer information (name and contact details).
States of Jersey
Where required by law (e.g. for tenants of our lodging houses) we share with the States of Jersey’s Population Office; we also have to send data to other States departments such as the tax office.
Other partners
We also need to exchange data with external agencies from time to time for the normal running of the business: examples are lawyers, accountants, tax advisors and auditors.
Information security
Our IT systems are located in a secure location to which only authorised individuals have access. All our computer systems run up to date anti-virus software, and system updates are applied regularly to protect against potential security problems. All the user login IDs on our systems are restricted so that each user has access only to the data that he or she requires. Also, our “guest” WiFi network is completely separate from the company network, so there’s no risk of unauthorised access in that respect.
Internet interaction
Our Web site
Our Web site doesn’t hold personal data. The back-end system stores standard log information, along with data about how people use our web sites. The information doesn’t identify anyone, and nor do we attempt to find anyone’s identity from the information. If we do ever want to collect personally identifiable information through our web sites we will be open and transparent and will explain what we plan to do with it.
The booking page of the Web site is hosted by Guestline as part of their Roomlynx service; they also take payments on our behalf for online bookings.
Social media
Our Health Club uses Facebook to tell customers about special offers and other events and our HR department uses Facebook to advertise recruitment vacancies. We don’t hold or solicit personal data on social media.
People who email us
We monitor any emails sent to us, including file attachments, for security threats such as phishing scams, viruses or other malicious software. Please note that you have a responsibility to ensure that any email you send us is within the bounds of the law. Please don’t send us sensitive information such as credit or debit card details (particularly the CVV – the three digits on the back of the card) via email.
Contact for data protection purposes
You have a number of rights under the laws of data protection. As we mentioned earlier, please contact the Data Protection Officer by email or phone if you have any queries or concerns. We retain a log of requests that we receive, and we’re generally obliged to respond within a month.
Right of access
You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for.
Right to rectification
We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we’ve done so.
Right to erasure
If you ask us to erase your personal data, we must do so unless there’s a legitimate over-riding reason for us to keep it.
Right to restriction of processing
If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but we can’t do anything else with it until the dispute is resolved. We’ll inform you prior to beginning processing once the restriction has been removed.
Applicants and employees
All of the information you provide during the recruitment process will only be used for the purpose of processing your application, or to fulfil legal or regulatory requirements.
Applications
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.
You may also be asked to provide equal opportunities information, which will be used only to produce and monitor equal opportunities statistics. This is not mandatory information – if you don’t provide it, it won’t affect your application. This information will not be made available to any staff outside our recruitment team in a way that can identify you, and we won’t share it outside the company either.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. The information we ask for is used to assess your suitability for employment: you don’t have to provide what we ask for, but it might affect your application if you don’t.
We may look up applicants’ profiles on social media, though we don’t copy that information or store it on our systems.
Assessments and interviews
We might ask you to participate in assessments and/or interviews, which will generate information (e.g. test results or our own written notes).
If you are unsuccessful following assessment/interview, we may retain your details for up to 12 months following our last contact with you. Our business is seasonal, and it’s not uncommon for someone who doesn’t join to be invited back the next year.
Offers
If we make an offer of employment we will ask you for information so that we can carry out pre-employment checks. We are required to be diligent in our recruitment process – to check your identity, your right to work in the given location, your references, your right to work here, and so on.
During employment
When you join the company we will ask you for some more information, including your bank details (so we can pay you) and emergency contact details (in case we need to contact someone urgently on your behalf). You will also be required from time to time to declare any conflicts of interest, to ensure the company is able to trade lawfully and fairly.
If you join the company pension and/or health care schemes you or we will be required to disclose relevant personal data to the companies that run those schemes.
After employment
If you leave the company, we will retain various data for up to ten years following your leaving date. This includes fitness to work records and references. Data such as your bank details, which we wouldn’t need to store for so long, are disposed of after a year.
Complaints
This privacy notice is designed to be clear and concise, and we are happy to provide any additional information you need: please contact us via email or phone using the contact details above.
Should you have any cause for complaint, please write to us at:
Data Protection
The Modern Group
Brooklyn Street
St. Helier
JE1 4HE
Jersey
If you’re dissatisfied with the way in which your complaint has been handled you may contact your local data protection supervisory authority, or write to our local Information Commissioner:
Office of the Information Commissioner
Brunel House
Old Street
St Helier
JE2 3RG
Jersey