Generator Hostels Ltd
Last Updated: 1st August 2022
Generator Hostels Ltd and its affiliates, subsidiaries and related entities (“Generator”, “we”, “us”, “our”) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you”, “your”).
The purpose of this privacy notice is to explain what personal data we collect about you when you book with us, stay at or visit one of our hostels or other premises, use our services, contact us or where we otherwise have a relationship with you. When we do this, we are the data controller, registered in the UK with the Information Commissioner’s Office (“ICO”), registration number ZA071136.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at firstname.lastname@example.org.
PERSONAL DATA WE COLLECT
The personal data we collect depends on the nature of our relationship with you, as set out below.
WHEN YOU BOOK TO STAY WITH US
When you make a reservation, are booked to stay with us, or check-in at one of our hostels or other premises, we will collect the following personal data:
- Telephone Numbers (including mobile number)
- Email Address
- Date of Birth
- Identification Documents & Details (e.g., your passport information)
- Bank/Payment Details (when you make a payment)
- Travel Destination(s)
- Dates of Arrival and Departure
Sometimes we may collect more sensitive personal data about you, such as information about disabilities or medical conditions, if you need us to make special arrangements for your stay or visit.
We collect personal data when you provide it to us or where someone provides it on your behalf, such as where you book through an agent or are included as part of a group booking.
Personal data is collected at the time a booking is made and during guest registration, upon check-in at one of our premises.
WHEN YOU USE GUEST WI-FI AT ONE OF OUR PREMISES
If you sign up to use the guest wi-fi available at our premises, we will collect your name and email address.
IF YOU ARE A SUPPLIER OR OTHER BUSINESS CONTACT
We collect information about individuals working for current, former and potential suppliers, vendors, contractors and partners.
The personal data we collect typically includes your name, the name of your employer, your work contact details and any other personal information you provide to us during our relationship.
VISITORS TO OUR WEBSITE AND PERSONS MAKING CONTACT
When you contact us by telephone, using the contact details on our website or via our social media channels, we collect the personal data you provide to us. This typically includes your name, your contact details and any additional personal data you include in your message.
COOKIES, ANALYTICS & SOCIAL LINKS
To learn more about cookies and web beacons we use, and what you can do to opt out of receiving them, please view our Cookies Policy.
The Generator website uses Google Analytics in order to better understand our users’ needs and to optimise their experience on our website. These tools help us understand things like how much time visitors spend on which page, which links they choose to click and what they do and don’t like about the site.
Our website also includes social media sharing buttons and links to enable you to share our content through your preferred social media site or by email direct from one of our web pages. These features may collect your IP address and the page you are visiting on our website and may set a cookie on your device. When you use one of these buttons or links, you are sharing information to another website or service (such as Twitter or Facebook) and this privacy notice will no longer apply. Please read the privacy notices provided by the particular social media website you are sharing through before posting any personal data using these links.
PURPOSES FOR WHICH WE USE PERSONAL DATA AND THE LEGAL BASIS
When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:
- Responding to correspondence from you: If you contact us with a general enquiry, we will respond to your enquiry because it is in our legitimate interest to respond to you or your request for information. If you contact us by telephone, we may record the call. It is in our legitimate interest to record telephone calls for the purposes of training, dispute resolution and improving our services.
- Booking and guest administration, including making and amending room bookings and preparing for your arrival and departure: This is necessary for the performance of the agreement to which you are a party.
- Taking payment for your booking by collecting, processing and storing payment and payment card information: This is necessary for the performance of the agreement to which you are a party.
- Making accessibility or other arrangements for your stay, if you or somebody travelling with you has notified us of a disability or other medical issue: It is our legitimate interest to make the stay for every guest as comfortable as possible and to treat all guests in accordance with their needs.
- Guest registration upon arrival: This is necessary to comply with legal obligations to which we are subject. Where we collect additional information, we will do so because it is in our legitimate interest to understand more about our guests for the purpose of improving our services and developing our business.
- Providing specific services requested by guests, including making arrangements on your behalf or providing guest services to you when you stay at one of our hostels or other premises. This includes providing guest wireless access: It is in our legitimate interests to use your personal data to provide the services you have requested and to ensure your needs are met. When processing sensitive personal data, we do so with your explicit consent. This consent may be withdrawn at any time by emailing email@example.com.
- Customer services, including communicating with you about your stay prior to arrival, managing complaints or other issues during your stay, and requesting feedback following departure: It is in our legitimate interest to ensure you have all the information you might need before your stay, to manage any complaints you might have and to ask you for feedback after you have stayed with us.
- Ensuring the security and safety of our guests, employees and our premises by operating CCTV and security monitoring at our hostels and other premises and meeting our health and safety obligations: It is in our legitimate interest to ensure the security of our guests, employees, premises and business assets. We are also under a legal obligation to ensure the health and safety of individuals on our premises.
- Communicating with you for the purposes of marketing, including contacting you with information about our destinations, services, offers and news and related information, by email, telephone or mail. When you book with us, discuss a potential booking with us or register as a guest with us, we will subscribe you for marketing communications unless you have specifically asked not to be contacted at the point at which we have collected your personal data. Where this applies you will have the opportunity to opt-out of marketing in all subsequent marketing communications we send to you: If you subscribe for marketing communications by opting in at any stage after making your booking, by signing up to our newsletter or to receive offers or event information, or by signing up to use guest wireless at one of our premises, we will send you marketing communications with your consent. You can tell us to stop sending you marketing information at any time by objecting or withdrawing your consent. You can do so by contacting us at firstname.lastname@example.org or by using the “Unsubscribe” link in any marketing email you receive from us.
- Internal management, administrative and organisational purposes, including maintaining internal records and carrying out other business administration tasks: It is in our legitimate interest to process your personal data to manage our business processes.
- Sharing data with other group entities, including guest information required for the purposes of bookings and for administrative purposes: Sharing booking information with our group entities, hostels and other premises is necessary for the performance of the agreement to which you are a party.
- Improving our website and your visitor experience by using cookies, web beacons and website analytics tools: It is in our legitimate interest to use the data collected using these technologies to present content to you in the most effective manner for you and your computer, to improve our website and keep it secure. You can learn more in our Cookies Policy.
- To meet our legal obligations, including any laws or regulations which apply to us: This is necessary to comply with legal obligations to which we are subject in the countries in which we operate hostels or other premises.
Where personal data is processed because it is necessary for the performance of an agreement to which you are a party, we will be unable to provide our services without the required information.
SHARING YOUR DATA
Generator will share your personal data with entities within our group, including those in countries outside the UK and European Economic Area (the 27 EU member states plus Norway, Iceland and Liechtenstein) (“EEA”).
We will also share your personal data with trusted third parties who provide us with services relevant to our provision of services to you. This includes our professional advisers, IT service providers, cloud software provider, and other suppliers and sub-contractors.
All such third parties are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Our service providers may process your personal data outside the UK and EEA.
Where we transfer personal data to countries outside the UK or EEA, we will only do so where the country we are transferring your data to is recognised by the UK or the European Commission as providing adequate data protection standards, or other appropriate safeguards are in place to ensure protection of your personal data. Appropriate safeguards include the UK International Data Transfer Agreement (“IDTA”) or the EU Standard Contractual Clauses (“SCCs”) with supplementary measures (where appropriate).
It is possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order or with government or law enforcement agencies.
HOW LONG WE KEEP YOUR DATA
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
For more information on our specific retention periods for your personal data, please contact us at email@example.com.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
HOW WE PROTECT YOUR DATA
We implement appropriate technical and organisational measures to protect the personal data we process from unauthorised disclosure, use, alteration or destruction. These measures include internal policies, training, using cryptography where appropriate and implementing least privilege access control.
When collecting payment card information from you we will only collect the minimum information we need for the purposes of confirming or paying for your booking.
YOUR RIGHTS AND OPTIONS
- You have the following rights in respect of your personal data:
- You have the right of access to your personal data and can request copies of it and information about our processing of it.
- If the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to it.
- Where we are using your personal data with your consent, you can withdraw your consent at any time.
- Where we are using your personal because it is in our legitimate interests to do so, you can object to us using it this way.
- Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
- You can ask us to restrict the use of your personal data if:
1) It is not accurate.
2) It has been used unlawfully but you do not want us to delete it.
3) We do not need it any-more, but you want us to keep it for use in legal claims; or
4) if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
- In some circumstances you can compel us to erase your personal data and request a machine-readable copy of your personal data to transfer to another service provider.
- You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, please contact us at firstname.lastname@example.org.
You can also lodge a complaint in the UK with the ICO by visiting their website here.
If you have any questions, or wish to exercise any of your rights, please write to us at:
FAO Data Protection Officer
Generator Hostels Limited
27-29 Glasshouse Street
London, United Kingdom
Alternatively, you can email us at email@example.com.
For additional provisions applicable to processing the personal data of California residents, please see Appendix A below.
CHANGES TO THIS PRIVACY NOTICE
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.
Last modified 01.08.2022 You can be provided previous versions of this notice by emailing firstname.lastname@example.org.