Gold Diamond D Dalmahoy 2005 Ltd trading as Dalmahoy Hotel and Country Club takes the privacy of our customers and their information very seriously. This policy explains how we use any personal information we collect about you, your rights to access and correct the personal information we hold about you.
1. What personal information do we collect about you?
Dalmahoy collect personal data from you when you make an enquiry, a reservation, purchase a gift voucher, become a member of our golf or leisure club, either in person, over the phone or online.
Dalmahoy also collect data from you when you subscribe to any of our marketing communications, connect using our social media websites, enter our competitions or provide feedback. These may be carried out online, by post, fax, telephone, SMS or in person.
Without limitation, any of the following personal data may be collected:
- Your full name
- Contact information such as email address, landline and/or mobile telephone numbers
- Home address and postcode
- Your credit or debit card details if you are making a payment
- Preferences and interests
- Date of birth
- Dietary requirements, allergies and any physical or medical restrictions
- Vehicle registration
- Passport details (only for guests who reside outside of the UK)
- Your IP address
- Your web browser type and version
- Your operating system
- A list of URLS starting with your referring site, activity on our website, and the website you exit to
- Your cookie information
If you provide Dalmahoy with any personal Data relating to any third party (e.g. information about your spouse, companion, employees or colleagues) for particular purposes, by submitting such information to us, you do so at your own risk having ensured that you have obtained the consent of the third party to provide us with their personal Data for the respective purposes.
2.0 What do Dalmahoy use your Data for?
Dalmahoy use the information collected about you to:
- Reply to your questions and enquiries
- Gather and respond to your feedback
- Process your bookings, reservations and purchases (see 2.1.)
- Keep you updated on our latest news, offers and events (see 2.2)
- Monitor our website and email performance using Cookies (see 2.3)
2.1. Bookings, reservations and purchases
We operate a reservation system through telephone, online and via third parties. This means that any personal Data you have shared with us for booking purposes is available in that system and can be accessed by Dalmahoy.
Any or all of the aforementioned Data may be required by us from time to time in order to provide you with the best possible service and experience. Specifically, Data may be used by us for the following reasons:
- Internal record keeping
- Providing you with confirmation of the services we have provided to you
- Connecting you with third parties that offer services you may require (such as, but not limited to room upgrades via Upsell Guru)
- Connecting you with third-party payment collection company for processing payments
- To pass on to the police and government authorities as requested by them, for example in cases of fraud and theft
- To comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory body which are binding to the hospitality sector
- To notify you of any security or data breaches
We will only contact you via our marketing channels (via email, phone, SMS, social media or post) with news and offers relating to Dalmahoy if you have given us your consent by "opting in" to marketing communications. Consent can be given by, but not limited to, signing up to our newsletter on the website, ticking the box to give your permission whilst making a booking, purchase, enquiry, or checking in to the hotel. Our marketing communications are generally sent by email and include news, offers and events.
You can stop marketing communications at any time by clicking the "UNSUBSCRIBE" link at the bottom of each marketing email. Alternatively, you can email firstname.lastname@example.org to request manual deletion from our mailing list by typing "UNSUBSCRIBE" in the subject.
Please note that due to the nature of our business, we may still be required to contact you from time to time regarding any past, present or future bookings that you have made with us (see 2.1. for details).
If you choose to connect with us via social media websites, such as Facebook, Twitter or Instagram, we may collect your username (which may contain your name and surname) by you “liking” or “following” our page.
Please note that by connecting with us via social media websites you are bound by their own Terms and Conditions and Privacy Policies.
We may set and access cookies on your ‘computer’ (meaning any computer, laptop, tablet, mobile, or other device that the website can be viewed on. For further details on this, please select the following link: https://www.dalmahoyhotelandcountryclub.co.uk/privacy-cookies
- How do we look after your Personal Data?
To ensure that we treat your data with the highest regard and comply with legal requirements, it is our company policy to:
- Ensure all our relevant employees have received training in how to correctly handle Data. Training includes educating them in the importance of the safe and secure handling of Data, and the procedures in place to ensure all Data is handled in this way.
- Anonymise all data collected for third party clients save for payment details where we use third-party payment collecting companies.
- Evaluate our database every 36 months and securely delete any contacts that are either no longer engaged or no longer required by us to meet with the reasoning outlined in 2.1.
- Always adhere to the internal procedures and measures in place to keep any personal Data we hold safe and secure.
4.How do we store your personal information?
To ensure your data is stored safe and legally we use the following trusted third parties:
Property Management System (PMS)
Our properties use the ‘Oracle’ third-party PMS to store all reservation history. Details of Oracle’s policies can be found at: https://www.oracle.com/uk/legal/privacy/index.html
Dalmahoy does not collect or store information regarding children in the process of bookings or reservations for accommodation.
Internet Booking Engine
Our properties use the ‘Avvio’ third-party online Booking Engine (OBE) to take hotel reservations on our website (www.dalmahoyhotelandcountryclub.co.uk). Details of Avvio’s policies can be found at https://www.avvio.com/privacy-policy.html
Golf and Leisure Bookings
Our golf and leisure club uses a software system called Concept to store customer details. GolfNow and Intelligent Golf are both used for online bookings. Details of policies can be found at: https://business.golfnow.com/privacy-policy/, https://www.intelligentgolf.co.uk/privacy
Dalmahoy golf club does have a youth team coach and does provide membership to children under the age of 16. Any information collected about children is done so only with the written consent of a parent, guardian or appointed carer. Access to information regarding children’s membership of personal information is limited. Dalmahoy will never sell, profile or manipulate personal information relating to children under the age of 16 years. Dalmahoy will not send marketing material to children under the age of 16. Children over the age of 16 are permitted to provide consent to opt in or opt out of marketing and have the right to request data you the child have the right to erasure, your requested must be accompanied by a signed consent from the parent, guardian or carer. Children have the same rights under GDPR as adults.
Content Management System (CMS)
Dalmahoy use a bespoke CMS to manage the website (www.dalmahoyhotelandcountryclub.co.uk)
Dalmahoy use the ‘VoucherCart’ third-party system to facilitate all gift voucher purchases. The secure payment system used when purchasing a voucher is Realex Payment Holdings Limited.
The gift voucher system is supplied and managed by Classic British Hotels. Details of their policies can be found at: https://vouchercart.com/.
Virgin Experience Days. Details of their policies can be found at: https://www.virginexperiencedays.co.uk/privacy-security
Email Marketing Application
Dalmahoy use the ‘For-Sight’ application for all email marketing activity. Details of their policies can be found at: https://for-sight.co.uk/privacy-policy/
Online Payments and Credit Card storage
In addition to the Data collected via our website, there are some occasions where we must collect data in person. This information is filed securely at all times with restricted access to keys and passwords
5. Data Sharing
Dalmahoy will never sell your data to a third party for marketing purposes.
If required or deemed necessary, we may on occasions share your data with other organisations in the following way/s:
5.1. To facilitate services and offers
Where we use contracted and trusted third parties to facilitate services and offers, we will share your Data with those parties for that purpose, and that purpose only. This includes the processing and delivery of marketing communications, and any other third-party services engaged to perform payment, business support, operational or administrative function. Third parties are subject to confidentiality obligations. (See 4.0)
5.2 The sale of a property
In the event of the sale of Dalmahoy, where the original remit for the Data remains the same and is relevant, Data provided by you will be transferred to the new owner or controlling party. Should this situation arise, your data will only be shared if the new owner or controlling party strictly adhere to this policy for the permitted use of the Data and the purposes for which it was supplied to you.
5.3. Legal requirement
We may also disclose personal Data as permitted or required by law. For instance, if asked by the police, we may share your personal Data with them for the purposes of prevention and detection of crime.
6.Transaction and Data Security
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organisational security measures are put in place to protect against any unauthorized access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.
- Accessing and amending your Data
You have a right to access a copy of the Data we hold about you. If you would like to do this, please write to us at the address at the bottom of this document and enclose a stamped self-addressed envelope. We will also require the following details in order to verify your identity before we can release the data:
- Full name
- Email address
- Telephone number
- Details of your previous or forthcoming stays with Dalmahoy or your golf and leisure membership details
Upon receipt of your written request and all the details above, we will confirm your request within ten (10) working days and we will endeavour to provide the Data within thirty (30) days.
We want to make sure that your personal Data is kept accurate and up-to-date so you may need to modify or update your Data if your circumstances change. Additional Data as to your marketing preferences may also be stored and changed. You are able to make amendments by contacting us via email at email@example.com with UPDATE in the subject line.
8.Retention of your Data
Your personal Data will be retained for as long as it is necessary to fulfil the purpose for which it is collected; for business or legal purposes, or in accordance with applicable laws.
Should you choose to unsubscribe from our marketing list (see 2.2) please note that your personal Data may still be retained on our database for a minimum of 36 months or to the extent required by UK / EU law.
- Opting Out
You have a right to withdraw your consent of use. If you wish for your data records to be amended, please email: firstname.lastname@example.org with OPT OUT in the subject line. We will no longer send you marketing information, however we will still send you operational information.
9.1. Deleting your Data
You have a right to deletion of your Data. If you wish for your entire data records to be deleted, please email: email@example.com with ERASURE in the subject line.
If you withdraw your consent to any or all use of your personal Data, depending upon the nature of your request, we may not be able to provide or continue providing our products and services to you, or administer any contractual relationship already in place.
Once your erasure request has been processed, Dalmahoy does not have the ability to record that you have been a past customer or contact of the property and therefore there is potential that you could be contacted as part of a promotional campaign.
You understand and agree that in such instances where we require your personal Data to fulfil a contractual obligation to you and you withdraw your consent to collect, use or disclose the relevant personal Data for those purposes, we cannot be held liable for breach of that agreement. Our legal rights and remedies in such event are expressly reserved. We can only delete your data in accordance with applicable laws.
9.2. Transferring your Data
In the case of memberships if you request the transfer of data to other business systems Dalmahoy will work with providers that have systems that will receive electronic transfer of data. In the event that the receiving company is unable to translate the data Dalmahoy cannot be held responsible.
Dalmahoy can only provide a transfer of data with a signed request and proof of identity from you.
This does not apply to the booking of hotel rooms due to the operational nature of the business.
We have CCTV installed in various locations throughout the property. This is for the purposes of prevention and detection of crime and monitoring of staff. The images captured on the CCTV system are overwritten on a rolling 28-day basis.
Only appointed staff within the organisation have access to replay the CCTV footage, which is protected by lock and key.
We may disclose CCTV footage as permitted or required by law. For example, we may share the footage with the Police if requested for the purposes of prevention and detection of crime.
Phishing is the practice of tricking someone into giving confidential information. Examples include falsely claiming to be a legitimate company when sending an e-mail to a user in an attempt to get the user to send private information that will be used for criminal activities such as identity theft and fraud.
We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from us asking you to do so, please ignore it and do not respond. If you are unsure whether an email from us is legitimate, please forward it to firstname.lastname@example.org with your message and the subject line ‘FRAUD’. We will then reply to advise you on the situation.
We will take bookings over the phone. We will give our name and name of our company when we do this. If you are anxious about the phone call, revealing your payment details or do not believe that the person on the other end of the phone is us, we suggest you put the phone down and ring us directly using the telephone number on our website asking for the person you spoke to.
- Links to other websites
- Any Questions?
Gold Diamond D Dalmahoy 2005 Ltd T/A Dalmahoy Hotel and Country Club Kirknewton Edinburgh EH27 8EB
Phone: 0131 333 1845
Company number: FC026317