Select Chalets & Hotels Limited is committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR (where applicable), and the Data Protection Act 2018.
1. Data Controller
Select Chalets & Hotels Limited, 30 Church Road, Burgess Hill, West Sussex, RH15 9AE, UK. Company Reg. No. 3440073. Contact our Data Protection Officer at thedataprotectionofficer@selectchalets-hotels.com.
2. Principles We Follow
- Lawfulness, fairness and transparency: we tell you clearly how and why we process your data.
- Purpose limitation: we collect data for specified, explicit and legitimate purposes only.
- Data minimisation: we collect only what is necessary.
- Accuracy: we keep data accurate and up to date.
- Storage limitation: we keep data no longer than necessary.
- Integrity and confidentiality: we use appropriate security measures.
- Accountability: we can demonstrate compliance.
3. Lawful Bases for Processing
- Contract: to fulfil your booking and the services you have purchased.
- Legal obligation: to meet our regulatory, accounting and tax duties.
- Legitimate interests: to operate and improve our business, prevent fraud, and ensure security.
- Consent: for marketing and certain cookies; you may withdraw consent at any time.
4. Your Rights Under GDPR
- Right to be informed about how your data is used.
- Right of access to a copy of your personal data.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) in certain circumstances.
- Right to restrict processing in certain circumstances.
- Right to data portability for data you have provided.
- Right to object to certain processing, including direct marketing.
- Rights related to automated decision-making — we do not carry out solely automated decisions with legal effects.
To exercise any of these rights, email thedataprotectionofficer@selectchalets-hotels.com. We will respond within one month.
5. Data Sharing & International Transfers
We share personal data only with trusted suppliers necessary to deliver your booking, including property managers, transfer providers and payment processors. Where data is transferred outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.
6. Data Retention
We retain personal data only as long as needed for the purposes set out in our Privacy Policy, or as required by law. Financial records are typically kept for 7 years.
7. Security Measures
We use technical and organisational measures including access controls, encryption in transit, secure hosting, and staff training to protect personal data.
8. Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours and, where required, notify you without undue delay.
9. Complaints
If you are unhappy with how we have handled your data, please contact our Data Protection Officer first. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
10. Updates to this Policy
We review this GDPR Policy regularly and will publish any updates on this page.