Organisation
The Tollgate Hotel Limited (OTH)
The Street
Bramber
Nr Steyning
West Sussex
BN44 3WE
Company Reg. 01161846

Who This Policy Applies To
This policy applies to:

The Tollgate Hotel Limited
All guests of The Tollgate Hotel and Restaurant
All staff of The Tollgate Hotel and Restaurant

Introduction
OTH gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data. This policy ensures that OTH:

Complies with GDPR/Data Protection laws and follows Good Practice
Protects the rights of all staff and customers
OTH is open about how your data is stored
OTH is protected any risks of Breaches of Confidentiality

Personal Data is information relating to any member of staff or guest and maybe with in either hard or soft copy ie: paper files, electronic communications or records.

Information that We Collect
OTH processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

This can include:
Name
Date of Birth *
Postal Address
Personal/Business Email
Home/Mobile Telephone Numbers
Car Registration Number
Card Payment Information (strictly with PCI DSS Compliance Guidelines)
National Insurance Number *
Bank Details *
Passport Number *
Driver’s License Number *
Special Category Details (ie. health/medical information) *
(* relates to staff members only)

We collect information in various forms ie. Website/online bookings, comment and registration cards, employment CV’s, HR.

How We Use Your Data
OTH takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.  The purposes and reasons for processing your personal data are detailed below:

We collect your personal data in the performance of a contract or to provide a service and to ensure that orders are completed and can be sent out to your preferred address
Competition Entries
Information with regards to offers, OTH news and events which might be of interest
We collect and store your personal data as part of our legal obligation for business accounting, HR and tax purposes (this relates to OTH Staff)
We have a legal obligation to share some of your personal data with the Chartered Accountants handling the payment of staff payroll. (this relates to OTH Staff)
We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests.
In the process of staff job applications

Your Rights
You have the right to access any personal information that OTH processes about you and to request information about:

What personal data we hold about you
The purposes of the processing
The categories of personal data concerned
The recipients to whom the personal data has/will be disclosed
How long we intend to store your data for
If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. OTH uses third parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Third Party Services
Accountancy Services
HR Services
IT Support

Safeguarding Measures
OTH takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

PC screens are not left unattended and are not visible to anyone except to authorised staff with a password protected screen-saver.
Hard copies of any personal data are kept in a lockable cabinet with restricted access to only those members of staff which the data is relevant to.
All PC’s are encrypted with firewalls, anti-virus, malware kept up to date.  PC’s are all password protected.
Personal data is kept securely on the premises once no longer is use and is securely destroyed by Data Shredding Services, Steyning after 5 years.
All archived data is stored with restricted access on the premises.
We do not store any card payments details on our PMS or FOH systems

Transfers Outside the EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. OTH does not transfer or store any personal data outside the EU.

Consequences of Not Providing Your Data
You are not obligated to provide your data to OTH, however as this is information is required for us to provide you with our services, we will not be able to offer some of our services without it.

How Long We Keep Your Data
OTH only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Responsibilities
The Owner/ Company Directors:
M J Sargent – Owner

Data Protection Officers
K McIntyre – General Manager
K Biggs – Accounts Manager

Employers/Guests
All staff and guests are required to read, understand and accept any policies and procedures which relate to the personal data which may be handled whilst at The Tollgate Hotel and Restaurant.

Policy Operational Date : 25th May 2018

Policy Prepared by : K Biggs & K McIntyre

Date Approved by Directors : 25th May 2018

Policy Review Date
This policy is reviewed and updated on a yearly basis to reflect best practice or future amendments made to the GDPR.

Reviewed/Updated : October 2023