Privacy Policy

NEW PRIVACY POLICY TO BE UPLOADED ON 01/09/2025

-------------------------------------------------------------------

WEBSITE PRIVACY POLICY

This web site is owned and operated by South Coast Inns Ltd and will be referred to as "We", "our" and "us" in this Internet Privacy Policy. By using this site, you agree to the Internet Privacy Policy of this web site ("the web site"), which is set out on this web site page. The Internet Privacy Policy relates to the collection and use of personal information you may supply to us through your conduct on the web site.

We reserve the right, at our discretion, to modify or remove portions of this Internet Privacy Policy at any time. This Internet Privacy Policy is in addition to any other terms and conditions applicable to the web site. We do not make any representations about third party web sites that may be linked to the web site.

We recognise the importance of protecting the privacy of information collected about visitors to our web site, in particular information that is capable of identifying an individual ("personal information"). This Internet Privacy Policy governs the manner in which your personal information, obtained through the web site, will be dealt with. This Internet Privacy Policy should be reviewed periodically so that you are updated on any changes. We welcome your comments and feedback.

Follow this link for our updated GDPR Policy. If you have any questions regarding the policy, please contact comments@southcoastinns.co.uk.

Personal Information

1. Personal information about visitors to our site is collected only when knowingly and voluntarily submitted. For example, we may need to collect such information to provide you with further services or to answer or forward any requests or enquiries. It is our intention that this policy will protect your personal information from being dealt with in any way that is inconsistent with applicable privacy laws in the United Kingdom.

Use of Information

2. Personal information that visitors submit to our site is used only for the purpose for which it is submitted or for such other secondary purposes that are related to the primary purpose, unless we disclose other uses in this Internet Privacy Policy or at the time of collection. Copies of correspondence sent from the web site, that may contain personal information, are stored as archives for record-keeping and back-up purposes only.
3. South Coast Inns Ltd is a registered data controller under the Data Protection Act 1998. Any personal information collect will be used in accordance with the Data Protection Act 1998 and any other laws that may be applicable.

Collecting information on Registered members

4. As part of registering with us, we collect personal information about you in order for you to take full advantage of our services. To do this it may be necessary for you to provide additional information to us as detailed below.
5. Registration Registration is completely optional. Registration may include submitting your name, email address, address, telephone numbers, option on receiving updates and promotional material and other information. You may access this information at any time by logging in and going to your account.

Credit Card Details

6. Credit Card details are only stored for the processing of payment and will be deleted once payment is processed.

Disclosure

7. Apart from where you have consented or disclosure is necessary to achieve the purpose for which it was submitted, personal information may be disclosed in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities. Also, we may disclose personal information when we believe in good faith that the law requires disclosure.
8. We may engage third parties to provide you with goods or services on our behalf. In that circumstance, we may disclose your personal information to those third parties in order to meet your request for goods or services.

Security

9. We strive to ensure the security, integrity and privacy of personal information submitted to our sites, and we review and update our security measures in light of current technologies. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure.
10. However, we will endeavour to take all reasonable steps to protect the personal information you may transmit to us or from our online products and services. Once we do receive your transmission, we will also make our best efforts to ensure its security on our systems.
11. In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us. However, we will not be held responsible for events arising from unauthorised access to your personal information.

Collecting Information for Users

2. IP Addresses

Our web servers gather your IP address to assist with the diagnosis of problems or support issues with our services. Again, information is gathered in aggregate only and cannot be traced to an individual user.

3. Cookies and Applets

We use cookies to provide you with a better experience. These cookies and allow us to increase your security by storing your session ID and a way of monitoring single user access. This aggregate, non-personal information is collated and provided to us to assist in analysing the usage of the site.

Access to Information

4. We will endeavour to take all reasonable steps to keep secure any information which we hold about you, and to keep this information accurate and up to date. If, at any time, you discover that information held about you is incorrect, you may contact us to have the information corrected.
5. In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.

Links to other sites

6. We provide links to Web sites outside of our web sites, as well as to third party Web sites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that Web site and its privacy statement.

Problems or questions

7. If we become aware of any ongoing concerns or problems with our web sites, we will take these issues seriously and work to address these concerns. If you have any further queries relating to our Privacy Policy, or you have a problem or complaint, please contact us.

Further Privacy Information

For more information about privacy issues in the UK and protecting your privacy, visit the Information Commissioner's Office web site; http://www.ico.gov.uk/

 

 

PRIVACY POLICY TO BE ACTIVE FROM 01/09/25

 

Privacy Policy (2025) Updated

Privacy Policy – South Coast Inns

Effective Date: 01/09/2025

South Coast Inns (“we”, “our”, “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, book accommodation, dine with us, or attend one of our events.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant UK data protection laws.

1. Information We Collect

We may collect and process the following types of personal data:

• Identity Data: name, title, date of birth, gender.
• Contact Data: address, email address, telephone number.
• Booking Data: reservation details, stay dates, special requests (dietary, mobility, or accessibility needs).
• Payment Data: cardholder details (processed securely via payment providers).
• Marketing Preferences: your choices about receiving promotional communications.
• CCTV Data: video recordings in public areas of our hotels for safety and security.
• WiFi Usage Data: device identifiers and connection details when using our guest WiFi service.
• Event Data: information provided when booking weddings, conferences, or private functions.
• Employment Data: information you provide if applying for a job with us.

2. Legal Basis & Purpose of Processing

We only collect and use your personal data where we have a lawful basis under the UK GDPR:

1. Managing Bookings & Accommodation – Contract
2. Restaurant, Bar & Events – Contract
3. Payment Processing & Fraud Prevention – Legitimate Interests
4. Legal & Regulatory Compliance – Legal Obligation
5. Marketing & Promotions – Consent
6. Loyalty & Membership Programs – Consent and/or Contract
7. Guest Feedback & Service Improvement – Legitimate Interests
8. Safety & Security (CCTV) – Legitimate Interests
9. WiFi & IT Services – Legitimate Interests

3. Data Retention & Minimization

• Guest booking records: kept up to 7 years for legal/tax purposes.
• Payment details: stored only until the transaction is complete, unless regulations require longer.
• CCTV footage: retained for up to 30 days unless needed for an investigation.
• Marketing data: kept until you unsubscribe or withdraw consent.
• Event booking data: retained for up to 3 years.
• Job applications: kept for 6 months unless you are employed.

We collect only the minimum data necessary and delete or anonymise data when no longer required.

4. Your Rights

Under UK data protection law, you have the right to:

• Access your personal data.
• Request corrections if inaccurate.
• Request erasure (“right to be forgotten”).
• Restrict how your data is processed.
• Object to processing (especially marketing).
• Request data portability.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the ICO (www.ico.org.uk).

5. Data Security

We use appropriate technical and organisational measures to protect your data, including encryption, access controls, staff training, and secure storage.

6. Data Breach Response

In the event of a personal data breach:

• We will investigate and contain it immediately.
• We will assess the risk and, if necessary, notify the ICO within 72 hours.
• If your data is affected, we will inform you promptly and advise on protective steps.
• All breaches are logged in our internal Data Breach Register.

7. Sharing Your Data

We do not sell your personal data. We may share it only with:

• Payment service providers.
• Booking platforms or travel agencies you use.
• IT and system providers who support our services.
• Regulatory authorities where required by law.

All third parties are contractually required to protect your data.

8. Cookies & Tracking

Our website uses cookies to improve functionality, personalise your experience, and analyse website traffic.

• Essential cookies: required for the site to function.

Privacy by Design & Default / Data Protection Impact Assessments (DPIA)

At South Coast Inns, we are committed to embedding data protection principles into the way we design and deliver our services. We follow the approach of Privacy by Design and by Default, meaning that we consider data protection and security at every stage of our operations.

Privacy by Design & Default

• We only collect the personal data necessary for the purpose it was obtained.
• Wherever possible, we use anonymisation or pseudonymisation to reduce risks.
• Access to personal data is restricted to staff who need it to perform their duties.
• New systems, processes, or technologies are assessed for their privacy impact before implementation.
• Guest data is handled in line with the principle of “minimum necessary data,” reducing unnecessary collection or retention.

Data Protection Impact Assessments (DPIAs)

Where data processing is likely to result in a high risk to the rights and freedoms of individuals, we carry out a Data Protection Impact Assessment (DPIA). This includes, for example:

• The introduction of new booking, CRM, or payment platforms.
• The use of CCTV or other monitoring technologies.
• The collection of sensitive guest information (e.g., health, accessibility, or dietary needs).
• The rollout of new WiFi or digital services that may capture personal usage data.

Each DPIA assesses:

1. The purpose and necessity of the processing.
2. The potential risks to individuals’ privacy.
3. Measures to mitigate those risks, such as stronger security, reduced retention, or additional staff training.

South Coast Inns – Legal Basis & Purpose of Processing

At South Coast Inns, we only use your personal data where we have a lawful basis under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. The main purposes and legal bases for processing are as follows:

1. Managing Bookings & Providing Accommodation

• Purpose: To process reservations, check you in and out, provide rooms, and manage your stay (including any special requests such as dietary, mobility, or accessibility needs).
• Legal Basis: Contract – processing is necessary to perform our contract with you.

2. Restaurant, Bar & Event Services

• Purpose: To handle table reservations, event bookings, and catering requirements.
• Legal Basis: Contract – necessary for delivering the services you request.

3. Payment Processing & Fraud Prevention

• Purpose: To securely process payments, verify transactions, and prevent fraud or unauthorised activity.
• Legal Basis: Legitimate Interests – to protect our business and guests.

4. Legal & Regulatory Obligations

• Purpose: To meet our responsibilities under financial, tax, immigration, and health & safety laws. For example, we may be required to record guest details for local authority compliance.
• Legal Basis: Legal Obligation – required by law.

5. Marketing & Promotions

• Purpose: To send you updates, offers, and promotions about our hotels, restaurants, and events.
• Legal Basis: Consent – you will only receive marketing where you have opted in, and you may withdraw consent at any time.

6. Loyalty & Membership Programs (if applicable)

• Purpose: To manage participation in loyalty schemes, track stays, and offer personalised rewards.
• Legal Basis: Consent and/or Contract – depending on how you sign up.

7. Guest Feedback & Service Improvement

• Purpose: To request feedback on your experience, analyse guest satisfaction, and improve our services and website.
• Legal Basis: Legitimate Interests – to monitor and improve the quality of our services.

8. Safety & Security (including CCTV)

• Purpose: To ensure the safety of guests, staff, and property by operating CCTV in public areas of our premises.
• Legal Basis: Legitimate Interests – to protect individuals, prevent crime, and ensure security.

9. WiFi & IT Services

• Purpose: To provide you with access to WiFi and other digital services while you are on our premises.
• Legal Basis: Legitimate Interests – to provide a reliable and secure digital service.

 

As a guest, customer, or website visitor, you have rights over how your personal data is used. Under the UK GDPR and Data Protection Act 2018, you have the following rights:

1. Right of Access

You have the right to request a copy of the personal data we hold about you, together with information about how we use it.

2. Right to Rectification

If any of the information we hold about you is inaccurate or incomplete, you may ask us to correct or update it.

3. Right to Erasure (“Right to be Forgotten”)

You may request that we delete your personal data where there is no longer a lawful reason for us to keep it (for example, marketing data where you have withdrawn consent).

4. Right to Restrict Processing

You may ask us to limit the way we use your data in certain circumstances, such as while we are considering a request for correction or objection.

5. Right to Object

You have the right to object to the processing of your data where we rely on Legitimate Interests (e.g., CCTV or service improvement) or where we use your data for direct marketing.

6. Right to Data Portability

Where we process your data based on consent or contract, you may request that we provide your information in a structured, commonly used, and machine-readable format so it can be transferred to another organisation.

7. Right to Withdraw Consent

Where we rely on your consent (for example, for marketing communications), you may withdraw this at any time by clicking “unsubscribe” in our emails or contacting us directly.

8. Right to Lodge a Complaint

If you are unhappy with how we handle your data, you may contact us first so we can resolve the issue. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection, at www.ico.org.uk.

 

How to Contact Our Data Protection Lead

If you have any questions or concerns about how your data is handled, please contact:

South Coast Inns – Data Protection Lead
📧 CHRISTOPHER@SOUTHCOASTINNS.CO.UK

📬 THE OFFICES, AVENALS FARM, WATER LANE, ANGMERING, WEST SUSSEX, BN16 4EP
📞 01903 856744

If you are based outside the UK and wish to exercise your rights under UK GDPR, you may also contact our designated UK representative at the same details above.

 

Data Retention & Minimization

We only collect the personal data that is necessary for the purposes outlined in this Privacy Policy, and we keep it only for as long as needed to fulfil those purposes, comply with legal obligations, or resolve disputes.

Retention Periods

• Guest booking records (including contact details and stay information): Retained for up to 7 years after your stay to meet tax, accounting, and legal record-keeping obligations.
• Payment details: Stored securely during the booking process and deleted once the transaction is complete, except where financial regulations require limited retention.
• CCTV recordings: Retained for up to 30 days, unless required for investigation of an incident, in which case they may be held longer until the matter is resolved.
• Marketing data (email addresses and preferences): Retained until you withdraw consent or unsubscribe, after which your details are removed from our marketing lists within a reasonable period.
• Event and function records (e.g., weddings, conferences): Retained for up to 3 years after the event to handle any queries or complaints.
• Job applications (where applicable): Retained for up to 6 months unless you become an employee, in which case your data is handled under our staff privacy policy.

Data Minimization

• We will never collect more personal data than we need for the purpose it is collected.
• Where possible, we use anonymised or aggregated data (for example, for statistical reporting).
• Access to personal data is limited to staff who need it to perform their job role.
• We regularly review our data storage and securely delete or anonymise data that is no longer required.

 

Data Breach Response

We take the security of your personal data very seriously. While we have appropriate technical and organisational measures in place to protect your information, if a personal data breach does occur, we follow the steps required under the UK GDPR and Data Protection Act 2018.

Our Breach Response Process

1. Identification & Containment
• Any suspected or actual breach is reported immediately to our Data Protection Lead.
• Steps are taken to contain the breach and prevent further unauthorised access.
2. Assessment
• We investigate the nature and scope of the breach, including what data was involved, who was affected, and the potential impact.
3. Notification
• If the breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it.
• Where required, we will also inform affected individuals without undue delay, explaining what happened, what information was involved, and what steps they can take to protect themselves.
4. Remediation
• We take corrective measures to reduce the risk of recurrence, such as reviewing processes, enhancing security, or providing staff training.
5. Record Keeping
• All breaches, whether notifiable or not, are documented in our internal Data Breach Register, including details of the incident, impact, and actions taken.

Accountability & Documentation

South Coast Inns takes its obligations under the UK GDPR and Data Protection Act 2018 seriously. We apply the principle of accountability, meaning we are responsible for, and able to demonstrate, compliance with data protection laws.

How We Ensure Accountability

1. Records of Processing Activities (RoPA)
• We maintain internal records describing what personal data we process, for what purpose, the legal basis, who it is shared with, and how long it is kept.
2. Policies & Procedures
• We have documented policies covering data protection, information security, staff training, and breach response procedures.
3. Data Protection by Design & Default
• We build privacy safeguards into our systems and processes, ensuring that we only collect the minimum data required for each purpose.
4. Data Protection Impact Assessments (DPIAs)
• Where processing may pose a high risk to individuals’ rights and freedoms (e.g., CCTV, new IT systems, or large-scale guest profiling), we carry out DPIAs to assess and reduce risks.
5. Staff Training & Awareness
• All staff handling personal data receive training on GDPR requirements, confidentiality, and secure data handling practices.
6. Contracts with Third Parties
• We ensure that all service providers (such as booking platforms, IT support, and payment processors) sign contracts requiring them to handle personal data securely and in compliance with the law.
7. Regular Reviews & Audits
• We review our data protection practices regularly and update policies, retention schedules, and security measures where needed.

Data Protection Officer / Representative

South Coast Inns has appointed a Data Protection Lead to oversee our compliance with data protection laws. While we are not legally required to appoint a formal Data Protection Officer (DPO), we recognise the importance of having a dedicated contact for privacy matters.

Responsibilities

Our Data Protection Lead is responsible for:

• Monitoring compliance with the UK GDPR and Data Protection Act 2018.
• Acting as the first point of contact for individuals exercising their data rights.
• Coordinating responses to data protection queries or complaints.
• Overseeing staff training and awareness on data protection.
• Liaising with the UK Information Commissioner’s Office (ICO) where necessary.

How to Contact Our Data Protection Lead

If you have any questions or concerns about how your data is handled, please contact:

South Coast Inns – Data Protection Lead
📧 CHRISTOPHER@SOUTHCOASTINNS.CO.UK

📬 THE OFFICES, AVENALS FARM, WATER LANE, ANGMERING, WEST SUSSEX, BN16 4EP
📞 01903 856744

If you are based outside the UK and wish to exercise your rights under UK GDPR, you may also contact our designated UK representative at the same details above.