responsibility and processing which Birch undertakes of the personal data our
customers share with us. Birch takes guests’ privacy very seriously and treats
all their personal information with great care, acting in accordance with the
EU General Data Protection Regulation which became effective on 25th May 2018.
By visiting our website, contacting
us, making a reservation, purchasing products from us, or visiting Birch, you
are acknowledging that we collect information from and about you (and others if
their personal information is provided by you). Under data protection
legislation, some of the information we collect may be classed as personal
data; i.e. “any information relating to an identified or identifiable natural
person”. It may be collected any time you submit it to us, whatever the reason
type of personal data is collected from you and for which purposes this
personal data is processed. It also states your rights under the applicable
data protection legislation: see Section 5. International Data Transfer; and
Section 6. Your Rights.
DATA CONTROLLER: For
the purpose of applicable data protection legislation, the Data Controller of
your personal data is Birch of Lieutenant Ellis Way, Cheshunt, EN7 5HW. Contact
2. COLLECTING YOUR PERSONAL
Birch collects information about you
in the following ways:
Information you give to us
This includes personal data
(a) Through our website when you
register, login, commence or complete an online transaction to use our products
(b) When you contact our reservations team to make a booking or use the
facilities at Birch. Facilities include, but are not limited to, event spaces,
wellness, bars and restaurants.
(c ) When you have provided your consent, in order to:
• sign up to any of our consumer programmes;
• subscribe to any of our marketing communications;
• complete consumer surveys, enter competitions or provide feedback.
(d) When we do business with you, which will usually include:
• Full or partial contact details including names and addresses (including
business details if you are making a corporate booking), telephone and email
• If you have special requirements, it may also be necessary to collect details
about diet or accessibility or any other preferences that you may have.
• Car parking arrangements at Birch may also make it necessary for us to
collect your car registration number for your visit to us.
• We collect payment card information from you, should you choose to use this
form of payment for purchasing or guaranteeing use of our products and
• We may also collect your birth date and other significant dates for making
special recommendations to you around your anniversaries.
This includes information and
personal data collected:-
(a) Through our Website
• When you access our website, we automatically log information about you and
your computer or mobile device. The information about your use of the website
comprises information which your browser transmits to our webserver,
example, when visiting our website, we log your computer or mobile device
operating system name and version, manufacturer and model, browser type,
browser language, screen resolution, the website you visited before browsing to
our website, pages you viewed, how long you spent on a page, access times and
information about your use of and actions on the website.
(b) Through CCTV systems at Birch
• CCTV is in operation throughout the site and video recordings may be made.
This activity is carried out for the better management of property and security
and service reasons for all its clients and staff.
3. HOW WE PROCESS YOUR
Your personal data will be stored in
a centralised system which is under the control of Birch and accessible only by
authorized staff of Birch or our suppliers.
We use the information we collect
about you to process your bookings, answer your queries, process your
purchases, provide our hotel facilities and services and enable you to manage
your website user account.
With your consent, we will contact
you via our marketing and sales channels (email/ phone/post) about other
related products and services we provide which we think may be of interest to
you. Our marketing communications are generally sent by email but we may
sometimes use other methods of delivery such as by post or SMS.
We mainly collect, store and process
personal data at two different stages: (i) before you decide to visit Birch;
and (ii) when you visit, or have visited Birch.
(i) Before you decide to
Website: When you visit https://www.birchcommunity.com,
we collect information about your use of the website. This includes information
we collect directly from you and information we collect about your online
actions. This information may constitute ‘personal data’ under applicable law.
We use this information to provide you with (personal) offers, both on our
website and via advertisements on other websites you visit.
Advertising Generally: We may use
other companies to serve third-party advertisements when you visit and use our
website. These companies may collect and use click stream information, browser
type, time and date, subject of advertisements clicked or scrolled over during
your visits to our website and other websites, in order to provide
advertisements about goods and services likely to be of interest to you. These
companies typically use tracking technologies to collect this information.
Other companies’ use of their tracking technologies is subject to their own
Targeted Advertising: We use website
information to provide you with (personal) offers, both on our website and via
advertisements on other websites you visit. In order to serve offers and
advertisements that may interest you, we may display targeted advertisements on
the website, or other digital properties or applications, in conjunction with
our content, based on information provided to us by our users and information
provided to us by third parties that they have independently collected. We do
not provide personal data to advertisers when you interact with an
(ii) When you visit or have
When you make a reservation, you will
have to provide us with your name, email address, postal address, phone number,
the dates you are staying with us and credit card details or other payment
information, as applicable. We use this personal data to process the
reservation, for billing purposes, and to allow us to communicate with you
about your reservation. When you stay at Birch, we will collect personal data
about your preferences, use of our services, and location.
Overview of activities under
stage (i) and (ii):
We may, at each of the stages
outlined above, use your personal data but only when and to the extent the law
allows us. Most commonly, we will use your personal data in the following
• Where we need to carry out the contract we are about to enter into or have
entered into with you.
• Where it is necessary for our legitimate interests (or those of a third
party); and your interests and fundamental rights do not override those
• Where we need to comply with a legal or regulatory obligation.
• Where you have provided your consent.
4. SHARING YOUR DATA
We may share your personal data as
Third Parties Specified by
You: We may share your personal data with third parties where you
have provided your consent to do so.
Our Third Party Service
Providers: We may share your personal data with our third party
service providers who provide services such as payment processing, information
technology and related infrastructure provision, business support (operational
and administrative), customer service, the processing and delivery of marketing
communications to you, email delivery, auditing and other similar services.
These third parties are only permitted to use your personal data to the extent
necessary to enable them to provide their services to us. They are required to
follow our express instructions and to comply with appropriate security
measures to protect your personal data. Third parties are subject to
confidentiality obligations and may only use your personal data to perform the
necessary functions and not for other purposes.
may share some or all of your personal data with our affiliates, in which case
particular, you may let us share personal data with our affiliates where you
wish to receive marketing communications from them.
Corporate Transactions: We
may share personal data when we do a business deal, or negotiate a business
deal, involving the sale or transfer of all or a part of our business or
assets. These deals can include any merger, financing, acquisition, or
bankruptcy transaction or proceeding.
Other Disclosures: We
may share personal data as we believe necessary or appropriate:
(a) to comply with applicable laws;
(b) to comply with lawful requests and legal process, including responding to
requests from public and government authorities to meet national security or
law enforcement requirements;
(d) to protect our rights, privacy, safety or property, and/or that of you or
We do not share your data with any
third parties outside of the above processing arrangements and we do not share
your data with any business external to our group for their own marketing
purposes. From the data we collect, you should only ever receive marketing
communications from Birch.
5. INTERNATIONAL DATA
In some instances it is necessary to
transfer your personal data overseas. Any transfers will be made in full
compliance with all aspects of the applicable regulations.
For many of our business purposes we
use cloud-based services. Therefore, for technical and organizational reasons,
it is necessary that your personal data is transferred to servers located in
the US, or to servers located in countries outside of the EEA. When we transfer
the data to a country outside of the EEA that does not offer an adequate level
of data protection, we will ensure compliance with applicable law by way of EU
Model Clauses, EU-US Privacy Shield-certification, or other legally accepted
safeguards, as applicable.
6. YOUR RIGHTS
The General Data Protection
Regulation provides the following rights for individuals:
Right to withdraw consent
If we process personal data on the basis of your consent, you have the legal
right to withdraw such consent at any time. We will then cease the relevant
processing activity going forward.
Right to access information
we hold about you
If you want to know what personal data we have collected or we process about
you, you may ask us to provide a copy of your personal data by sending an email
to email@example.com. We will ask you to identify yourself. We will
not provide you with a copy of your personal data to the extent that the rights
and freedoms of others are or may be adversely affected.
Right to data portability
You have the right to request that we process your data in a format which
allows it to be transferred to another controller. Once we have received your
request, we will comply where it is feasible to do so.
Right to rectification and
erasure of data, and restriction of processing
If you believe that our processing of your personal data is incorrect,
inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you
think that your data is stored longer than necessary, you may ask us to
correct, erase or restrict such personal data processing activity, by sending
an email to firstname.lastname@example.org.
Right to object to processing
of your data
You have the legal right to request that Birch stops processing your data, on
grounds relating to your particular personal situation, at any time.
Furthermore, you have the right to object at any time to our processing of your
personal data for direct marketing purposes or to profiling. You can do this by
either (i) opting out by using the option we provide in the relevant direct
marketing message (e.g. an email newsletter), or (ii) updating your preferences
on your profile on the https://www.birchcommunity.com website, or (iii) by
sending an email to email@example.com, or (iv) writing to:
Data Protection Officer
Lieutenant Ellis Way
For the sake of clarity: without
prejudice to the foregoing, we are at all times entitled to send you messages
that do not constitute direct marketing, i.e. service messages.
General information relevant
for all requests and queries
Nothing in this Privacy Statement is
intended to provide you with rights beyond or in addition to your rights as a
data subject under applicable mandatory data protection law.
We will use reasonable endeavours to
respond to your request or query within one month. We are entitled to extend
this term by another two months if the complexity of the situation so requires.
If your request is manifestly unfounded or excessive we may either (i) charge
you a fee, or (ii) refuse to process your request. With respect to access
requests we may also charge you for extra copies. If we decide not to honour
your request or answer your query, we will explain our reasons for doing so in
7. PROTECTION AND STORAGE OF
We have used and will continue to use
reasonable endeavours to protect your personal data against loss, alteration or
any form of unlawful use. Where possible, your personal data will be encrypted
and stored on a virtual private server that is secured by means of state of the
art protection measures. A strictly limited number of people have access to
your personal data.
We have put in place procedures to
deal with any suspected personal data breach and will notify you and any
applicable regulator of a breach where we are legally required to do so.
Our website uses various cookies. We
may track and record your use of our online services, either through cookies or
via other means. Cookies enable us and others to monitor your browsing
data. We may use the personal data collected in this manner for the purposes as
9. RETENTION OF INFORMATION
We will only retain your personal
data for the period necessary to fulfil the purposes outlined in this Privacy
Statement. This may be up to 7 years, unless a longer retention period is
required or permitted by law (which is typically the case in the context of our
obligations under tax law).
Should you choose to unsubscribe from
our mailing list, please note that your personal data may still be retained on
our database to the extent permitted by law.
In case you have any queries about
this policy, need further information, or wish to lodge a complaint in relation
to the policy or our practices in relation to your personal data, you may send
an email to firstname.lastname@example.org or write to us at the address below.
We hope to resolve any complaint brought to our attention. However, if you feel
that your complaint has not been adequately resolved, you reserve the right to
contact your local data protection supervisory authority, which for the UK, is
the Information Commissioner’s Office.
from time to time to make sure it is still up to date. You should therefore
check this policy occasionally to ensure that you are aware of the most recent
version that will apply each time you access our website. We may also notify
you in other ways from time to time about the processing of your personal
Data Protection Officer
Lieutenant Ellis Way