Welcome to the website privacy notice of Hotel Sonia. Hotel Sonia respects your privacy and is committed to protecting your personal data. This privacy notice sets out information about how we treat your personal data, including when you visit our website (www.hotelsonia.co.in).
Table of Contents
1.Important information and who we are
2.The data we collect about you
3.How your personal data is collected
4.How we use your personal data
6.Disclosures of your personal data
9.Additional Information For Website Visitors from the European Economic Area (the “EEA”)
Purpose of This Privacy Notice
This privacy notice aims to give you information about how Hotel Sonia collects and processes your personal data, including any data you may provide through this website when you make a booking reservation, purchase another service, subscribe to our newsletter or consent to receive marketing communications.
This privacy notice should be read together with any other data privacy notice or fair processing notices we may provide to you from time to time in connection with our processing of your personal data for specified purposes.
This privacy notice is issued on behalf of Brookfield and its group of affiliated entities and references to Hotel Sonia, “we”, “us” or “our” in this privacy notice, are referring to the relevant entity within Hotel Sonia responsible for processing your personal data. We will let you know which entity is the data controller of your personal data (or recipient of personal data as otherwise identified) when you make a reservation or purchase another service with us. Unless you are otherwise notified, Hotel Sonia is the data controller and responsible for the processing of your personal data in connection with this website.
If you have any questions regarding this privacy notice or if you would like to exercise any of your rights in relation to your personal data, you can do so by contacting our data protection office (“DPO”) at any time by email to: email@example.com
Additional contact information:
Full name of legal entity: Hotel Sonia
Postal address: Hotel Sonia, Delhi-Nainital Highway, Rudrapur, Uttarakhand, 263153
Telephone number: +91 9837038888
Changes to the Privacy Notice and your duty to inform us of the Changes
We keep our privacy notice under regular review. This version was last updated on May 30, 2023.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us
Types of Personal Data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed or cannot be revealed and which is classified as anonymous data.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We may in certain circumstances collect and process Special Categories of Personal Data about you including disability and health records relevant to your visit (such as food allergies, health condition requirements and hotel accessibility requirements) and religious information relevant to your visit (such as dietary requirements), in which case we shall only do so in accordance with applicable law (which may require that we obtain your consent).
Failure to Provide Personal Data
In certain circumstances, we need your personal data to perform our obligations to you in connection with the services you request from us (for example, to fulfill your booking reservation or to provide you with other services) or in order to comply with certain legal requirements. If you fail to provide information to us, we may not be able to provide you with the services you desire. We will of course notify you if this is the case.
Your personal data is made available to us through various methods, including:
(a) Analytics and search information providers such as Google & Bing and
(b) Advertising networks such as search engines and social channels
Our website does not offer products or services for use by minors. If you are under 18 years of age, you may use our website only with the involvement of a parent or guardian. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us at firstname.lastname@example.org for any concern related to the child’s personal data.
Purposes for which we will use your Personal Data
We will only use your personal data for the purposes described below, unless we reasonably consider that we need to use it for another purpose and which is compatible with the original purpose. You can contact us for more information in connection with the purposes for which your personal data is processed at any time.
Purpose/ActivityTypes of personal data usedTo register you as a new guest/customer(a) Identity (b) Contact (c) ProfileTo process and fulfil your booking reservation including:
(a) Identity (b) Contact (c) Financial (d) Transaction (e) ProfileTo manage our relationship with you which will include:
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications (f) ProfileTo enable you to partake in a promotion, prize draw, competition or complete a survey(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and CommunicationsTo administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Identity (b) Contact (c) TechnicalFor website delivery, optimisation and advertising online, including:
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) TechnicalEmail marketing (including to make suggestions and recommendations to you about services that may be of interest to you and to send you details of promotional offers)(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications
Additional Information about Marketing
We may share your personal data with the parties set out below for the purposes described in section 4, above.
We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
The following information is relevant for visitors to the website located in the EEA. This section provides information about the lawful bases that we rely upon to process your personal data, your legal rights in relation to our processing of your personal data [and data transfers out of the EEA]. This information is intended to supplement the rest of this privacy notice.
Lawful Bases for Processing
We rely on the following lawful bases when we process your personal data:
We have set out below the lawful basis for processing we rely on to process your personal data for specific purposes/activities set out in section 4 above. We have also identified what our legitimate interests are where appropriate.
In some cases, more than one lawful basis is available to us (in which case we have provided the details of all such bases). If you would like to understand more about the legal basis that applies in connection with the processing of your personal data in a particular circumstance, please contact us at any time.
Email marketing (including to make suggestions and recommendations to you about services that may be of interest to you and to send you details of promotional offers)Necessary for our legitimate interests (to develop our services and grow our business)
Purpose/ActivityLawful basis for processing including basis of legitimate interestTo register you as a new guest/customerPerformance of a contract with youTo process and fulfil your booking reservation including:(a) Performance of a contract with you· Managing payments, fees and charges(b) Necessary for our legitimate interests (to recover debts due to us)· Invoicing and collecting money owed to us To manage our relationship with you which will include:(a) Performance of a contract with you· Communicating with you before, during and after your visit(b) Necessary to comply with a legal obligation· Sharing your information with the hotel or resort in which you are staying(c) Necessary for our legitimate interests (to keep our records updated and to study how guests/customers use our services)· Providing guest and concierge services · Ensuring your preferences and interests as a guest are recorded for future visits · Responding to enquiries or complaints · Notifying you about changes to our terms or privacy notice · Asking you to leave a review or take a survey To enable you to partake in a promotion, prize draw, competition or complete a survey(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how guests/customers use our services, to develop them and grow our business)To administer and protect our business and this website(including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligationFor website delivery, optimisation and advertising online, including: Necessary for our legitimate interests (to study how guests/customers use our services, to develop them, to grow our business and to inform our marketing strategy)· Delivery of online advertising to you · Measuring the effectiveness of the advertising we serve to you · Using data analytics to improve our website, services, marketing, guest and customer relationships and experiences
In certain, limited circumstances we may rely on your consent to process your personal data. Where we rely on consent, we will provide you with information about our intended processing activities at the moment of consent collection. You may withdraw your consent to processing at any time, by contacting us. If you receive marketing communications from us, you can opt-out of receiving such communications at any time.
Your Legal Rights
You have the following rights under data protection laws in the EEA in relation to your personal data:
If you wish to exercise any of the rights set out above, please contact us as detailed in the Contact Details section above. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
When you provide us with your personal data through your use of the website, you transfer such personal data directly to us in India. We may transfer your personal data to other jurisdictions from time to time, including where we need to share your personal data with other entities that make up Hotel Sonia and to our external third parties (in each case, to fulfil the purposes we have described in this privacy notice). In connection with such transfers, we take all reasonable steps to ensure appropriate security measures are in place to secure your personal data
In the event that we transfer your personal data from a location within the EEA, we ensure that safeguards are implemented in compliance with EEA legal requirements, including that:
Please contact us if you want further information about transfers of your data, including the mechanisms used by us when transferring your personal data out of the EEA.