Privacy Policy


This Privacy Notice explains how and why East Coast Accommodation processes your personal data, under UK GDPR, “general data”, the steps we take to keep your information safe and what to do if you have concerns as to how we have handled your data.

On the 25th of May 2018 the UK produced its third generation of data protection law, the Data Protection Act 2018. This is the same date as the General Data Protection Regulation, GDPR, was launched throughout the European Union, EU. Following withdrawal from the EU on 1st January 2021, the EU GDPR will be adopted into UK law by section 3 of the EU Withdrawal Act 2018 (EUWA 2018) and the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (Implementing Regulations). This part of the UK’s post transition data protection law will be known as ‘UK GDPR’, which can be found at Part 2 of the Data Protection Act 2018.

‘UK GDPR’ will apply the EU’s GDPR standards for the processing of data considered as “general data”.

Who are we?

East Coast Accommodation are a limited company specialising in Serviced Accommodation.

The Directors – Dominic Webber & Ben Tiffney of East Coast Accommodation are the Data Controllers and Data Protection Officers and as such have overall responsibility for the lawful processing of all personal data processed by the company. Our data protection registration number is ZB511147 which is renewed each year.

If you have any questions about how we use your personal information, our DPO can be reached at info@eastcoastproperty.co.uk or by post at Data Protection Officer, 1a East Acridge, Barton, DN18 5HL

What type of personal information do we process?

In order to meet the UK GDPR, we will process varying types of personal data, this includes: Information relating to natural persons who can be identified or who are identifiable, directly from the information in question or who can be indirectly identified from that information in combination with other information.

We do not process any special category personal data as defined in the UK GDPR.

Where do we get the personal information from?

We get our personal data from yourselves when booking a stay at one of our properties.

What is our lawful basis for processing your personal data?

East Coast Accommodation process your personal data under the UK GPDR for the following: (b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering a contract.

How do we handle your personal information?

We handle personal information according to the requirements of the UK GDPR. Your personal information held on our systems and in our files is secure and is accessed on a “need to know” basis by our staff or data processors working on our behalf.

Where we are processing personal data, we will ensure that any personal data is:

  • Processed lawfully, fairly, in a transparent manner in relation to individuals.
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes.
  • Adequate, relevant, and limited to what is necessary in relation to the purpose for which it is processed.
  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay.
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures”.

We will ensure that your personal information is handled fairly and lawfully. We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, and adequacy, is not excessive and is kept as up to date as possible and is protected appropriately. We will regularly review to ensure it is still required and is lawful for us to continue to retain it and when no longer required for any purpose detailed in this notice, we will securely destroy it.

We will regularly review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose, then your data will be securely destroyed.

We will respect your information rights under the DPA Act 2018 and UK GDPR/GDPR.

Who do we share your personal information with?

To enable East Coast Accommodation to carry out their role we may need to share your data with other organisations. All other organisations will adhere to the UK GDPR.

How do we keep your personal information safe?

East Coast Accommodation takes the security of all personal information under our control very seriously. We will comply with the relevant parts of the legislation relating to security and seek to comply with the cyber and information security best practices.

We will ensure that appropriate policy, training, technical and procedural measures are in place. These will include, but are not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our staff, are only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We carry out audits of our buildings security to ensure they are secure.

We carry out regular audits and inspections, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to what use may be made of any personal information contained within them. These procedures are reviewed regularly to ensure our security of information is kept up to date.

Third parties are assessed to ensure that they are secure and adhere to the UK GDPR.

How long will you keep my personal information?

East Coast Accommodation keeps your personal information if is necessary for the particular purpose or purposes for which it is held.

Whose personal data do we process for General purposes?

  • Guests
  • Line Managers
  • Trades
  • Third party agencies
  • Members of staff
  • Suppliers
  • Former staff, suppliers, and trades.

What are my information rights?

Your information rights in relation to personal data considered as “general data” are:

Right to be Informed - This places an obligation upon East Coast Accommodation to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with.

We have written this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the legislation

Right of Access - This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions.

Rights of access do not apply to the processing of ‘relevant personal data’, we can limit confirmation that we are processing data and any access to personal data, if necessary and proportionate to:

  • Avoid obstruction to an official or legal inquiry, investigation, or procedure.
  • Avoid prejudicing prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties
  • Protect public security; or
  • Protect the rights and freedoms of others.

Relevant personal data’ means personal data contained in a judicial decision or in other documents relating to the investigation or proceedings which are created by or on behalf of a court or other judicial authority. Access to ‘relevant personal data’ is governed by the appropriate legislation covering the disclosure of information in criminal proceedings, such as (in England and Wales) the Criminal Procedure and Investigations Act 1996.

The request must be processed within one month, or three months in complex cases. Where a request is refused the individual must be notified and where no action is taken individuals have the right to be informed of how to seek a judicial remedy.

Right to Request Rectification - You are entitled to have personal data rectified if it is inaccurate or incomplete. We can refuse such a request where it is necessary and proportionate or relates to 'relevant personal data', i.e., to avoid obstructing an official or legal inquiry, investigation, or procedure or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, as detailed above.

Right to Erasure - The right to erasure is also known as ‘the right to be forgotten’. This right enables you to request the deletion or removal of personal data where there is no compelling reason for its continued processing. We can refuse such a request where it is necessary and proportionate or relates to 'relevant personal data', i.e., to avoid obstructing an official or legal inquiry, investigation, or procedure or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, as detailed above. The erasure of personal data relating to criminal offences cannot be considered until its full period of retention has been reached.

Right to Restrict Processing - Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, organisations are permitted to store the personal data, but not further process it. We can refuse such a request where it is necessary and proportionate or relates to 'relevant personal data', i.e., to avoid obstructing an official or legal inquiry, investigation, or procedure or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, as detailed above.

Right to Data Portability - The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.

Right to Object - Individuals have the right to object to:

  • The processing of your personal data based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
  • The processing of their personal data for direct marketing (including profiling); and
  • The processing of their personal data for the purposes of scientific/historical research and statistics.

Should you wish to learn more about your information rights or how to make Information Rights Request please see the link below:

Your Data Rights

How to make a complaint to the Information Commissioner

The Information Commissioner is the independent Authority responsible within the UK for ensuring we comply with data protection legislation. If you have a concern about how we have used your personal information or believe you have been adversely affected by our handling of your data, please contact us so as we can try to rectify.

Alternatively, you may wish to contact the Information Commissioner’s Office using the information below:

Their Helpline: 0303 123 1113 (Their normal opening hours are Monday to Friday between 9am and 5pm).

Their email: icocasework@ico.org.uk

Their address: Information Commissioners Office, Wycliffe House, Water Lane Wilmslow, SK9 5AF

Monitoring

East Coast Accommodation may monitor or record and retain telephone calls, texts, emails, and other electronic communications to and from the company to deter, prevent and detect inappropriate or criminal activity, to ensure security, and to assist the purposes described above. East Coast Accommodation does not place a pre recorded ‘privacy notice’ on telephone lines that may receive emergency calls (including misdirected ones) because of the associated risk of harm that may be caused through the delay in response to the call.

Changes to our Privacy Notice

We keep our privacy notice under regular review. If we plan to use your personal information for a new purpose, we will update our privacy notice and communicate the changes before we start any new processing.

East Coast Accommodation

Data Protection Officer

Dominic Webber

Last updated 1st February 2023

Version 1.0