Membership Privacy Policy

At Gleneagles, we are committed to protecting and respecting your privacy.

Please read the privacy Policy carefully as it explains who we are, when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure. The Policy also explains your rights in relation to your personal information and how to contact supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to data protection laws and we are responsible as “controller” of that personal information for the purposes of those laws.

We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes.

Who are we?

We are Gleneagles Hotels Limited, registered in Scotland with company number SC 97000, having its registered office at Gleneagles Hotel, Auchterarder, Perthshire PH3 1NF.

We trade as the Gleneagles Hotel. We offer an unbeatable array of attractions that includes a five-star luxury hotel, three championship golf courses, an award-winning spa, and the only restaurant in Scotland to hold two Michelin stars.

You can contact us about how we handle your personal information by email to privacy@gleneagles.com
or in writing to:

The Gleneagles Hotel
Auchterarder
Perthshire
Scotland
PH3 1NF

How do we collect information about you?

We collect personal information that you choose to provide:

Through the use of our services, we will collect personal information about your time with us and your hotel, dining and leisure activities.

For the security of all our guests and staff CCTV operates on our premises, we will also collect information about security and health & safety incidents.

Through your use of our websites including www.gleneagles.com, booking.gleneagles.com and members.gleneagles.com (including by browsing such sites) you may provide us with personal information such as your name, contact details and personal preferences.

What type of information is collected from you?

If you have a membership with us, we will ask for your name, contact details and billing information.

Due to the personalised experiences we offer we may from time to time collect and store other information about you such as your personal preferences. We will only ever ask for information to enable us to provide the services you have requested.

Through the use of our services we will collect information from you in the form of requests and feedback. We will also collect information about your activities whilst you are with us for billing purposes and to improve our services to you.

For the purposes of security and health & safety CCTV and Incident Monitoring take place on our sites. Please be aware that images of you and information about incidents involving you will only be stored and processed for as long as is required by law.

We may from time-to-time require sensitive personal information (such as medical information) to provide specific services to you safely or to comply with our legal obligations, where this is the case we will always inform you (and where required) ask for your explicit consent to record this information at the time.

We will retain relevant information about you to enable us to comply with our legal obligations and to ease the accommodation of any future memberships.

How is your information used?

Under data protection law, we can only use your personal information if we have a proper reason for doing so. In order to use your personal information, we rely on the following legal bases:

We may use your information to:

 

If you do not provide personal information we ask for, it may delay or prevent us from providing the services you have requested to you.

How long will your personal information be kept?

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our legal obligations (e.g. financial record keeping).

We will hold your personal information on our systems only for as long as is necessary for the relevant activity or to facilitate any future stays, or as long as is set out in any relevant contract you hold with us. In any case, unless legally required, we will not hold your personal information for any more than 4 years.

Who has access to your information?

We routinely share your personal information with:

Third Party Service Providers working on our behalf: we may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of providing services to you on our behalf (for example to provide chauffeur and caddy services or to book third party activities on your behalf). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we ensure appropriate safeguards are in place that requires them to keep your information secure, in accordance with data protection laws, and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond our approved suppliers, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

 

Third Party Data Processors working on our behalf: we use software providers to process your personal information on our behalf. When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we ensure appropriate safeguards are in place that requires them to keep your information secure, in accordance with data protection laws. Where we use a Third Party Data Processor we will ensure they uphold the same level of confidentiality and security that we maintain when handling your information, in accordance with data protection laws.

Law Enforcement/Regulatory Bodies: we may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Debt Collection Agencies: If at any time before or during your transaction with us you fail to meet the credit conditions imposed by us, we reserve the right to transfer your debt to a third party in which case your personal information will also be transferred to that third party for it to use in connection with the recovery of your debt. Such third party will take such action to recover your debt as it considers appropriate and will be acting on behalf of or to our instructions.

Other Parties: we may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We will not share your personal information with any other third party.

Your rights

Under data protection laws, you have the following rights, which you can exercise free of charge.

The accuracy of your information is important to us. You have the right to require us to correct any mistakes in your personal information we hold. We are working on ways to make it easier for you to review and correct this information. In the meantime, if any of the information we hold about you is inaccurate or out of date, please let us know.

You have the right to ask for a copy of the information Gleneagles holds about you.

You have the right to require us to delete your personal information, in certain situations.

You have the right to receive a copy of all personal information we hold about you in a structured, commonly used data and machine readable format and/or transmit that data to a third party. We will provide this upon request.

You have the right to object at any time to our processing of your personal information for direct marketing (including profiling) and in certain other situations (e.g. processing carried out for the purpose of our legitimate interests).  You can change your marketing preferences at any time. If you do not want to receive direct marketing communications from us please follow the unsubscribe link on our communications or contact us.

You have the right to not be subject to decisions made automatically based on your personal information (including profiling). Gleneagles does not make any automated decisions based on information we hold about you.

You have the right to request we restrict the processing of your personal information for certain purposes only (e.g. if you contest the accuracy of the data).

For further information on each of those rights, including the circumstances in which they apply, please contact us.

If you think we have not handled your personal information correctly you have the right to lodge a complaint with the Information Commissioner’s Office who act as the Supervisory Authority for enforcement of relevant data protection legislation in the UK. More information about how to make a complaint can be found at: https://ico.org.uk/concerns/

You have the right to expect us to carry out any request with respect to any your rights under data protection laws within 30 days where the request is not manifestly unfounded or excessive.

Security precautions in place to protect the loss, misuse or alteration of your Personal Information

When you give us personal information, we take steps to ensure that it is treated confidentially and held securely.

Once we have collected your information, we make our best effort to ensure its security on our systems and in physical form. Where data is stored electronically we take steps to ensure your information is accessed only by those who need it to administer your stay. Your personal data is always encrypted when being sent between our systems, this is shown by the lock icon in your web browser when booking online. Where possible your personal data is also encrypted at rest. Where we are storing information about you on physical media i.e. registration card, this is stored securely and access restricted to only those who need it to administer your stay.

Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Credit or debit card details are encrypted and protected by our card payment provider. When you are entering your card details these are sent to our card payment provider securely, this is shown by the lock icon in your web browser when booking online.

Use of 'cookies'

Our websites uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.

It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our websites.

What types of cookies are used on this site?
  1. Preference Cookie – At your request we may place a cookie to remember your preferences so that you do not need to re-enter your details (country/age and language preferences) on our gateway page. This is not suitable if you share your computer with someone else.
  2. Social Sharing – This is a cookie that identifies you with social networking sites such as Facebook and Twitter and allows interaction between your activity on social networking sites and on our website through your direction, and makes your transition between the sites more seamless.
  3. Site Analytics – We use Google Analytics to help analyse use of our website. This analytical tool uses ‘cookies’, which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
  4. Cookies – We use session cookies, which are temporary cookies that cookies aid the user journey around the site, and will remember preferences you have selected during the session. These cookies are deleted as soon as you leave the site.
  5. Content Management cookies – These are cookies required by the site for the content management system to work.
  6. Template preference cookies – These cookies are necessary for mobile sites and enable the site to look and feel the way it is intended to.
How do I disable/enable cookies?

You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.

There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about these functions. For example, in Internet Explorer, you can go to the Tools/Internet options/Security and Privacy Tabs to adapt the browser to your expectations. If you use different computers in different locations you will need to ensure that each browser is adjusted to suit your cookie preferences.
Some modern browsers have a feature that will analyse website privacy policies and allow a user to control their privacy needs. These are known as ‘P3P’ features (Privacy Preferences Platform).

You can easily delete any cookies that have been installed in the cookie folder of your browser. For example, if you are using Microsoft Windows Explorer:

If you are not using Microsoft Windows Explorer, then you should select ‘cookies’ in the ‘Help’ function for information on where to find your cookie folder.

Links to other websites

Our website may contain links to other websites. This Policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

16 or Under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ we will require your parent/guardian's permission beforehand whenever you provide us with personal information.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in April 2018.