Book Now
0800 049 8000

Best Rate Guaranteed   |   Modify Booking
0800 049 8302
0800 049 8000
0800 049 8301
0800 049 8000
Book DIRECT £10 VOUCHER FREE HIGH-SPEED WI-FI BEST RATE GUARANTEE

Apex Hotels Privacy Notice

Introduction

This is the Privacy Notice of Apex Hotels Ltd, whose registered office is at 32 Hailes Avenue, Edinburgh EH13 0LZ (referred to as “Apex Hotels”, “Apex”, “we”, “us” or “our” in the Privacy Notice). Apex Hotels is registered on the Information Commissioner's Office Register; registration number Z5739764 

In terms of data protection law (currently the Data Protection Act 1998 but from 25 May 2018, the EU General Data Protection Regulation 2016 and the Data Protection Act 2018) (“Data Protection Law”) Apex acts as a Data Controller, defined as an organisation that determines the personal data to be collected and the means and purposes of processing that data. Personal data means any data that identifies and relates to a living individual.

As a data controller, Apex Hotels takes data protection seriously and is committed to protecting and preserving the privacy of our guests, for example, when visiting one of our hotels, restaurants, spas or browsing our website at www.apexhotels.co.uk. We will process your personal data in accordance with Data Protection Law and this Privacy Notice. Our designated Data Protection Officer can be contacted at privacy@apexhotels.co.uk

i. PURPOSE OF THIS PRIVACY NOTICE

The information contained in this Privacy Notice describes what personal data we collect and what we will do with your personal data that we collect from our website, with personal data you provide to us in the course of purchasing our products and services, or with personal data that you otherwise provide to us. This Notice also outlines your privacy rights and provides details of how we aim to protect personal data we collect relating to you. You should read this Privacy Notice, together with any other notice we provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data.

ii. THE INFORMATION WE COLLECT

Apex Hotels processes your personal data to meet our legal, statutory and contractual obligations and to provide you with our products and services. We may process the following personal data relating to you:

  • Identity Data such as title, name, user ID
  • Contact Data such as your address, billing address, email address, telephone numbers
  • Financial Data such as bank and payment card details 
  • Transactional Data such as payments provided from and to you and details of services provided to you
  • Technical data, including your IP address, login information, browser type and version, time zone setting and location, browser plug-ins and other technology on the devices used to access our website
  • Profile data, including your purchases or orders made by you, your interests and preferences, health information and any feedback or survey responses provided to us
  • Usage data, including how you use our website, live-chat service, products and services
  • Marketing and communications data, including your preferences in relation to marketing from us and from any third parties and your preference for method of communication.
  • Special Categories data owing to the products, services or treatments that we offer, Apex Hotels sometimes needs to process sensitive personal information (known as special category data) about you, to ensure your safety and good health – for example allergens. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so. 
  • CCTV Images are used by us in the prevention, detection and investigation of criminal activity and to keep our guests and staff safe. Images are only stored for a maximum of 28 days. It is our policy not to disclose images to anyone other than the police authorities.

Children

Apex Hotels do not knowingly collect personal data from children. If you believe your child has provided personal data to us, please contact us at privacy@apexhotels.co.uk, so that we can delete your child’s information. A child is classed as anyone under of the age of 13.

Personal data of third parties 

If you act on behalf of or make reservations for another person, we will collect their data too for the purposes outlined in this Notice.

Failure to provide personal data 

In some cases we may need to collect your personal data by law, or in order to perform our side of a contract we have entered into with you or with a view to entering into such a contract. If you fail to provide the requested data, we may not be able to perform under the contract we have with you, or to enter into the contract with you. In such circumstances, we may have to cancel the contract, or be unable to conclude the contract, which means we would not be able to provide the product or service to you. If that is the case, we will notify you of that at the time.

Collection of Personal Information via Cookies

A cookie is information sent by a web server to a web browser, which enables the server to collect information from the browser. Find more about cookies at www.allaboutcookies.org. Personal data regarding a user’s journey through our websites is collected when visiting Apex Hotels. The placement of cookies throughout our websites allows us to enhance the user journey. This data is held for use in Google Analytics to better understand customer behaviour and to better deliver our products or services. We use these cookies to identify you when you visit our websites and to build up a profile about you. Most browsers allow you to turn off cookies, in which case your experience may not be optimal when visiting our website.

iii. WHEN IS MY INFORMATION COLLECTED?

We collect your personal data in a number of ways, for example, when you visit our website, make a reservation, contact us, purchase products from us or visit the physical hotels, we collect data from and about you.

Direct interactions – you may provide personal data to us (e.g. identity, contact details, financial data) when you complete forms or correspond with us by post, phone, email or other methods. This could include providing personal data when 

  • make an enquiry to receive our services or products;
  • create an account on our website;
  • subscribe to our services or publications;
  • request marketing material to be sent to you;
  • enter a promotion or complete a survey
  • provide feedback to us

Automated technologies or interactions – When you interact with our website, we may collect some technical data relating to you including details about your devices or browsing patterns, for example. This data may be collected using cookies (see above) or other similar technologies. 

Third parties or publicly available sources – We may receive personal data relating to you from third parties or public sources, inside or outside the European Economic Area (“EEA”) including:

  • analytics providers (e.g. Google based outside the EEA, HotJar)
  • advertising networks (e.g. Google, Bing, Facebook, Rakuten)

iv. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below, in a table format, a description of all the ways we intend to use your personal data, and the legal basis we will rely upon to do so. We have also identified what our legitimate interests are where appropriate.

Please note that we may process your personal data for more than one lawful purpose, depending on the specific purpose for which we are using your data. 

Purpose / Activity

Type of Data

(see section ii)

Lawful Purpose for Processing

Retention Period

To process your enquiry, set up a new customer account / profile

Identity
Contact
Profile

  • Consent (if required)

  • Enter into or performance of contract to which you are party.

  • Legitimate Interest

Maximum
7 years

To process your booking / reservation, whether made directly with Apex Hotels on our website or with our hotels, central reservations team or via a 3rd party website - for example online travel agent or restaurant booking platform.

Identity
Contact
Financial
Transactional
Profile
Marketing & Communications
Special Categories

  • Performance of contract to which you are party

  • Necessary for our legitimate interests to ensure you safety whilst on Apex premises and

  • Consent (if required)

  • Vital Interests

Maximum
7 years

To process Credit Card or other payment data for invoicing purposes.

Financial Transactional

  • Performance of contract, to which you are party

Maximum
7 years

Under UK legislation, we are legally obliged to collect specific information from you, to verify your identity on arrival, for example Nationality, Passport Number and next destination.

Identity
Contact

  • Legal Obligation

  • Legitimate Interest

Maximum 3 years from last stay date

Apex hotels will store your personal data in our databases

  • to comply with data retention obligations

  • to allow us to contact you and welcome you back in the future

Identity
Contact
Profile
Transactional
Marketing & Communications

  • Legal obligation

  • Legitimate Interest

  • Performance of contract, to which you are party.

Maximum
7 years

Where applicable, if you park in our car park we will collect your car registration number

Profile

  • Legitimate Interest

Maximum 3 years from last stay date

Apex may need to verify your identity when you arrive at the hotel. We will use your passport or other identification document. We will not store a copy of this information

Identity

  • Performance of contract, to which you are party

  • Legal Obligation

Not Retained

Apex, at all times, aim to keep the data we store secure on our premises and on our IT systems and platforms. We do this by means of encryption, passwords, access controls, physical security, company policies and IT support. Personal data may be processed in this context by Apex Hotels and its 3rd party vendors

Identity
Contact
Profile
Transactional

  • Legitimate Interest

  • Legal Obligation

Maximum 7 Years from last stay date

For many of our business services we use cloud based services, therefore for technical and organizational reasons it may be necessary that your personal data is transferred to servers located outside the European Economic Area (EEA)

Identity
Contact
Financial

  • Performance of contract to which you are a party

  • Legitimate Interest

Maximum 7 years after last stay date

Apex collect (meta)data on your use of our Wifi services for security and anti-piracy purposes.
for example IP address, connections made, location etc.

Technical

  • Consent (if required)

  • Legitimate Interest

  • Public interest

Max 2 years

Apex will track and record your use of our online services, either through cookies or via other means. Cookies enable us and others to monitor your browsing behaviour.

Technical
Usage

  • Legitimate Interest

Max 3 years after last stay date

Apex collect automatically generated information for statistical (research) purposes, to tell us how well our services are working. This information may be provided to third parties, but only if permitted by law or if this information cannot be traced back to you.

Usage

  • Legitimate Interest

Max 3 years after last stay date

Apex may collect personal data to safeguard your health whilst staying in our hotels and using our restaurants and Spa (City Quay)

Special Categories Profile

  • Legitimate Interest

  • Consent (if required)

Max 3 years after last stay date

Apex aim to keep its assets, staff and guests secure and safe at all times and to prevent our premises being used for illegal purposes. Though CCTV surveillance Apex, and or 3rd party vendors may process personal data by way of image.

CCTV Images

  • Legitimate Interest

  • Public Interest

1 month

Apex are required to comply with legal obligations, requests from public authorities, third party claims or access to our data, for instance in the event of a criminal investigation or requests for information or instructions from public authorities in the event of a fire, terrorist attack that involve processing personal data

Identity
Contact
Technical
CCTV Images

  • Legitimate Interest

  • Public Interest

  • Vital Interest

  • Legal Obligation

Maximum
7 years

Apex carry out advertising and marketing activities to promote the Apex brand, the company and our services both on and offline, and also through third party providers. Apex will use your contact details, information on your hotel stay and information collected through cookies on our website.

Identity
Contact
Profile
Marketing & Communications

  • Consent (if required)

  • Legitimate Interest

Maximum of 3 years after last stay date

Apex may offer to or provide services and products you request from us or which we think you are interested in via email if you have consented to do so. We will use the email you have provided us with from your guest profile. If you no longer wish to receive marketing or promotional information you can use the link to unsubscribe.
Apex may use the data to target you on other platforms such as online advertising or mail shots

Identity
Contact
Profile
Marketing & Communications

  • Consent (if required)

  • Legitimate Interest

Maximum of 3 years after last stay date

v. PROMOTIONAL OFFERS FROM US

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for us to market to you. You will receive marketing communications from us if you have requested these communications specifically by opting in, or if you have purchased similar goods or services from us in the last three years. In any case you will have the option to unsubscribe or opt out by contacting marketing@apexhotels.co.uk, or if the communication is by email, a link within the email.

vi. THIRD-PARTY MARKETING

We will get your express opt-in consent before we share your personal data with any company outside Apex Hotels for marketing purposes. 

vii. OPTING OUT

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time at marketing@apexhotels.co.uk.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us because of a product/service purchase, warranty registration, product/service experience or other transactions.”

viii. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES 

The personal data you provide to us may be accessed by or given to third parties, some of whom may be located outside the EEA who act for us for the purposes set out in this Notice or for other purposes approved by you. Those parties process information, fulfil and deliver orders, process credit card payments and provide support services on our behalf. 

We may also pass aggregated information on the usage of our website to third parties, but this will not include information that can be used to identify you, either directly or indirectly.

Where you have specifically consented when providing us with your details, we may also allow carefully selected third parties to contact you occasionally about products and services which may be of interest to you. They may contact you by email. You may withdraw your consent to this at any time. If you change your mind about being contacted by these companies in the future, please let us know at marketing@apexhotels.co.uk.

If our business enters into a joint venture with or is merged with or sold to another business entity, your information may be disclosed to our new business partners or owners. Countries outside the EEA do not always have strong data protection laws. We will take steps to ensure that your data is used by third parties in accordance with this Notice. Unless required or permitted by law to do so, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.

ix. INTERNATIONAL DATA TRANSFERS

Some of the third parties that we may disclose your personal data to are based outside the EEA, so their processing of your personal data will involve a transfer of your personal data out with the EEA. Whenever we transfer your personal data out with the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the EU.
  • Where we use certain service providers, we may use specific contracts or EU model clauses. 
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EU and the US.

Please contact us if you wish to receive further information about the specific mechanism used by us when transferring your personal data out with the EEA.”

x. INFORMATION RETENTION

We will retain your personal data for as long as we need it for the purposes for which we collected it, or if we are legally required to do so. The retention period for different types of personal data/purpose is shown in the table above. Further information is available on our retention policy, which can be requested from privacy@apexhotels.co.uk

xi. DATA SECURITY

Apex Hotels takes all appropriate technical and organisational measures, in accordance with local law requirements, to protect your personally identifiable information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. To this end, we have implemented technical measures such as firewalls and operational measures such as login/efficient password and physical protection.

xii. YOUR RIGHTS

As an individual, you have the following rights as a data subject under Data Protection Law in relation to the processing of your personal data:

  • Be informed about what and how Apex Hotels processes your personal data, as explained under the Privacy Notice
  • Request access to your personal data (a data subject access request), which enables you to receive a copy of the personal information we hold about you and the check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you, to have any incomplete or inaccurate information corrected.
  • Request erasure of your personal data, so that we delete or remove personal data where there is no good and lawful reason for us to continue to process it (although in some cases we can refuse this request where we can claim exemptions as a data controller).
  • Object to processing of your personal data where we are processing your personal data for direct marketing or where we are relying on a legitimate interest (of Apex Hotels or of a third party) and there is something specific to your situation which gives rise to your objection.
  • Request the restriction of processing of your personal data, through the suspension of our processing, e.g. where you want us to establish its accuracy or the reasons for the processing.
  • Request the transfer or your personal data to another party in an easily portable
  • Withdraw consent at any time where we are relying on consent to process your personal data (although this will not affect the lawfulness of any processing carried out before the withdrawal of consent).
  • Where processing is under a contract or by consent, request that a decision made using automated processing of your personal data, which significantly affects you, be reviewed by an individual to whom you may make representations and contest the decision)

We do not usually charge individuals for any requests made regarding the collection of information. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We will need you to identify yourself properly prior to responding to your request. To this end we may request a valid identification such as a current driver’s licence, identity card or passport.

xiii. CHANGES TO OUR PRIVACY NOTICE

The Privacy Notice was last updated on 22/05/2018 In order to assist us in keeping the personal data we process about you accurate and up to date for the duration of your relationship with us, it is important that you inform us of any change to your personal data that you have provided to us, as soon as possible, by contacting us at privacy@apexhotels.co.uk. We keep our Privacy Notice under regular review and we will place any updates on our website.

xiv. QUERIES OR INDIVIDUAL REQUESTS

The full name of our company is Apex Hotels Ltd. We are registered in Scotland under registration number SC073489. Our registered office is Apex Hotels, Apex House, 32 Hailes Avenue, Edinburgh, EH13 0LZ. Our VAT number is 974 8933 55. 

If you wish to place a query about any aspect of how we use your personal data, submit a Data Subject Access Request or to exercise your other rights as an individual under Data Protection Law, please contact us at privacy@apexhotels.co.uk or call us on +44 (0) 131 441 0440 or write to us at Apex Hotels, Apex House, 32 Hailes Avenue, Edinburgh, EH13 0LZ.

xv. CONCERNS OR COMPLAINTS

Apex Hotels only processes your personal information in compliance with this Privacy Notice and in accordance with the relevant Data Protection Law. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority, the UK Information Commissioner. The website of the UK ICO’s office contains details of how to make a complaint: https://ico.org.uk/.