Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B HOTELS
  2. Protection of personal data
  3. General policy for the protection of personal data of B&B HOTELS in United Kingdom
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Rooms
-+
+ Add another roomValidate
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

General policy for the protection of personal data of B&B HOTELS in United Kingdom

General policy for the protection of personal data 

Pdf version

 

Updated on 28/02/2024

 

Preamble 

 

  1. In the course of its business, B&B HOTELS collects and processes personal data relating to contacts, prospects, customers (e.g., hotel guests), service-providers and partners. 

 

  1. The main purpose of this document is to help you understand the conditions under which your data is processed.

 

  1. Its purpose is to inform you, in accordance with the EU General Data Protection Regulation and the retained UK General Data Protection Regulation (together the "GDPR" or the Regulations), about how your personal information may be collected and processed for the provision of our Services through our Website and the Mobile Application on other means in connection with the booking of UK hotel rooms and B&Me loyalty programme.

 

  1. The protection of your personal data is a priority for B&B HOTELS, which is why it undertakes to process such data in strict compliance with the Regulations and applicable national laws. 

  1. Definitions 

  1. Application: means the B&B HOTELS mobile application available in IOS and Android versions.

 

  1. Platform: refers to the online central reservation, system operated by the B&B HOTELS Group on the website https://www.hotel-bb.com/ (the “Site”) and the Application and the systems managing the loyalty programme.

 

  1. Data controller: the B&B Hotels group is made up of different legal entities, so when we mention "B&B Hotels”, "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the B&B Hotels Group responsible for processing your personal data. We will let you know which entity will be the controller for your data when we provide the Services to you. B&B HOTELS UK LIMITED is the Data controller managing processing operations carried out from the Site or the Application in the UK. 

 

  1. Services: refers to the services offered by B&B HOTELS via the Platform and the Application and any other services provided to a guest by the UK hotels where they stay. The online Services are described in detail in the General Terms and Conditions of Use (“GTCU”), which can be accessed here.

 

  1. Site: means the website accessible at the URL address https://www.hotel-bb.com/.

 

  1. User: means any person who accesses or browses the Site and the Application and/or that receives our Services, whether a customer, a prospect, a service provider, a partner, or an ordinary Internet user with or without a B&B Hotels account. 

  1. Identity of data controllers 

  1. The data controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. When several people jointly determine the purposes and means of a processing operation, they are referred to as joint data controllers (or co-controllers).

 

  1. The UK data controller responsible for the processing operations carried out on the Services offered by B&B HOTELS via the Platform and the Application and on the B&B hotels in UK is B&B HOTELS UK LIMITED, a private limited company incorporated under the law of United Kingdom, with its registered office at 73 Cornhill, London (England), EC3V 3QQ, registered under no. 13984153 referred to as "B&B HOTELS". 

 

  1. The companies listed here jointly manage the B&me loyalty programme. In addition, B&B HOTELS has entered into a co-responsibility agreement with joint controllers, setting out their respective obligations, the broad outlines of which are available on request sent by mail to: privacy.uk@hotelbb.com.

 

  1. B&B HOTELS Group operates a central reservation system shared by the joint controllers listed here.

 

  1. B&B HOTELS jointly processes your personal data with the following controllers (see the list of controllers here) to provide the Services to you, (such as the processing of bookings made via the Platform and the Application, providing related Services to you and customer support), send communications to you, run customer surveys, verify customers as required by law, and improving our Services.  

 

  1. Changes to the privacy policy and your duty to inform us of changes

  1. We keep our privacy policy under regular review. This version was last updated the date shown above. 

 

  1. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  1. Personal Data that is processed 

  1. B&B HOTELS collects and processes the following categories of data in connection with the processing of personal data for the purposes set out below: 

 

  • Identity & Contact Data: Data relating to your identity and contact details: title, surname, first name, address, telephone number, job tittle e-mail address, date of birth, age, customer code and ID documentation (e.g. passport or ID cards) to verify your identity;
  • Business Data: Data relating to your professional life: company, location and other business details;
  • Technical Data: Data relating to internet browsing and Application usage: logs and connection data, computer hardware identification data, language preferences, geographical location data, data relating to your use of the Platform and Services, including data communicated to our teams when you make requests (language preference, etc.) data collected via cookies and other tracers;
  • Profile Data: includes your username and password, purchases, orders and reservations made by you (e.g., Data relating to history of reservations in the B&B hotels) and your usage of the Services, your interests, preferences, feedback and survey responses.  
  • Reservations Data: Data relating to your reservation: arrival and departure dates, details of other occupants of the rooms booked such as names, ID documentation and ages, preferences (smoking room, preferred floor, etc.), details of Services provided by the UK Hotel and records of any interactions between the UK Hotel and  the guests. Furthermore, if billing to a different address is requested: company name, address, VAT number, etc. or the details of the individual making the payment;
  • Transactions Data: Data relating to transactions: transaction number, data relating to means of payment, details of the purchase, subscription or service subscribed to, data relating to invoice payments such as payment terms, discounts granted, receipts, balances and unpaid invoices. The bank card number, expiry date and cryptogram are processed exclusively by our payment service-providers (e.g., Adyen), which only provides us with a token for guaranteeing and paying for bookings;
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Loyalty Data: includes information we process to run our loyalty programs (e.g., the B&me program), sending you loyalty related communications and rewards.
  • Surveys Data: any personal data you provide when you fill in a survey form or provide any other feedback about your stay or any other Services.
  • CCTV Data: the video footage collected by the UK hotels security cameras.

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time. 

  1. Purposes, legal bases and retention periods for data processing 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal grounds we are relying on to process your personal data where more than one legal ground has been set out in the table below. 

The purposes for which your data is processed, its legal basis and the duration for which it is kept are detailed below. We have also identified what our legitimate interests are where appropriate:

 

PURPOSE/ACTIVITY 

TYPE OF DATA

LEGAL BASIS

RETENTION PERIOD

Managing bookings and monitoring the commercial relationship with customers in connection with their booking and their stay in a UK hotel, including the management of complaints and other interactions with customer 

 

Types of Data

 

  • Identity & Contact
  • Business 
  • Reservations
  • Financial
  • Technical 
  • Profile

 

 

Performance of a contract with you

 

Complying with legal obligations

 

Necessary for our legitimate Interests (for quality and customer care assessments and improvement)

 

 

Active base

 

The data used to manage the relationship with the customer is kept for as long as is necessary to execute the contract and comply with our legal obligations.

 

We will check your ID documentation to verify your identity (e.g. during the check-in process) and will and will not store copies unless this is required by law.

 

Intermediate archiving: 

 

For litigation or pre-litigation purposes, until the end of the legal requirement and for the duration of the proceedings until the ordinary and extraordinary remedies have been exhausted. 

 

Data concerning payments by bank card is kept for 13 months following the debit date, extended to 15 months for deferred debit cards.

Creating and managing user accounts on the website 

 

Types of Data

 

  • Identity & Contact
  • Reservations
  • Profile

 

Performance of a contract with you

 

Complying with legal obligations

 

Active base

 

The data used to manage the customer relationship is kept for as long as the user account is active. 

 

Intermediate archiving: 

 

For litigation or pre-litigation purposes, until the end of the legal requirement and for the duration of the proceedings until the ordinary and extraordinary remedies have been exhausted. 

The improvement of B&B HOTELS services, in particular, 

  • conducting customer satisfaction surveys 
  • management of feedback on the services provided and contacting guests for further feedback. 

 

Types of Data

 

  • Identity & Contact 
  • Business
  • Profile
  • Reservations 
  • Transactions
  • Surveys

Necessary for the legitimate interest of B&B HOTELS (to assess any issues or potential issues and improve the quality of our Services).

 

Time required to carry out and process the satisfaction survey or customer feedback.  

Compiling commercial statistics 

 

Types of Data

 

Surveys

The legitimate interest of B&B HOTELS (to understand how our customer and guests use our Services).

 

Duration required to achieve the purpose of the statistics or until the right to object is exercised.

 

Bookkeeping (accounting and tax obligations)

 

Types of Data

 

  • Reservations
  • Transactional

Compliance with a legal obligations. 

Intermediate archiving: 

 

For the legal retention period (e.g. accounting obligation of 10 years). 

 

Carrying out commercial prospecting operations. In particular: 

  • the sending of our newsletter; 
  • carrying out prospecting campaigns (email, telephone, post);
  • invitations to events;
  • organising competitions 

 

Types of Data

 

  • Identity & Contact
  • Marketing

Legitimate interest for operations via post or calls involving human intervention (non-automated) (to promote our Services to individuals that stayed in a UK Hotel, or received any other Services from us or contacted us).

3 years have elapsed since the individual's last contact with B&B HOTELS. 

The management of requests to exercise rights by data subjects concerned by the processing of personal data 

 

  • Identity & Contact 
  • Business
  • Profile
  • Reservations 
  • Transactions

Compliance with a legal obligations necessary for our Legitimate Interests (to keep records of our interactions with the requesters and the information provided to them).

For as long as it takes to process the request and for 3 years after we address the request.

The proper functioning and improvement of our Platform and its functionalities, including measuring the Site’s audience

 

  • Identity & Contact
  • Business 
  • Reservations
  • Financial
  • Technical 
  • Profile

 

 

Necessary for the legitimate interest of B&B HOTELS in ensuring the functioning and security of the Site. 

 

In relation to the collection of information though cookies and equivalent means only (e.g. pixel tracking), we rely on consent to use the cookies: the User's consent given before any non strictly necessary cookies are placed in their devices.

Tracer lifetime limited to 6 months. 

 

Retention period for data collected by means of tracers: Maximum 25 months. 

Managing the B&me loyalty programme (granting loyalty benefits, awarding loyalty points)

 

  • Identity & Contact
  • Loyalty
  • Marketing 

Performance of a contract with you

 

Necessary for our Legitimate Interests (to offer benefits and discounts to the guests that stay in our UK hotels) 

 

Active base:

 

For the entire duration of your membership to the programme and for 6 months thereafter. 

 

Managing CCTV cameras for security purposes

 

CCTV

Necessary for the legitimate interest of B&B HOTELS in ensuring the Hotel provides adequate security in the premises and can record any incidents in the public spaces of the UK hotels.

CCTV recordings are stored for up to 31 days unless there are incidents, data subjects request, or investigations requests in which case, the specific recordings will be stored until the case relevant case is resolved. 

 

Intermediate archiving:

 

For handling claims and complaints, litigation or pre-litigation purposes, and law enforcement investigations, until the end of the legal requirement and for the duration of the complaint, proceedings or investigation and as long as required by law.

 

  1. How is your personal data collected?

We collect your personal data when you:

  1. Make your reservation in a B&B Hotel in the UK and someone makes a reservation and you are the guest;
  2. Register and manage your user account;
  3. Send us information in relation to our loyalty programme; 
  4. Engage with our customer support team or the B&B Hotels’ UK staff through the Site, the Application, by phone or in person;
  5. When you give us feedback about your stay on the hotel through the Platform (e.g., by filling in a survey form) or by other means (e.g., by contacting our customer support team or our B&B Hotel UK hotel staff);
  6. Check in or check out in our B&B Hotel UK hotels;
  7. Use or access our Site or Application;
  8. Are a guest and your image is recorded by CCTV for security purposes.

  1. Data recipients 

  1. The main persons who may have access to your personal data are as follows:

 

  • authorised staff in our hotel reservations, marketing, sales, administrative, logistics and IT departments, who are responsible for providing the Service, improving our Services, customer relations, prospecting and quality control;
  • authorised staff of our subcontractors and service-providers, including in particular hosting and cloud storage providers, payment service providers, suppliers of software for checking identity documents and verifying identity online by facial recognition, suppliers of mailing services, IT maintenance service-providers, marketing research service-providers, customer reviews services and platform providers and the loyalty programs service providers;
  • authorised staff of the B&B Hotel joint data controllers (see above);
  • any competent public authorities; 
  • where appropriate, the competent authorities with legal power to access the information, upon request, in particular public bodies, the courts, as well as mediators, chartered accountants, auditors, lawyers, bailiffs, judicial officers, police officers, bodies responsible for debt recovery, exclusively to meet legal obligations, as well as in the case of searching for the perpetrators of offences committed on the Internet or the UK hotels; and
  • third-parties likely to place cookies on your terminals with your consent. For more details, see our Cookies Management Policy.

 

Promotional offers from us 

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). 

You will receive marketing communications from us if you have requested information from us or received Services from us and you have not opted out of receiving that marketing.

Third-party marketing 

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. 

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by logging into the Site or the Application and checking or unchecking relevant boxes to adjust your marketing preferences. 

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a Service,  purchase, warranty registration, product/service experience or other transactions.

Change of purpose 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. 

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

  1. Transfer of data outside the European Union 

  1. B&B HOTELS is a company belonging to the B&B HOTELS Group, which provides its Services in numerous countries. 

 

  1. In this regard, and for the purposes indicated in article 6 of this policy, we may transfer your data to recipients within and outside the group located outside the European Union.

 

  1. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it. In the absence of an adequacy decision, we may use specific contracts approved for use in the UK and the EU which give personal data the same protection it has in the UK and the EU.

 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK at the following email address:

  •  privacy.uk@hotelbb.com;
  • Or the postal address : B&B HOTELS Data Protection Officer, 20 Eastbourne Terrace, London, W2 6LG

  1. The security of personal data 

  1. B&B HOTELS implements technical and organisational measures that are appropriate to the degree of sensitivity of the personal data, with a view to ensuring the integrity and confidentiality of the data and protecting it against any malicious intrusion, loss, alteration or disclosure to unauthorised third-parties.

 

  1. Subcontracting 

  1. When B&B HOTELS uses a service-provider, it only communicates personal data to the latter after having obtained a commitment and guarantees on its capacity to meet these security and confidentiality requirements from it.

 

  1. In compliance with its legal and regulatory obligations, B&B HOTELS concludes contracts with its subcontractors that precisely define the terms and conditions of data processing by the latter, in accordance with regulations on the protection of personal data.

 

  1. Cookies 

  1. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies policy

  1. Social networks & Third Party Links

  1.  This Site and the Application may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site or Application, we encourage you to read the privacy policy of every website you visit.

 

  1. When browsing our Site or Application, you may click on the icons dedicated to the social networks Twitter, Facebook, Instagram, TikTok and YouTube.

 

  1. Social networks help to improve the user-friendliness of the Site and our Application, and help to promote them through sharing.

 

  1. When you use these buttons, we may have access to personal information that you have indicated as public and accessible from your Twitter, Facebook, Instagram, TikTok and YouTube profiles. However, we neither create or use any database independent of Twitter, Facebook, Instagram, TikTok and YouTube, nor do we use any data relating to your private life through this means.

 

  1. In order to limit access by third-parties to your personal information on Facebook, Twitter, Instagram, TikTok or YouTube, we suggest you configure your profiles and/or the nature of your publications via the dedicated spaces on social media in order to limit their access.

 

  1. Exercising the rights of the data subject

  1. Under certain circumstances, you have rights under data protection laws in relation to your personal data.

Right of access

  1. In this regard, you have confirmation as to whether or not your data is processed, and where it is, you have the right to request a copy of your data and information concerning:
  • the purposes of the processing;
  • the categories of data concerned;
  • the recipients or categories of recipients and, where appropriate, if such communications are to be made, the international organisations to which the data has been or will be communicated, in particular, recipients established in third countries;
  • where possible, the intended retention period for personal data or, where this is not possible, the criteria used to determine this period;
  • the existence of the right to ask the data controller to rectify or erase your personal data, the right to request a restriction on the processing of your data, and the right to object to such processing;
  • the right to lodge a complaint with a supervisory authority, in the UK this is the Information Commissioner’s Office (ICO);
  • information on the source of the data when it is not collected directly from the data subjects;
  • the existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and the expected consequences of this processing for the data subjects.

Right to rectify your data

  1. You may request B&B HOTELS to rectify or complete any data that is inaccurate, incomplete, ambiguous or outdated.

Right to have your data deleted

  1. You may request B&B HOTELS to delete your personal data in the cases provided for by the legislation and regulations.

 

  1. Please note that the right to erasure of data is not an absolute right. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 

 

Right to limit data processing

  1. You may request that the processing of your data be restricted in the cases provided for by law and regulations.

Right to object to data processing

  1. You have the right to object, at any time, on grounds relating to your particular situation, to the processing of your data for which the legal basis is the legitimate interest pursued by the data controller.

 

  1. If you exercise your right to object, B&B HOTELS will ensure that it no longer processes your personal data in connection with the processing concerned, unless B&B HOTELS can demonstrate compelling legitimate grounds for continuing such processing. These grounds must outweigh your interests and your rights and freedoms, or the processing must be justified for the establishment, exercise or defence of legal claims. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Right to portability of your data

  1. You have the right to the portability of your personal data. This is not a general right. Not all data from all processing operations is portable, and this right only applies to automated processing, to the exclusion of manual or paper-based processing.

 

  1. This right is limited to processing for which the legal basis is your consent or the performance of pre-contractual measures or a contract.

 

  1. This right does not include derived or inferred data, which is personal data created by B&B HOTELS. 

Right to withdraw your consent

  1. Where the processing of data by B&B HOTELS is based on your consent, you may withdraw it at any time. B&B HOTELS will then stop processing your personal data without affecting any previous operations for which you have given your consent.

Right to lodge a complaint 

  1. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

Right to define advance directives

  1. You have the possibility of giving instructions concerning the storage, deletion and communication of your personal data after your death and of designating a person to carry out these directives, by contacting us.

 

  1.  You can change or revoke your instructions at any time.

How to exercise your rights

If you wish to exercise any of the rights set out above please contact us by email at the following email address: privacy.uk@hotelbb.com or the postal address: B&B HOTELS Data Protection Officer, 20 Eastbourne Terrace, London, W2 6LG

 

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally. it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

 

  1. B&B HOTELS
  2. Protection of personal data
  3. General policy for the protection of personal data of B&B HOTELS in United Kingdom