Last updated: November 2022
Privacy policy
1. INTRODUCTION
At Ashridge House, we use certain elements of your personal data to provide our hospitality services to you. In this Privacy Policy, we have described how we collect, store and use your personal data. We take every care to protect your personal data and your privacy during this process in accordance with all relevant legislation. There are steps you can take to control what we do with your personal data and these are explained in the policy.
By personal data, we mean data which could be used to identify you, including your name and contact details, and any related data which could be attributed to you. It may also include information about how you use our website and other services.
2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA
EF Corporate Education Ltd is responsible for your personal data. Our registered address is 22 Chelsea Manor Street, London, England, SW3 5RL. We are registered as a company in England and Wales under company number 07434504.
We are the data controller of the personal data which we collect from you, and so we are responsible for the ways your personal data are collected and the purposes for which your personal data are used. Where we only use personal information as allowed by our corporate customers (where we are acting as a ‘processor'), our customers are similarly responsible for the obligations of a ‘controller’ under applicable laws for the data that they share with us about you and we will act as a ‘processor’ on their behalf. This applies, for example, if you are a participant in any of our executive education programs hosted at Ashridge House. If you are using our services through your employer, you should contact them if you have questions or concerns about the processing of your personal information or compliance with applicable laws.
3. HOW WE PROTECT YOUR DATA
We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to your personal data.
We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
The vast majority of our data processing is undertaken in the United Kingdom and European Economic Area (EEA). We will ensure that any data that is processed outside of the United Kingdom or EEA adheres to the same security standards as that processed inside the United Kingdom and EEA. Unless the UK Government and/or the EU Commission has decided that a country ensures an adequate level of protection for personal data, we will use contracts based on the European Commission’s standard contractual clauses for international data transfers, the UK international data transfer agreement (IDTA) and/or UK the international data transfer addendum to ensure compliance with applicable law.
4. WHAT PERSONAL DATA WE COLLECT FROM YOU
Depending on how you use our services, we may collect any of the following personal data from you:
Type of personal data: Your name and contact details (email address, telephone number, address)
Places where these may normally be collected: When you make a booking or reservation (including via 3rd party agents)
When you make an enquiry, complete a form or download a brochure (including via 3rd parties)
When you register for our free Wi-Fi
When you sign up to our marketing database
When you enter a competition
When you purchase a gift voucher
When you become a member of our gym
When you fill out a feedback form
Type of personal data: Information about your activity with us
Places where these may normally be collected: When you make a booking or reservation
When you make an enquiry or complete a form
Type of personal data: Names of fellow guests, including the age of any children
Places where these may normally be collected: When you make a booking for people other than yourself
Type of personal data: Communication we have with you (emails, letters, telephone calls, messages sent to us, feedback)
Places where these may normally be collected: When you get in touch with us
When you respond to our requests for feedback
Type of personal data: Information about your activities at Ashridge House
Places where these may normally be collected: We use CCTV in and around Ashridge House.
We keep a record of phone numbers dialled, and call duration, from bedroom phones for billing purposes.
Type of personal data: Payment card details
Places where these may normally be collected: When facilitating payment by card
Type of personal data: Information about how you use our website and emails (including your IP address, browser type, geographical location, referring website or source, the duration of your visit, pages viewed and files downloaded)
Information about your interests and preferences
Places where these may normally be collected: When you use our website (e.g., to browse or to make a booking)
When you accept our cookies placed on your device
When you open our marketing emails
When you interact with our online advertisements
When you get in touch with us
When you respond to our requests for feedback
We may also collect limited amounts of more sensitive personal data in order to provide certain services to you:
i. When you join our gym or have a consultation with a personal trainer, we will collect certain information relating to your health
ii. You may give us information about any allergies or other special requirements you have
iii. We may collect more sensitive information if you have had an accident at Ashridge House.
Please see the information below on how we use and protect all of your personal data, including sensitive data.
5. HOW WE USE YOUR PERSONAL DATA
We can only use your personal data if we have a valid reason (or "lawful basis") for doing so. The law defines a number of possible reasons, of which the following four apply to our use of your data:
i. To fulfil a contract we have with you
ii. When you consent to it
iii. If we have a legal obligation to use your data for a particular reason
iv. When it is in our legitimate interests
In cases where we have chosen "legitimate interests", we will give you further information on what these interests are and why the processing of your data is necessary to achieve this. If we choose this basis, we will have ensured that we have balanced our interests against yours and believe that you would reasonably expect us to use your data in this way.
You can find detail on the different ways in which we use your personal data, and the reasons for doing so, below.
What we use your personal data for: To respond to your enquiries or requests
Lawful basis: Legitimate Interests
Our legitimate interests: As you have made an enquiry with us, we need to respond to this enquiry
What we use your personal data for: To process any reservations or bookings you may have with us; before and during your stay
Lawful basis: Contract
Our legitimate interests: Not applicable
What we use your personal data for: To give you further information about any reservations, bookings or subscriptions you may have with us
Lawful basis: Legitimate Interests
Our legitimate interests: We want you to have the best possible experience
What we use your personal data for: To send you requests for feedback on your experience with us
Lawful basis: Legitimate Interests
Our legitimate interests: We continually strive to improve our services and need your input to do so
What we use your personal data for: To inform you about our news and offers that we think you might be interested in
Lawful basis: Consent, Legitimate interests
Our legitimate interests: We think you will be interested in offers that are similar to what you have previously purchased with us, you can opt-out at any time.
What we use your personal data for: To meet certain legal responsibilities, e.g., collecting registration data or cooperating with police
Lawful basis: Legal obligation
Our legitimate interests: Not applicable
What we use your personal data for: To combat fraud and manage risk for us and our customers
Lawful basis: Legitimate interests
Our legitimate interests: We need to protect our business and our customers
What we use your personal data for: To respond to complaints and to seek to resolve them, including refunds where appropriate.
Our legitimate interests: To investigate accidents and improve our processes for the future
Lawful basis: Legitimate interests
Our legitimate interests: We want to resolve complaints as best we can. We also want to improve processes and service levels for the future.
What we use your personal data for: To personalise your experience on our digital channels and our interactions with you (see detail below).
Lawful basis: Consent
Our legitimate interests: We would like you to have the best possible experience with us.
6. HOW WE USE YOUR DATA TO PERSONALISE YOUR EXPERIENCE
We use the data we collect about you from different sources to try to understand more about you and your preferences, so that we can personalise your experience. We use data that you have directly given to us (such as through reservations or enquiries) as well as data we have obtained from your online activities, such as interactions with our marketing emails or activities on our website (including the use of Cookies). You can find out more about Cookies in our Cookie Policy.
We use these data to personalise your experience in the following ways:
i. To identify your likes and dislikes, so that in future we send you news and offers that are more interesting to you
ii. To understand more about your preferences and purchasing habits, so that we can match you with similar customers and use this to offer you and other customers more relevant products and services. Sometimes we use third party systems or tools to help with this.
iii. To help you complete a booking, if you leave the booking path before your booking is finalised.
iv. To show you more relevant advertising online
7. HOW WE WORK WITH THIRD PARTIES
We use a number of third party systems to collect and process your data for the purposes shown above. This includes our website (which is developed and hosted by a third party), our reservation systems and some marketing systems (such as email systems). We ask that they follow the same rigorous data protection standards that we do.
We will share transaction data with our payment services provider only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with any complaints and queries relating to them.
We collect personal data from third party agents who process reservations or other information on our behalf.
We will never sell, rent, loan or share your personal data with a third party for the purpose of marketing activity of any nature, unless you have provided us with explicit permission to do so.
8. HOW LONG WE KEEP YOUR DATA
We only keep your data only for as long as we need it. How long we need data depends on what we are using it for, as described above.
We will actively review the personal data we hold and when there is no longer a need for us to hold it, we will either delete it securely or in some cases anonymise it.
We aim to destroy any paper copies of your personal data as soon as they have served their purpose (e.g., once information has been entered into a system). In the cases where we need to keep paper copies for longer, we ensure that they are stored securely and access is limited.
9. YOUR RIGHTS AND HOW TO MANAGE THE MARKETING COMMUNICATIONS YOU RECEIVE
You have a number of rights with regard to your data, which include:
i. The right to access your data
ii. The right to rectify your data, if you believe there is an error such as the spelling of your name
iii. The right to delete your data or restrict their use
iv. The right to object to certain uses of your data
v. The right to request that we provide you with copies of your data in a machine-readable format or transfer it across different services
vi. The right to withdraw your consent to process your data.
Should you wish to exercise any of these rights, please contact us at: EF Language Learning Solutions Ltd (FAO: Finance Manager) Haldenstrasse 4, 6006 Luzern, Switzerland and e-mail it to cs.contracts@hultef.com. We will deal with data access requests promptly and in any event within a month of receiving it, or (if later) from the day any information requested to confirm the requester’s identity is obtained. In rare cases, when the request is particularly complex or numerous, this deadline may be extended by a further two months (in which case we will let you know within one month).
We may send you marketing communications by email if you have opted in to receive such emails (e.g., at the point of purchase or when checking in), or if you have recently opened one of our marketing emails and have not told us that you no longer wish to receive marketing emails.
You have the right to opt out of receiving future marketing communications at any time and can do so by clicking the unsubscribe link in any email that we have sent you. Alternatively, you can email concierge@ashridge.hult.edu to ask to be removed from our mailing list.
Please note that if you tell us that you do not wish to receive marketing communications, you will still receive service emails which are directly related to your reservations or subscriptions, for example a booking confirmation.
10. IF YOU HAVE ANY FURTHER QUESTIONS OR COMPLAINTS
Please contact us at: EF Language Learning Solutions Ltd (FAO: Finance Manager) Haldenstrasse 4, 6006 Luzern, Switzerland and e-mail it to cs.contracts@hultef.com in the first instance. If you are not satisfied with the response that we give you, you have the right to complain to the Information Commissioner’s Office (ICO), whose details can be found on www.ico.org.uk