Privacy Policy of chestertownhouse.com

This Application collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Analytics

      • Google Analytics and Facebook Ads conversion tracking

        Personal Data: Cookies and Usage Data

    • Contacting the User

      • Contact form

        Personal Data: company name, email address, first name, last name and phone number

      • Mailing list or newsletter

        Personal Data: email address, first name and last name

      • Phone contact

        Personal Data: phone number

    • Infrastructure monitoring

      • StatusCake

        Personal Data: Cookies and Usage Data

    • Managing contacts and sending messages

      • MailChimp

        Personal Data: email address

    • Remarketing and behavioral targeting

      • Facebook Remarketing

        Personal Data: Cookies and Usage Data

    • SPAM protection

      • Google reCAPTCHA

        Personal Data: Cookies and Usage Data

Further information about Personal Data

    • Resdiary

      Disclaimer
      The advice given by us relating to the GDPR (General Data Protection Regulation) is for information purposes only. It is not designed to be an exhaustive guide to the requirements of the GDPR. It is your responsibility to ensure that you comply with the provisions of the GDPR and related legislation. Each company’s responsibilities relating to the GDPR will vary depending on individual circumstances; accordingly we will not be liable to you for your reliance on our advice provided in relation to the GDPR.

      You warrant, represent, and undertake to us that Personal Data shall comply with the GDPR in all respects including, but not limited to, its collection, holding, and processing.

      You shall be liable for, and shall indemnify (and keep indemnified) us in respect of any and all action, proceeding, liability, cost, claim, loss, expense (including reasonable legal fees and payments on a solicitor and client basis), or demand suffered or incurred by, awarded against, or agreed to be paid by, us and any of our Sub-Processors arising directly or in connection with:

      any non-compliance by you with the GDPR or other applicable legislation;
      any Personal Data processing carried out by us and any of our Sub-Processors in accordance with instructions given by you that infringe the GDPR or other applicable legislation.
      Data storage
      Data is stored securely in data centres managed by Rackspace in the UK. They are one of the leading Managed Security Service Providers in the world. Thousands of organisations, including global enterprises, use this company. Rackspace apply perimeter controls and these are unknown. No power critical systems are held in our offices. Rackspace data centres do have redundant connections to public utilities. Rackspace use standby generation facilities; they are not relevant for ResDiary offices. Fire/flood detection and suppression systems are employed in Rackspace centres, and in respect of ResDiary offices.

      Backup and Security
      In terms of security, access to security logs are strictly controlled within our development team, we follow advice from Microsoft as to when security patches should be applied, and we use Cloudflare to monitor for unauthorised intrusion attempts. Authorised support and sales executives have access to your diary; a smaller set of ResDiary staff have administrator access to our network and server infrastructure.

      Data breach
      In the event of a data breach, the point of contact from ResDiary is the Chief Operating Officer, Mike Breewood, who is also our Data Protection Officer. He will invoke the data control procedure with the Chief Technical Officer, Colin Winning, as required. Then we will report the breach to the relevant supervisory authority within 72 hours of the organisation becoming aware of it. We will notify affected venues within 48 hours of becoming aware of the breach.

      Data retention
      Please note that consent given does not last forever. Personal information will be retained for the purposes of making a booking and, if diners’ opt in, marketing. In the case of making a booking, personal data can only be used for a limited time, so you must ensure you have a retention policy in place. For the purposes of marketing, you should ensure you refresh opt-ins on a semi-regular basis.

      You will need to:

      review the length of time you keep personal data.
      consider the purpose or purposes you hold the information for when deciding whether (and for how long) to retain it.
      securely delete information that is no longer needed for this purpose or these purposes.
      update, archive, or securely delete information if it goes out of date.
      At ResDiary, we’ve agreed our data retention period will be 18 months. This means we will delete ResDiary profiles after 18 months of inactivity. We will be giving you the tools to create your own retention policy. Please note that your policy may be different from ours or other venues, depending on the type of venue you are.

      Email opt in
      To help you meet your new responsibilities, we are creating a new marketing preferences email that you should consider sending to your marketing list. If you send the email, and once people have responded to the suggested actions in the email, you will then have a sanitised database of people who have a genuine interest in interacting with your brand. We’re currently working on this, so watch out for pop ups in the diary and an email to let you know this communication is ready to be sent. We suggest that people who have not responded by 25th of May, or who have asked to unsubscribe, are removed from your mailing lists.

      Any client who wishes ResDiary to action this on their behalf must inform us in writing. Please email GDPR@resdiary.com to do this. ResDiary will execute opt-outs on behalf of clients within ten working days.

    • Guestline

      Location of Processing Operations
      Data is presently held in the U.K, in Manchester for primary processing and Northampton for secondary processing. After February 2018, primary processing may be conducted in Amsterdam and secondary processing in Dublin as we are gradually moving our customers to Azure.

    • Selling goods and services online

      The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.
      The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Application depends on the payment system used.

Contact information

    • Owner and Data Controller

      The Townhouse Chester
      49-51 Lower Bridge St
      Chester
      Cheshire West CH1 1RS

      Owner contact email: sales@chestertownhouse.com