COVID-19 Staff and Visitor Privacy Notice

Effective [4th July 2020]

Interstate Hotels and Resorts (“Interstate“, “we” or “us“) are committed to protecting the privacy of personal information collected in response to the management and prevention of COVID-19.

This Privacy Notice (“Notice“) applies to:

  • any Staff working in our hotels (“Staff“) located in the UK (collectively, “Hotels“). For the purpose of this Notice, Staff includes contractors, interns, prospective employees, and other third parties engaged to carry out work for us; and
  • any individual visiting the Hotels for any purpose (“Guests“).

This Notice explains what types of personal information we collect, how we use it, and with whom we share it. It also sets out what rights apply to this personal information.

Types of personal information we collect

During the course of the COVID-19 outbreak, Interstate wishes to prevent the spread of this virus by processing personal data, from Staff and Guests. For Staff and Guests working or visiting at any of the Hotels, this includes the collection of your name, surname, email address and telephone number. This information will be collected through our Data Capture Slip.

Purposes for processing your personal data

Interstate processes your personal data in order to protect you and others from COVID-19 when working or attending one of our Hotels. Interstate will do this by providing your information to the Track and Trace Team when they request is if they suspect you may have come into contact with someone who has tested positive for Covid 19.

Please note that Interstate will share your personal data with the following teams depending on your location:

  • England –Test and Trace
  • Scotland – Test and Protect
  • Wales and Ireland – Test, Trace and Protect

In this Notice, we collectively refer to all these third parties as the Track and Trace Team.

If you are contacted by the Track and Trace Team, they may request further information from you. The Track and Trace Team are a separate data controller from Interstate. Consequently, their use of your personal data (collected through us or directly from you) will be governed by their own privacy notice.

Legal basis for processing your personal data (EU Staff and Guests only)

Generally, we process your non-sensitive personal data on the basis of our legitimate interests, where these are not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you (for example, if necessary to provide health, safety and well-being of our Guests and Staff), or may otherwise need to collect this information to protect your vital interests or those of another person.

Interstate will rely on its legal obligations to protect the health, safety and well-being of its Guests and Staff (where this legal requirement exists). If this is not possible, then we may rely on another applicable legal basis such as processing which is necessary on the basis of EU or Member State law to (i) protect substantial public interest, or (iii) for reasons of public health, protect against serious cross-border threats to health.

Who we share your personal data with

Your personal data may be shared within Interstate, but access to it will be limited to a reduced number of Staff, on a need-to-know basis. For Staff, this will predominantly be within the HR department, and if applicable, your direct line manager.

Notwithstanding the above, we may be required to disclose your personal data to third parties, such as the NHS Track and Trace Team. Such disclosure will be on a need-to-know basis and in accordance with applicable data protection law. Your personal data may be made available to other medical entities or doctors if it proves necessary to fulfil Interstate’s legal obligation or protect your vital interests. In addition, personal data may be made available to the relevant authority in relation to people who have a confirmed diagnosis of COVID-19.

International data transfers

We will not share your personal data collected in accordance with this Notice to anyone outside the EEA.

Data retention period

Your personal data collected via the Data Capture Slip, will be stored for 21 days from the point of collection after which it will be securely deleted.

Your data protection rights

You may exercise the rights available to you under applicable data protection laws as follows:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided
  • In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal Again, you can exercise these rights by contacting us using the contact details provided below.
  • If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Contact Us

If you have any questions or concerns about our use of your personal information, please contact us using the following details: donna.simpson@interstatehotels.com.