Privacy policy of Danubius Hotel Regents Park
This Privacy Policy sets out how CP Regents Park Two Ltd. (Danubius) uses and protects your personal data. Danubius is the Controller for personal data given to us by guests or prospective guests using the site bookings.danubiushotels.com, as well as for other groups of individuals identified in the policy such as guests interacting with us through different channels, business contacts, and our staff.
The recording of bookings on bookings.danubiushotels.com is managed by Sceptre Hospitality Resource (“SHR”), a USA company. Our contractual arrangements with SHR incorporate suitable safeguards over your personal data in order to protect the rights you have under EU legislation. In
particular, SHR is registered for the “EU U.S. Privacy Shield”. This is an intergovernmental agreement between the EU and the USA and is recognised by the EU Commission as ensuring enforceable protection of personal data equivalent to data protection standards in the EU. The EU Commission decision can be seen on their official website, for example their press release of 18 October 2017 at http://europa.eu/rapid/press-release_IP-17-3966_en.htm.
In the course of its business activities, Danubius requests, obtains, and processes personal data from guests, prospective guests, business contacts, staff, and other individuals. We aim to process the minimum personal data we need in order to provide a good service. We recognise and respect the legal rights and reasonable expectations of individuals over their personal data and privacy.
This Privacy Policy explains how we protect personal data and privacy. Many of the principles we follow are driven by the EU’s General Data Protection Regulation (GDPR). However, we comply with all applicable legal requirements on personal data protection and privacy.
You can navigate through the Disclosure using the hyperlinks in the table of contents below. You can also download a PDF version with the hyperlinks embedded by clicking here.
We have tried to make this Privacy Policy easy to use and to understand, within the constraints of the complexity of the information we have to communicate. If you have any questions on the material or any comments or suggestions as to how we might improve the Disclosure, please contact us at: privacyact@danubiuslondon.co.uk
You can navigate through this Policy by clicking through the table of contents below. The main sections are the first two which cover:
1 Your rights under GDPR
2 The different processing activities in Danubius
Table of Contents
1) Legal rights of individuals (“data subjects”) under GDPR
1.1 Right to receive transparent information
1.2 Right of access to your own data
1.3 Right to rectify inaccurate data
1.4 Right to erasure (“Right to be forgotten”)
1.5 Right to withdraw consent
1.6 Right to request restriction of processing
1.7 Right to object to processing
1.8 Right not be subject to automated decisions
1.9 Data portability
1.10 Right to complain to a “Supervisory Authority”
1.11 Contacting Danubius regarding GDPR
2) Processing activities
2.1 Room reservation
2.2 Check-in
2.3 Check-out
2.4 Accidents
2.5 Sales & Marketing
2.6 Guest questionnaire and evaluation systems
2.7 Surveillance cameras
2.8 Europoints Loyalty
2.9 Cookies (“remarketing codes”)
2.10 Job applications
2.11 Staff
2.12 Business contacts
3) Legal reference information (including contact details)
4) Terms and abbreviations used in this Disclosure
1) Legal rights of individuals (“data subjects”) under GDPR
The “data subjects” covered by GDPR are living individuals anywhere who deal with a “controller” in the EU, or living individuals in the EU who deal with a controller outside the EU. A “controller” is the legal entity which defines how personal data is processed. “Personal data” is any data which can be linked to a data subject.
As explained below, data subjects have the following specific rights under GDPR:
a) Right to receive transparent information
b) to Right of access to your own data
c) Right to rectify inaccurate data
d) Right to erasure (“Right to be forgotten”) in specific circumstances
e) Right to withdraw consent
f) Right to request restriction of processing
g) Right to object to processing
h) Right not be subject to automated decisions
i) to “Data portability
j) Right to complain to a “Supervisory Authority”
This Policy addresses all of these rights. Under your request on any of them, we will respond without undue delay and in any case within one month, and we will do our best to resolve even complex cases within three months. We will respond to you electronically or by such other medium as you request. We will not charge a fee for an initial request, but we reserve the right to charge an administrative fee for handling a request repeated with a year.
Note that we will need to verify your identity to be able to act on any request.
If we believe that we should not act on your request, we will write to inform you of the basis for our decision, and also of your options for legal remedy.
Separately from these rights, if you believe that Danubius has mistreated you with regard to your personal data or your privacy, please contact us so that we can rectify the situation and improve our service to all guests. You can send a formal complaint to us by email or by post to the address given in section 1.11 “Contacting Danubius regarding GDPR” below.
We will aim to respond without undue delay and in any case within a month, although it may take us longer to investigate fully.
1.1 Right to receive transparent information
We will provide all information required by GDPR to you in a concise, transparent, intelligible and easily accessible form, using clear and plain language, particularly for any information specifically for children. We shall provide the information in writing or by electronic means. If you request, we will provide information orally.
We will facilitate your exercising your rights as described in the rest of section 1 below.
Section 1.11 “Contacting Danubius regarding GDPR” below gives email and postal addresses for contacting us. Certain sections on individual activities in section 2 give dedicated addresses for specific enquiries.
1.2 Right of access to your own data
You have the right to obtain from Danubius confirmation as to whether personal data on you is being processed, and, if so, to access the data and the following information:
a) the purpose of the processing
b) the categories of personal data concerned
c) the recipients to whom we have disclosed or will disclose the personal data, in particular recipients in countries outside the EU
d) the period for which the personal data will be stored
e) the existence of your right to request us to rectify or erase personal data or to restrict processing of personal data or to object to such processing
f) your right to lodge a complaint with a Supervisory Authority
g) where the personal data are not collected directly from you, information as to their source
h) whether there is any automated decision-making from the data, and, if so, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
i) Where we transfer your personal data to a country outside the EU, the appropriate safeguards we have in place to protect your rights.
1.3 Right to rectify inaccurate data
If we hold inaccurate or incomplete personal data on you, we will rectify this without undue delay on receiving your request.
1.4 Right to erasure (“Right to be forgotten”)
You have the right to request us to erase your personal data and for us to act on the request without undue delay, where one of the following grounds applies:
(a) Your data are no longer necessary in relation to the purposes for which they were originally processed
(b) You withdraw consent and we have no other legal basis for processing your data
(c) Our basis of lawfulness for processing is our legitimate interests, and you claim that we have no legitimate grounds for the processing which override your interest, rights, and freedoms
(d) The processing is for direct marketing, and you object to this
(e) We have been unlawfully processing your data
(f) We have to erase your data for compliance with a legal obligation in EU or Member State law to which we are subject
(g) Our basis of lawfulness for processing the data is consent given by a guardian for a child, and either (I) you are the guardian and the child is still under the age of consent, or (II) you are the child now older than the age of consent. (In UK, the age of consent for processing of personal data is 13.)
1.5 Right to withdraw consent
Where you have given us consent for any processing, you have the right to withdraw consent at any time. You can do this by sending a request to the email address given in the relevant subsection of section 2 Activities below, which lists the different activities for which we manage personal data.
Alternatively, you can write to us at the address in section 1.11 below.
Note that your withdrawal of consent will not affect processing which we have already done.
1.6 Right to request restriction of processing
You can request that Danubius restricts the processing of your personal data where one of the following applies:
- You contest the accuracy of the personal data
- We no longer have a basis of lawfulness for processing, but you oppose us erasing the data and you request that we restrict their use instead
- We no longer need the data for the original purpose, but you require them for the establishment, exercise, or defence of legal claims
- You object to our processing on the grounds that we state our legal basis as “our legitimate interests” but you claim that your “interests, rights, and freedoms” override these.
Where processing is restricted under your objection, except for continuing to store the data we shall process them only with your consent or:
a) for the establishment, exercise or defence of legal claims
b) for the protection of the rights of another person, or
c) for reasons of important public interest of the EU or of a Member State.
Where we restrict processing, we shall inform you before we lift the restriction.
Operational practicalities may prevent us restricting processing precisely as envisaged by GDPR, but in such a case we will work with you to try to find a satisfactory resolution.
1.7 Right to object to processing
You have the right to object to our processing your personal data where:
- Our basis of lawfulness for processing is “our legitimate interests” but you claim that your “interests, rights, and freedoms” override these
- We process your data for direct marketing purposes, including “profiling” to the extent that it is related to such direct marketing. (Profiling is automated decision making which analyses or predicts aspects such as your economic situation, personal preferences, behaviour, or location.) Where you make such an objection we shall no longer process your data for such purposes.
1.8 Right not be subject to automated decisions
You have the right not to be subject to a decision based solely on automated processing, if this produces legal effects on you or similarly significantly affects you.
However, this does not apply:
(a) if the decision is necessary for us to perform a contract with you or if we have your explicit consent, or
(b) if the automated process is authorised by a EU or Member State law which also defines measures we have to follow which safeguard your rights, freedoms, and legitimate interests.
In case (a), we have to implement suitable measures to safeguard your rights, freedoms, and legitimate interests. This includes at least your right to make us ensure human intervention, and your right to express your point of view and to contest the decision.
1.9 Data portability
GDPR gives a data subject the right in certain circumstances to receive the personal data concerning him or her “in a structured, commonly used and machine-readable format”. The right includes having the personal data transmitted directly from one controller to another, where technically feasible.
Where you apply under 1.2 above for access to your own personal data, we will normally supply this in a commonly-used electronic format, unless you specifically ask us to send you a written copy.
1.10 Right to complain to a “Supervisory Authority”
If you believe that we have treated you unfairly or unlawfully under GDPR, you can complain to a Supervisory Authority for data protection. If you are normally resident in an EU country other than the UK, you have the right to raise a complaint with the Supervisory Authority of that country. This link will give you the name and contact details:
http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection- authorities/index_en.htm
If you are normally resident in the UK or outside the EU, you can complain to the UK Authority:
Information Commissioner's Office Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Email: casework@ico.org.uk
1.11 Contacting Danubius regarding GDPR
Certain sections on individual activities in section 2 give dedicated contact addresses for specific enquiries. Otherwise, to exercise one of the rights described above, or to make a complaint directly to Danubius or to contact us with a general enquiry regarding GDPR or privacy, the email and postal addresses are:
privacyact@danubiuslondon.co.uk
Privacy Officer
Danubius Hotel Regents Park 18 Lodge Road, St John’s Wood. London NW8 7JT
2) Processing activities
2.1 Room reservation
For reservations made online, in person at a hotel, or by phone, we ask for some or all of the following personal data fields:
- Full name
- Title
- Arrival date
- Departure date
- Number of adults or children (and age range) in the room
- Type of room
- Full credit card details
- Email address
- Full postal address
- Arrival time
- Disability requirements
- Free text – including for example any preferences
Purpose
The purpose of our collecting this data is to enable us to identify the guest making the reservation, so that we can keep the room for the right person at check-in, and to record a means of payment so that we avoid financial risk if the guest does not check in to the hotel. We will use your email address (i) in the unusual situation where we have to advise you of a change impacting your reservation
(ii) three days before your planned arrival, in order to remind you of details such as the hotel address and check-in time, and
(iii) three days after you leave, to ask for comments on your stay in order that we can improve our service for future visits for you and other guests.
Lawfulness
The basis of lawfulness of our processing this data is that we need them in order to fulfil a contract to reserve a room for you. We process your email address in addition to send you a post-stay email for “legitimate interests pursued by the controller, except where such interests are overridden by the
interests or fundamental rights and freedoms of the data subject”. Our legitimate interests here are maintaining a high quality of service, and we believe that sending you the post-stay email does not affect your fundamental rights.
If you do not give us the data requested we will either be unable to reserve a room for you or be unable to contact you if there is a problem.
Transfer of data outside the EU
When you make a reservation on our website you are entering data into an application run by Sceptre Hospitality Resource, a USA company. Your personal data is therefore transferred outside the EU. In order to ensure that you maintain the rights you have under GDPR over your personal data, we have implemented the following safeguards:
a) We have contractual terms between Sceptre and ourselves defining and restricting the processing they do on the data;
b) Sceptre is certified for the “EU – US Privacy Shield”. This is an intergovernmental agreement between the EU and the USA and is recognised by the EU Commission as ensuring protection of data equivalent to data protection standards in the EU.
The EU Commission decision can be seen on their official website, for example their press release of 18 October 2017 at http://europa.eu/rapid/press-release_IP-17-3966_en.htm.
Retention
We manage retention of personal data at the level of individual data fields, rather than at the level of the total data for a guest. For example, we may retain a record of your name and check-in date for longer than your email address.
In some cases we have a statutory obligation to hold personal data for an extended period. The main categories are:
- Where information is needed for an invoice or other tax records, we have a statutory obligation to retain this for 6 years after the end of the tax year. Thus if we invoice you on check-out on 30 June 2018, we have to keep the data until 5th April 2025.
Where we do not have such a statutory obligation, we keep personal data for 4 years from check-in. We have chosen this period based on the desire of some guests to have their data available when they book for a subsequent visit to one of our hotels.
We delete all personal data after the longest of the relevant retention periods above.
Your data will continue to exist temporarily on backup files after this deletion, but we use IT security techniques to ensure that these are accessible only for the purpose of restoring the database in the event of a loss of data and that they cannot be copied to reveal data. We destroy backup files on a rotating basis within 7 Days.
If you want to exercise any of your right listed in section 1 or to contact us for any other reason regarding this data, please email privacyact@danubiuslondon.co.uk.
2.2 Check-in
For hotel check in at the hotel we ask for some or all of the following personal data fields:
- Full name
- Title
- Arrival date
- Departure date
- Passport details (If non-UK resident)
- Vehicle registration number
- Number of adults or children (and age range) in the room
- Type of room
- Full credit card details
- Email address
- Full postal address
- Arrival time
- Disability requirements
- Free text – including for example any preferences
Purpose
The purpose of our collecting this data is to verify the reservation for the individual at check-in, and to record a means of payment so that we avoid financial risk. We will use your email address three days after you leave, to ask for comments on your stay in order that we can improve our service for future visits for you and other guests.
Lawfulness
The basis of lawfulness of our processing this data is that we need them in order to fulfil a contract to provide a room for you. We process your email address in addition to send you a post-stay email for “legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject”. Our legitimate interests here are maintaining a high quality of service, and we believe that sending you the post-stay email does not affect your fundamental rights.
If you do not give us the data requested we will either be unable to reserve a room for you or be unable to contact you if there is a problem.
Retention
We manage retention of personal data at the level of individual data fields, rather than at the level of the total data for a guest. For example, we may retain a record of your name and check-in date for longer than your email address.
In some cases we have a statutory obligation to hold personal data for an extended period. The main categories are:
- Where information is needed for an invoice or other tax records, we have a statutory obligation to retain this for 6 years after the end of the tax year. Thus if we invoice you on check-out on 30 June 2018, we have to keep the data until 5th April 2025.
Where we do not have such a statutory obligation, we keep personal data for 4 years from check-in. We have chosen this period based on the desire of some guests to have their data available when they book for a subsequent visit to one of our hotels.
We delete all personal data after the longest of the relevant retention periods above.
Your data will continue to exist temporarily on backup files after this deletion, but we use IT security techniques to ensure that these are accessible only for the purpose of restoring the database in the event of a loss of data and that they cannot be copied to reveal data. We destroy backup files on a rotating basis within 7 Days.
If you want to exercise any of your right listed in section 1 or to contact us for any other reason regarding this data, please email privacyact@danubiuslondon.co.uk.
2.3 Check-out
For hotel check out at the hotel we ask for some or all of the following personal data fields:
- Full name
- Title
- Arrival date
- Departure date
- Type of room
- Full credit card details
- Email address
Purpose
The purpose of our collecting this data is to verify the details of your stay for the individual at check- out, and to record a means of payment so that we avoid financial risk.
Lawfulness
The basis of lawfulness of our processing this data is that we need them in order to complete our contract for your stay.
Transfer of data outside the EU
If you reserve a room through a travel agent, when you check out, we may pay commission to the agent trough Onyx CentreSource, a USA company. The data we send is your name, arrival data, departure date, and amount of commission. The travel agent will already have this information, but Onyx will not previously have received it. Our transfer of data to Onyx is under an existing contract which guarantees confidentiality, but we are still negotiating with Onyx to get fully GDPR compliant terms. Given the low risk of this data, we believe that the "proportionality" provision of GDPR - which allows us to balance cost and benefit, provided we take into account the potential impact on the data protection rights of individuals - justifies us in continuing to use this channel of paying commissions while we finalise contractual arrangements.
Retention
We manage retention of personal data at the level of individual data fields, rather than at the level of the total data for a guest. For example, we may retain a record of your name and check-out date for longer than your email address.
In some cases we have a statutory obligation to hold personal data for an extended period. The main categories are:
- Where information is needed for an invoice or other tax records, we have a statutory obligation to retain this for 6 years after the end of the tax year. Thus if we invoice you on check-out on 30 June 2018, we have to keep the data until 5th April 2025.
Where we do not have such a statutory obligation, we keep personal data for 4 years from check-in. We have chosen this period based on the desire of some guests to have their data available when they book for a subsequent visit to one of our hotels.
We delete all personal data after the longest of the relevant retention periods above.
Your data will continue to exist temporarily on backup files after this deletion, but we use IT security techniques to ensure that these are accessible only for the purpose of restoring the database in the event of a loss of data and that they cannot be copied to reveal data. We destroy backup files on a rotating basis within 7 Days.
If you want to exercise any of your right listed in section 1 or to contact us for any other reason regarding this data, please email privacyact@danubiuslondon.co.uk.
2.4 Accidents (where guests are involved)
For accident reporting we hold some or all of the following personal data fields:
• Full name
• Title
• Arrival date
• Departure date
• Address
• Type of injury (Photographic if necessary)
There are equivalent procedures where only staff is involved. Purpose
The purpose of our collecting this data is to comply with health and safety regulations, the prevention
of further accidents of the same nature and for insurance purposes.
Lawfulness
The basis of lawfulness of our processing this data is that we need them in order to comply to health and safety legislation.
Retention
We retain this data for a maximum of 3 years to comply with health and safety regulations.
If you want to exercise any of your right listed in section 1 or to contact us for any other reason regarding this data, please email privacyact@danubiuslondon.co.uk.
2.5 Sales & Marketing
We do not send any marketing data unless we have received your positive consent for this. For guest marketing purposes we ask for some or all of the following personal data fields:
- Full name
- Title
- Email address
Purpose
The purpose of our collecting this data is to contact you with any marketing promotions or services that may be of interest.
Lawfulness
The basis of lawfulness of our processing this data is purely based on your consent. You are able to unsubscribe from this service at any time by clicking on the unsubscribe link on any marketing emails sent to you.
Retention
We will retain name and email data for 4 years unless you unsubscribe as outlined above.
If you want to exercise any of your right listed in section 1 or to contact us for any other reason regarding this data, please email privacyact@danubiuslondon.co.uk.
2.6 Guest questionnaire and evaluation systems
Provision of any of the data is completely optional.
For guest questionnaires and evaluation systems including live chat tools on the Danubius London website, we ask for some or all of the following personal data fields:
- Full name
- Title
- Arrival date
- Departure date
- Email address
Purpose
The purpose of our collecting this data is to collect guest feedback on their stay to improve the level of service to all guests.
Lawfulness
The basis of lawfulness of our processing this data is that we need them in order to maintain and improve our level of service. We process your email address in addition to send you a post-stay email for “legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject”. Our legitimate interests here are maintaining a high quality of service, and we believe that sending you the post-stay email does not affect your fundamental rights.
If you do not give us the data requested, the only impact on you will be that you will be unable to use this channel for a complaint in addition to feedback, as we need this information to progress complaints. You will however be able to complain to us through other channels.
If you want to exercise any of your right listed in section 1 or to contact us for any other reason regarding this data, please email privacyact@danubiuslondon.co.uk.
2.7 Surveillance cameras
For safety and security, we hold CCTV footage for 28 days. Purpose
The purpose of our collecting this data is to ensure guest and staff safety.
Lawfulness
The basis of lawfulness of our processing this data is that we need them for guest and staff safety and protection.
Retention
We retain CCTV footage for 28 days unless there is a legal reason for us to provide footage to authorities which may result in a longer retention period.
If you want to exercise any of your right listed in section 1 or to contact us for any other reason regarding this data, please email privacyact@danubiuslondon.co.uk.
2.8 Europoints Loyalty Programme
The Danubius Europoints Loyalty Programme is an exclusive service provided for Guests of the Hotel—natural persons—with the purpose of providing discounts to returning guests.
Within the programmes, Danubius Hotel Regents Park processes the following personal data:
In case of a natural person:
- Name
- Gender
- Postal address
- Address
- Phone number
- E-mail address
- Date of birth (minors under eighteen years of age may not participate in the programme)
Furthermore, we process your Loyalty card number and password.
Purpose of data processing:
Providing discounts for the participants. Sending notifications about the discounts.
Legal basis of data processing:
Your voluntary consent. You may withdraw your consent and may request the deletion of your data by sending an e-mail to dep(at)danubiushotels.com or a letter to the Danubius Hotel Regents park’s postal address (Danubius Zrt. 1051 Budapest, Szent István tér 11.), with the proviso that this shall not affect the lawful processing based on consent before its withdrawal. Please note that without giving your consent you may not participate in the Loyalty Programme.
Period of data processing:
The personal data shall be processed for as long as the data subject participate in the given programme. Membership status in the Loyalty Programme shall become inactive within 3 (three) years after the date of the last hotel service used. Danubius Hotel Regents Park shall retain the members' personal data for the period of time defined in the provisions of the relevant tax and accounting laws, and shall delete them after that period.
Joint data processing:
Please note that regarding the Loyalty Programme, for the sake of interoperability, Arisende s.r.o., CP Regents Park Two Ltd., Slovenske liecebne kupele Piešťany, a.s., SC Balneoclimaterica SA and Léčebné lázně Mariánské Lázně a.s. shall be joint controllers. For more information on the hotels, please refer to Section 3. of Danubius Hotels Group’s Privacy Policy. As regards the processing of data the joint controllers proceed in accordance with this Policy.
Participation in the programmes may occasionally require the provision of further personal data, in which case Danubius Hotel Regents Park may request the given data and inform the data subject about the purpose, manner and duration of data processing.
For Frequent Guests signing up to the newsletter or contributing to promotional activities, Danubius Hotel Regents Park shall further handle the data listed above according to the provisions in Section 2.5 in this Policy.
If you wish to exercise any of your rights referred to in Section 1, regarding the data recorded in the course of the above activities, or if you wish to contact us for any other reasons, please, inform us by sending an e-mail to privacyact@danubiuslondon.co.uk.
2.9 Cookies (“remarketing codes”)
Our website, along with many others, uses cookies. Cookies let users navigate around sites and (where appropriate) let us tailor the content to fit the needs of our site's visitors. Without cookies enabled we can't guarantee that the website and your experience of it are as we intended it to be. None of the cookies we use collect your personal information and they can’t be used to identify you.
2.10 Job applications
If you apply to work with Danubius, we will use the information you give us only to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside Danubius - for example, if we need a reference - we will make sure we tell you beforehand, unless we are required to disclose this information by law.
If you are unsuccessful in your job application, we will hold your personal information for 3 months after we have finished recruiting the position you applied for. After this date we will destroy or delete your information.
2.11 Staff
All of the information in this Disclosure and all of the rights described in section 1 also apply to Danubius’ staff and to our processing of their personal data.
We provide staff directly with full information of our Privacy Policy and of our processing of their personal data.
2.12 Business contacts
In common with most companies, we deal with individuals at other organisations and store their name, business function, and business contact details. This is done by mutual agreement in order to enable our two companies to communicate with a view to working together. Our basis of lawfulness for doing this is “for the performance of a contract to which the data subject is party or in order to
take steps at the request of the data subject prior to entering into a contract”.
We will not use the data on these business contacts other than to facilitate business with the other company. For example, we will not market services to the individuals whose data we hold or transfer the data to any third party.
At least annually we will review our records of business contacts and delete those which are no longer current.
3) Legal reference information (including contact details)
Under GDPR, Danubius, as the controller of the personal data which it processes, must publish information about its legal name and how to contact it, together with other details. This section contains all the information required by GDPR, together with some useful additional legal information.
The full legal name of the legal entities which operates our hotels is: CP Regents Park Two Limited trading as Danubius Hotel Regents Park
Its business activity is Hotel Operation and Services
Its registered address is: CP House, Otterspool Way, Watford, WD25 8JJ It is registered in England, with Company Registration Number: 05307946 Any contact for data protection is: privacyact@danubiuslondon.co.uk The UK Supervisory Authority for GDPR is:
Information Commissioner's Office (ICO) Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
4) Terms and abbreviations used in this Disclosure
Most of the definitions refer to the EU’s General Data Protection Regulation (GDPR). This is a legal document, and it is not possible to give a short definition in simple language which is fully exact. The aim here is to give a clear explanation which will facilitate the reader’s understanding; this may sometimes exclude detail of the full legal definition. Our policy is to comply with the full requirement of GDPR, and your rights are not affected by any simplification in the explanations here.