HotelsCert is committed to good governance and transparency. This policy sets out what we do with your information when we collect it, why we collect it and how we dispose of it.

What Are Your Rights?

If we have collected any of your personal data, then you have a number of rights. These are:

• To have confirmation of what data we hold on you and what we do with that data

• To have a copy of the data we hold provided to you free of charge

• The right to correct the information we hold on you if it is factually incorrect

• The right to object to us using your information

• Under certain circumstances you have the right to have your data erased and to tell HotelsCert to cease further dissemination of your data to third parties

• You also have the right for your data to be transferred to another organisation in an electronic format

When do we have to ask you for the right to collect your personal data?

If we collect Special Category Data, we might need to ask your permission. Special category data includes any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

HotelsCert has no need to collect this information for any of its activities and will not collect this information under any circumstances.

We will only collect data for:

• For the purposes of legal compliance and for payment of expenses, information on our trustees and committee members

• In order for us to provide quality assurance and accreditation activities for your organisation

• The dissemination of HotelsCert newsletters

• Contacting you to follow up on an enquiry you have made to us

What we don’t do with your data

• We will not use your data for automated decision making

• We will not use your data for profiling purposes

• We will never sell your data

• We will not share your data for any other purpose than that described above

Why do we collect your data and what do we do with it?

HotelsCert collects data for a number of reasons and the best way for us to explain why we collect the data and what we do with it is to address category of data collection separately.

What data do we collect?           

We collect information on staff, senior managers and owners of the organisation. We also collect student names for the purposes of conducting student interviews

Do we share your data with anyone outside of HotelsCert?


What is the legal basis for keeping my data?     

To comply with HotelsCert certification requirements.

Who has access to my records?

HotelsCert staff and the inspectors inspecting your organisation.

Newsletter Distribution List

What data do we collect?           

We collect your name, email address and the name of the organisation you represent.

What is the legal basis for keeping my data?     

Informed consent. You will be asked to confirm your willingness to accept your inclusion on the Newsletter distribution and to receive further information on HotelsCert services.

What would happen if I refused to give you this data? 

We will not be able to send you the HotelsCert Newsletter or provide you with information on HotelsCert services.

Who has access to my records?

HotelsCert staff involved in the distribution of the newsletter

How long will my records be kept for once I withdraw my consent?      

You may withdraw your consent at any time. This will mean you will not receive any further newsletters.

Any information we hold on you will be removed from the HotelsCert contacts database immediately.

Enquiries List

What data do we collect?           

We collect your name, email address and organisation details.

Who has access to my records?

HotelsCert staff who have the responsibility of following up on your enquiry.

How long will my records be kept for once I withdraw my consent?      

We will contact you three times to follow up on any accreditation enquiries you have made but will remove your details from our enquiries list after six months.

The Website

This website and it’s owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website comply’s to all UK national laws and requirements for user privacy.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.