Privacy policy

Last updated: February 22, 2024

1. Background and purpose

Maybourne Hotels Limited (company no: 3669284) operates and manages Claridge's, The Connaught, The Berkeley, The Maybourne Beverly Hills, The Maybourne Riviera and The Emory – six of the most renowned hotels in the world - as well as the Maybourne Club, and Surrenne (our private wellness club) and Claridge’s online shop (www.shop.claridges.co.uk), which altogether trade under the name of Maybourne (“we” or “us”).

Our hotels have histories that stretch back over a century. And, while each one retains its timeless appeal and individual nature, we are committed to ensuring they are always in tune with the wants and wishes of today’s discerning guests.

We understand the importance of a seamless and bespoke experience. To achieve this, we share your personal data amongst our different hotels and clubs. This ensures that we can tailor your experiences to your preferences and needs each time you visit us, no matter the location. From your room choices to dining preferences, this information helps us anticipate and meet your needs every time you stay with us. This approach is essential to providing you with a continued luxury experience, making your travels effortless and providing individually crafted services.

References in this Privacy Notice to data protection laws mean all applicable data protection laws including the EU General Data Protection Regulation 2016/679 and the UK Data Protection Act 2018. View our CCPA Privacy Notice for California residents here. 

For any questions about this Privacy Notice or to exercise your rights under data protection law, please contact our Data Protection Officer at dpo@maybourne.com.

This Privacy Notice covers how we collect, use, store and disclose the data that you supply to us and your rights to access, amend and remove data that we hold about you. We are committed to protecting the privacy and security of your personal information and we will always treat you and your data with the respect you deserve.

This Privacy Notice covers personal data that we process about you in relation to:

  • your stay or travel with us (or make enquiries to stay or travel with us) either by you or by a third party through whom you have made an enquiry or booking;
  • your bookings and visits to our restaurants, bars, wellness spas and meeting facilities;
  • your membership of the Maybourne Club, Surrenne or any other private members club managed and operated by us;
  • your Maybourne Residency;
  • your interactions on any of Maybourne’s websites; and
  • our use of closed circuit television systems, card key and other security systems.

2. Data Controller

Maybourne Hotels Limited (UK company number 3669284) is the data controller with respect to your personal data and is registered with the UK Information Commissioner's Office with reference number Z7585735.

3. The personal data we'll collect about you

Personal data means any information about an individual which makes that person identifiable. It does not include data where the identity has been removed (anonymous data). We may process the following personal data about you:

  • Identity Data: includes name, nationality, country of residence, marital status, title, date of birth, profession, and gender.
  • Contact Data: includes address, email address, mobile phone numbers and preferred contact method.
  • Booking Data: includes communications with you, dates and details relating to your stays at our hotels or visits to our restaurants and wellness centres. It may also include booking information in relation to events held at our hotels.
  • Stay Data: includes any information about your requirements during your stay, including activities you may participate, facilities that you may use and any other bespoke services you request or make use of during your stay.
  • Membership Data: includes details about your Maybourne Club or Surrenne membership, including information regarding your joining fee and any ongoing membership fees.
  • Profile Data: includes information about your interests and preferences.
  • CCTV Data: includes static and moving images and may also include vehicle registration data.
  • Financial Data: includes bank account and payment card details.
  • Marketing Data: includes your preferences in receiving marketing from us and your communication preferences.
  • Transaction Data: includes details about payments to and from you.
  • Usage Data: includes website and app usage information such as date and time, originating IP address, domain name, type of browser and operating system used (if provided by the browser), URL of the referring page (if provided by the browser), object requested, completion status of requests, geographic location, device identifier and type, mobile network carrier name, browsing behaviour, search history, pages viewed, favourite pages, web logs, telemetry data and language preferences.

We do not collect data which is, by its nature, particularly sensitive (e.g. genetic data, biometric data, data revealing racial or ethnic origin, political opinions, sex life, sexual orientation, religion or other beliefs, data concerning health, criminal background or trade union membership) (“Special Category Data") unless it is volunteered by you.

We may use Special Category Data where it is permitted by law or where you have given your explicit consent to us. Such Special Category Data will only be shared with other members of Maybourne or our third party service providers acting as data processors (e.g. excursion providers, restaurants, transport providers, health and wellness experts) for the purpose of providing the services you request and will not be shared or used by us for any other purposes.

Examples of Special Category Data we may collect and process include:

  • food allergies;
  • dietary requirements which may imply or suggest your religion, health, or other sensitive personal data;
  • mobility requirements;
  • disabilities; and
  • medical conditions.

Our websites, apps and services are not intended for individuals under the age of 18. Generally, we do not collect personal data from individuals under the age of 18, except as part of the guest registration process with the consent of a parent or guardian.

4. How we collect your personal data

We use different methods to collect personal data from and about you including through:

Direct interactions:

You may give us your Identity, Contact, Membership and Financial Data by filling in forms or by corresponding with us by post, phone, email, using online forms or in any other way. This includes personal data you provide when you:

  • stay or travel with us and make reservations;
  • book and visit our restaurants, bars, wellness spas and meeting facilities or attend events at our hotels;
  • join the Maybourne Club, Surrenne or any other private members club managed and operated by us;
  • use the Surrenne and Maybourne apps;
  • visit our website and use our website to make enquiries, subscribe to our marketing materials or make purchases from the online gift shops;
  • give us feedback or contact us; or
  • purchase and own a Maybourne Residence.

To ensure that you are provided with a first-class service, telephone calls may be monitored or recorded for quality control and training purposes. We will always let you know in advance if we are going to record your call.

Indirect interactions:

To provide our highly personalised service, we may also add details about you to your guest or membership profile based on our in-person or digital interactions with you. For example, if you inform us of any personal preferences regarding your stay with us.

We may also collect your personal data from other third parties such as your travel agent, airlines, and providers of technical and payment services.

Personal data we collect automatically:

When you visit a Maybourne website, we may also collect certain Usage Data using “cookies” and other automated means. Cookies are small pieces of data that are stored by your browser on your computer's hard drive. We use cookies to gather data about the visitors to our websites, to enable us to improve our websites and deliver a better and more personalised service.

To learn more about cookies, how they are used and how to exercise your choice with respect to their collection of information on this site, please click here to read our Cookie Notice.

5. How we use your personal data

We will use your personal data for the purposes listed in the appendix to this Privacy Notice. However, in general terms, these purposes include:

  • providing you with a seamless booking experience;
  • facilitating your financial transactions;
  • making arrangements at our spas, restaurants, and bars;
  • personalising your experiences at our hotels and clubs;
  • stewarding your membership to our clubs;
  • curating member experiences and offers;
  • liaising with you to receive your comments, preferences, and feedback;
  • customising and improving our digital services;
  • tailoring your communications;
  • prioritising your safety and security; and
  • offering you with exclusive promotions that align with your preferences.

6. Sharing your personal data with anyone else?

We may transfer your personal data with trusted third parties in some circumstances, including:

Maybourne Operated Hotels

We may send personal data about you to other Maybourne operated hotels. For example, if you stay in one of our London hotels, then book to stay in our Beverley Hills hotels, we will make sure that our Beverley Hills hotel has access to your Stay Data and Profile Data, to ensure that they are aware of your preferences and can ensure you have a seamless and personalised stay with them.

External Third Parties

We may also provide limited personal data about you to other third parties outside of Maybourne to ensure that you have a seamless experience outside of Maybourne. This could be to hotels, chauffeur services, restaurants, and bars. 

We may also share personal data with the following:

  • Service providers acting as processors who provide IT and system administration services. For example, we use Shopify to power the Claridge’s Shop, you can read more about how Shopify uses your personal data here:
    www.shopify.com/legal/privacy.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Tax authorities, regulators and other authorities acting as processors or joint controllers based in France who require reporting of processing activities in certain circumstances.
  • Law enforcement agencies.
  • Third parties to whom we may choose to sell, transfer, form a joint venture with, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Notice.

International data transfers

Maybourne may need to transfer your personal data outside of the country from which it was originally provided. This may be within the Maybourne operated hotels or to third parties that we work with who may be located outside the UK and EU which have different data protection laws, or laws that are less strict compared with those in the UK and EU. Whenever we transfer personal data outside of the UK and EU, we take legally required steps to make sure that appropriate safeguards are in place to protect your personal data. This may include the use of Standard Contractual Clauses issued following the Commission Implementing Decision (EU) 2021/914 of June 4, 2021, of the European Parliament and of the Council and the UK Addendum issued by the UK Information Commissioner. Please contact us if you would like more information about the safeguards we use.

7. Direct marketing

We may use your personal data to send you direct marketing communications about our hotels, experiences, or our related services. This will be in the form of telephone, email, and post.

Where we are legally required, we will seek your permission before sending you any direct marketing. You have the right to stop receiving direct marketing at any time – you can do this by following the opt-out links in electronic communications (such as emails).

8. Data retention

Maybourne will only retain your personal data for as long as we feel that we have a relationship with you and will only use it for clear and explicit purposes, this may also include satisfying any legal, accounting or reporting requirements. Typically, where your information is no longer required, we will ensure it is disposed of in a safe manner.

Maybourne will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of complying with agreements that we have in place with you and for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.  

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements. For more information about our retention periods, please contact us.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely.

9. Updating your personal profile and preferences

You can update or change your preferences for the way you would like us to communicate with you - including how you receive news updates from us, or details of our latest offers by following the unsubscribe instructions in the correspondence we send to you.

10. Changes to this Privacy Notice

Maybourne may periodically update this Privacy Notice. This may relate to changes in the law, best practice, changes in our services or treatment of your personal data. Where necessary, we will notify you of these changes. We will always display when this Privacy Notice was last amended on the website.

11. Your rights under data protection law

Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of the rights set out below, please contact us as at dpo@maybourne.com.

You have the right to:

Request access” to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction” of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

Request erasure” of your personal data which enables you to ask us to delete or remove your personal data where: (i) there is no good reason for us continuing to process it, or (ii) where you are exercising your right to object to our processing (see below). We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing” of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing” of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the personal data’s accuracy.
  • Where our use of the personal data is unlawful but you do not want us to erase it.
  • Where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Withdraw consent at any time” where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Right to decide on the future of your data after your death” define directives concerning the storage, deletion, and communication of personal data after his or her death. A data subject can also designate a person to carry out these directives.

12. Contact us

In you have any questions in connection with your personal can contact our Data Protection Officer.

Email
dpo@maybourne.com

By Post
Data Protection Officer
Maybourne Hotels Limited
27 Knightsbridge
London
SW1X 7LY
United Kingdom

13. How to complain

Maybourne is committed to working with you to obtain a fair resolution of any complaint or concerns about privacy. If, however, you believe that Maybourne has not been able to assist with your complaint or concern, you have the right to make a complaint to the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113

Appendix

We will only use your personal data when the law allows us to. The table below explains the ways we plan to use your personal data and the legal bases we rely on for each purpose. We have also identified what our legitimate interests are where we rely on this basis. We use your personal data to:

Purpose

Personal Data

Legal Basis

Confirm your hotel reservations.

- Identity Data

- Contact Data

- Booking Data

- Stay Data

- Financial Data

- Transaction Data

- Profile Data

 

Contract – necessary to perform our contract with you.

Fulfil your orders placed at Maybourne hotels, Surrenne, our websites, and online shops.

- Identity Data

- Contact Data

- Booking Data

- Financial Data

- Transaction Data

 

Contract – necessary to perform our contract with you.

Manage your Maybourne Residency

- Identity Data

- Contact Data

- Financial Data

- Transaction Data

 

Contract – necessary to perform our contract with you.

Provide services such as spa treatments, custom excursions, gourmet dining and in room dining during your stay.

- Identity Data

- Contact Data

- Service Data

- Booking Data

- Stay Data

 

Contract – necessary to perform our contract with you.

Facilitate concierge when they make bookings, orders and reservations at restaurants, bars and other venues operated by third parties.

- Identity Data

- Contact Data

Legitimate Interests – necessary to provide you with services when you request them.

 

Fulfil your requests made at our hotels or via our websites.

- Contact Data

- Booking Data

- Stay Data

- Profile data

Legitimate Interests – necessary to provide you with personalised services and enhance your experience.

Send you emails that are related to your hotel stay, spa treatments, restaurant or bar reservations, your activities, and your car bookings (as appropriate).

- Contact Data

- Booking Data

- Stay Data

 

Legitimate Interests – necessary to provide you with information relevant to your stay and your bookings.

Respond to your inquiries or requests

- Contact Data

- Booking Data

- Stay Data

 

Legitimate Interests – necessary to respond to and honour your requests.

Send you emails about new offerings, services, and experiences.

- Contact Data

- Profile Data

- Marketing Data

 

Consent - only where you have given your consent for us to do so.

Facilitate and manage your Maybourne Club or Surrenne membership.

- Identity Data

- Contact Data

- Membership Data

- Financial Data

- Transaction Data

 

Contract – necessary to perform your membership agreement.

Provide you with bespoke membership benefits.

- Identity Data

- Contact Data

- Membership Data

- Profile Data

 

Legitimate Interests – necessary to provide you with exclusive membership benefits and offers.

Operate loyalty programmes

- Identity Data

- Contact Data

- Membership Data

- Profile Data

 

Legitimate Interests – necessary to provide you with exclusive rewards.

Manage your communications preferences.

- Contact Data

- Marketing Data

- Profile Data

 

Legitimate Interests - necessary to keep our records updated and ensure they reflect your preferences.

Maintain our records.

- Identity Data

- Contact Data

- Booking Data

- Membership

- Stay Data

 

Legitimate Interests - necessary to ensure accurate information within our organisation and comply with legal and regulatory obligations

Evaluate, develop, and improve our relationship with you.

- Identity Data

- Contact Data

- Booking Data

- Stay Data

- Profile Data

 

Legitimate Interests – necessary to analyse you feedback and preferences to enhance our luxury offerings.

Assist with health and safety compliance and manage other serious incidents which may include conducting internal investigations.

- Identity Data

- CCTV Data

Legitimate Interests - necessary to ensure health and safety and create a safe environment at our hotels for you, our members, and us.

Detect, prevent, or reduce crime.

- Identity Data

- CCTV Data

Legitimate Interests - necessary to ensure the security of our hotels, reduce the fear of crime and create a safer environment for you, our members, and us.

Respond to emergencies and incidents at our hotels.

- Identity Data

- Contact Data

Vital Interests - necessary to protect the vital interests of individuals by contacting emergency services in the event of incidents involving guests.

Improve our digital services.

- Usage Data

Legitimate Interests – necessary to help us deliver a better and more personalised digital services.