Who are we?
- This Privacy and Data Protection Statement is issued by Yotel Limited (trading as YOTEL) and the YOTEL group of companies (collectively referred to as "YOTEL”, "we”, "us” or "our” in this Privacy and Data Protection Statement), which includes our affiliates and covers information that we collect and use in the course of our business. When we mention "YOTEL", "we", "us", or "our", we are referring to the relevant company in the YOTEL group that processes your personal information. Your information may also be collected and used by our YOTEL branded hotels and the operators of additional facilities they provide. In most cases these hotels and additional facilities are independently owned and their use of your information may also be covered by their own privacy notices
- YOTEL is a global hospitality company and we predominantly manage hotels as well as certain additional facilities provided at our hotels, on behalf of third party owners. We do also franchise, lease and enter into alternative operating structures for our hotels. We enter into hotel management agreement, leases and franchise agreements with these owning parties. If you make a reservation through us to stay at a YOTEL, we will share your information with that hotel which as stated above may have a separate privacy notice and policy.
Our approach to privacy
- This website is owned and run by Yotel Limited (trading as) YOTEL. Our HQ is situated at 90 High Holborn, London, WC1V6LJ and this is how you can contact us. YOTEL is committed to protecting your privacy in accordance with its obligations under UK privacy law, including as set out in the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronics Communications Regulations 2003.
- YOTEL is also committed to protecting your privacy in accordance with other laws as may be applicable in the territories in which we operate:
- The General Data Protection Regulation (EU)
- California Consumer Privacy Act (CCPA)
- Consumer Data Privacy Act (Colorado)
- Dubai International Financial Centre Data Protection Law No. 5 (Dubai)
- Florida 29 Information Protection Act (Florida)
- Standards for the Protection of Personal Information of Residents of the Commonwealth (Massachusetts)
- Stop Hacks and Improve Electronic Data Security Act (New York)
- Swiss Federal Data Protection Act (Switzerland)
- Personal Data Protection Act (Singapore)
- Law on the Protection of Personal Data (Turkey)
- D.C. Act 23-268 (Washington D.C.)
- For California residents we have provided information on our collection of data as the CCPA applies to it. When you access and use this website, you agree to be legally bound by our terms and conditions [https://www.yotel.com/en/terms]. as well as our privacy and data protection statement outlined below. You agree that you will provide accurate information about yourself or any person on whose behalf you are engaging with Yotel.
What data do we collect?
- Identity data: your name, address, postcode email address, telephone number, country
- Payment data: credit card details, information on bookings
- Geolocation and connection data: from devices and from servers such as your IP address through wifi
- Preferences: data relating to what you book and purchase during your stay, information relating to specific requests and requirements, such as accessibility needs
- Your image where captured by CCTV at our hotels
- Your vehicle registration details where provided to us or captured by CCCTV or number plate recognition technology at our hotels.
Purpose, type of data collected and bases for processing
- You are in control of what information we collect about you. However, if you choose not to share your information, some areas of the website or the App may not be accessible or usable. If any of the information you have provided changes or appears to be incorrect, you can let us know by emailing [email protected] or by logging into your My YOTEL account on our website and updating your details.
|Purpose for collecting your data||How your data is used||Type of data collected||Legal basis for processing the data|
|Registration through Yotel website for My Yotel and [email protected] accounts||We use your data to enable registration and to identify you on our website which allows you to access various services such as managing your bookings, details and preferences, savings on bookings and earning air miles.||Name, email, hashed password, date of birth, country of residence||We use the basis of consent. You may withdraw this at any time by changing your subscriber preferences.|
|Registration for the Yotel App||We use your data to enable registration and to identify which allows you to access various services such as contacting our customer services team and ordering food and beverages.||Title, name, email, password||We use the basis of consent. You may withdraw this at any time by deleting the App.|
|Execution of bookings and any administration related to this.||We use your data to enable execution of bookings that you make and send you information and updates on those bookings. For example, checking availability, booking confirmations, pre-arrival information and reminders.||Name, telephone number, email address, country of residence, preferences, card details||We use the basis that it is necessary to execute the booking agreement with you. For booking reminders we use the basis of consent. You may withdraw this at any time by unsubscribing from communications.|
|Execution of in-stay purchases||We use your data to fulfil in-stay purchases such as food and beverages.||Name, card details, room number||We use the basis that it is necessary to execute the sale of goods and services between you and Yotel.|
|Connection to wifi||We use your data to enable connection to wifi||Name, email address, IP address||We use the legal basis of consent. This may be withdrawn through changing permissions via the settings on your device.|
|Customer service queries||We use your data to identify you for any queries to our customer service team. If you require a refund to be processed, your details (including your card details) will be processed to enable this.||Name, telephone number, email address, country of residence, preferences, card details||We use the basis that there is a legitimate interest in supporting you with any queries you raise. Where the queries relate to a booking, processing your data is necessary to execute the booking agreement with you.|
|Marketing||We use your data to personalise offerings and promotions to you through analysis of your previous bookings and browser history. We use your data for segmentation and analysis on ads. To do this we share information with third parties who provide us with cookies and other technology in order to use these services. To improve our picture of your interests we may link the data you give us with any data we have gathered (via cookies or previous booking data) about your use of the website. For example, if you start a booking, volunteer your email address and are subscribed to our email promotions, but then fail to complete the booking, then we may use this to send you an email to help you complete your booking later. To show you Yotel ads on social media we provide certain data to social media platforms. We will also use your data for competitions and promotions. Your data may also be used for reviews and feedback provided on social media to market Yotel.||Name, email, country of residence, preferences, online identifiers such as those associated with cookies, identifiers related to devices||We use the legal basis of consent. This may be withdrawn through unsubscribing from communications, changing permissions via your MyYotel account, changing permissions via the settings on your device or browser for targeted advertising or contacting us to change your preferences. For social media platforms follow the instructions to hide or report ads or unfollow Yotel pages or profiles. Promotions and competitions will be subject to terms and conditions and in these instances the processing of your data will be necessary to fulfil those terms and conditions.|
|Queries in relation to your rights as a data subject||We use your data to identify and fulfil requests by you under data protection regulations. This may include data access, rectification, erasure, limitation of processing data portability and your ability to object to processing if it is based on legitimate interests as a legal basis.||Name, email, country of residence, dates of stay||We use the basis of compliance with legal obligations to fulfil requests from you under data protection regulations to exercise your rights in relation to your data.|
|Analysis and insight||We use your data to conduct satisfaction surveys and seek review and feedback from you. We also use your data to conduct analysis of the performance of our website based on trends in user activity||Name, email address, online identifiers such as those associated with cookies, identifiers related to devices||We use the legal basis of legitimate interest to improve your experience as a guest using our services and our website and App.|
|Identification and detection of fraud||We use your data to verify your identity to detect fraud in the use of our website or services. This processing is a mechanism to protect our guests against misuse of their data.||Name, telephone number, email address, country, card details||We use the basis of legitimate interest to mitigate against potential fraudulent activity.|
|Job opportunities at Yotel||We use your data to determine relevance to job opportunities we advertise through the Yotel website and respond to your application.||Name, address, telephone number, job history, country of residence, qualifications]||We use the basis of legitimate interest to respond to your interest to any job opportunities advertised by Yotel|
Your rights (residents of the UK and EAA)
- Your rights in relation to your data include:
- • Access: you have the right to access a copy of your personal data held by YOTEL.
- • Rectification: you have a right to have your personal data rectified if this is inaccurate or completed if it is incomplete.
- • Erasure: in certain circumstances you have a right to have your personal data erased. This is also known as ‘the right to be forgotten’.
- • Limitation of processing: in certain circumstances you have the right to restriction or suppression of your personal data. When processing is restricted, Yotel may store your personal data, but not use it.
- • Data portability: you have the right to request a copy of your data in a commonly used and machine readable format.
- • Object to processing: you have the right to object to the processing of your personal data in certain circumstances.
- Additionally, you have the right to withdraw consent for the processing of your personal data at any time.
- We will not send you any promotional messaging if you have indicated you do not wish to receive this information; during the booking process, the registration sign up process or in your My YOTEL account. However, for every transaction you make with us (whether booking or cancelling), we will confirm via email even if you are unsubscribed.
- Whenever we ask you for information about yourself you may, by ticking the relevant box, opt out of receiving marketing communications from us. In addition, whenever you are contacted by email you will be told how to opt out of being updated by email in the future. You can also amend your marketing preferences in your MY YOTEL account on our website. To exercise your rights, please complete our Data Request form. We will action your request within 30 days.
- If you would like further information on your rights and information on how to make a complaint, please contact your Data Protection Authority. In the UK, this is the Information Commissioner’s Office (ICO): https://ico.org.uk/
- For a list of Data Protection Authorities in the EU, please visit: https://edpb.europa.eu/about-edpb/board/members_en
- For California residents, please contact the Office of the Attorney General here: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
Cookies and IP addresses
- We and our appointed agencies collect anonymous information about your use of the website from cookies and using pixel tags. Cookies are small files of letters and numbers that we put on your device’s hard drive and pixel tags are used to read the cookies. They allow us to distinguish you from other users of our website, monitor website traffic and personalise website content just for you. This ultimately helps us provide you with a good experience when you browse our website and allows us to improve our site going forward.
- We use two types of cookies:
- • First party cookies are set by Yotel as publisher of the website. These cookies enable site functionality and a consistent user experience.
- • Usage information: we collect usage information about you whenever you interact with our website and services. This includes which web pages you visit on the Yotel website, what you click on, when you perform those actions, what language preference you have, and so on.
- • Device and browser data: we collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type.
- Information from page tags: we use third party tracking services that employ cookies and page tags to collect data about visitors to our website. This data includes usage and user statistics
- • Log data: like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site, operating system versions, device type and timestamps.
- • Referral information: if you arrive at our website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us. The site will still function correctly if you opt to exclude third party cookies, however when you make an online booking, the booking process requires cookies to work. These are temporary cookies which are automatically deleted once a transaction is made.
- Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 18. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information.
- Data may be received from third parties such as Online Travel Agents (OTAs) and other travel agents as well as other third party suppliers, booking agents, or parties making bookings on your behalf. It may also be received from the hotel properties.
- Data is disclosed to hotel properties to fulfil bookings both for hotels stays and for other additional facilities available at the hotels, to 3rd party service providers to fulfil services, to social media platforms for targeted advertising with the consent of the individual, to the AF/KLM Flying Blue and Virgin Atlantic Flying Club for the purposes of earning air miles and to other entities as required by law.
- We do not give or sell your data to third parties for marketing purposes. This includes email addresses and telephone numbers collected via our website, our App and our Mission Control kiosks.
How long is data kept for?
- Your data will be processed:
- For the period in which you remain a registered user through a MyYotel account
- As long as necessary to execute bookings and the administration that surround these
- As long as necessary to fulfil in-stay purchases and access to services such as wifi
- Until you unsubscribe from marketing emails and other contact
- As long as reasonably required to answer your customer service queries or support requests
- For the period until you unsubscribe from marketing communications, change permissions via your MyYotel account, change permissions via the settings on your device or browser for targeted advertising or contact us to change your preferences. For specific promotions and competitions, a period of 6 months after the conclusion of the activity
- As long as necessary to fulfil any request you have in relation to your data
- As long as necessary to perform the insight or action such as a customer service survey
- As long as necessary to detect and mitigate against fraud or fraudulent use of the website
- For a period of 6 months after the closing date of the job opportunity in thew case of employment applications
- As long as necessary as required by law or regulation
- Your data may be transferred outside of the UK or, if you are a resident of the European Economic Area (EEA) your data may be transferred outside of the EAA , for example where this is necessary to fulfil bookings you have made or services you have requested. This may also occur where our service provider has operations outside of the UK such as data centres or IT support.
- We take the following steps to safeguard your information if it is transferred outside of the EEA or the UK, to a country that does not have a finding of adequacy from the UK government or the Commission of the European Union (as applicable):
- Where possible, we agree standard contractual clauses approved by the EU Commission, the Swiss government and/ or the UK Parliament in the contracts with our suppliers and third party service providers; and
- Due diligence on our suppliers and third party service providers to understand the controls they put in place to protect the information they process for us.
California Consumer Protection Act (CCPA)
- Yotel is required by the CCPA to provide:
- a list of the categories (by reference to the CCPA category) of Personal Information the Business has collected about Consumers in the preceding 12 months and who it is collected from; and
- two separate lists of categories (by reference to the CCPA category) of information the Business has (i) sold or (ii) disclosed for a business purpose, each within the preceding 12 months or, if the Business has not done so, disclosing that fact.
Categories of personal information:
- • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers.
- • Signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number or any other financial information, medical information or health insurance information.
- • Characteristics of protected classifications under California or federal law.
- • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- • Biometric information.
- • Internet or other electronic network activity information, including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with an internet website, app or advertisement.
- • Geolocation data.
- • Audio, electronic, visual, thermal, olfactory or similar information.
- • Professional or employment-related information.
- • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act.
- • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities and aptitudes. ]
California residents have the following rights under the CCPA:
- 1. Right to know
You may request that YOTEL discloses to you what personal information has been collected, used, shared, or sold about you, and why it has been collected, used, shared, or sold. Specifically, you may request:
- • The categories of personal information collected
- • Specific pieces of personal information collected
- • The categories of sources from which the business collected personal information
- • The purposes for which the business uses the personal information
- • The categories of third parties with whom the business shares the personal information
- • The categories of information that the business sells or discloses to third parties
- 2. Right to delete
- You may request that YOTEL delete personal information collected from you and to tell our service providers to do the same (subject to specified exceptions). These exceptions include:
- • YOTEL cannot verify your request
- • The information is necessary to complete your transaction, or provide a reasonably anticipated product or service
- • For certain business security practices
- • For certain internal uses that are compatible with reasonable consumer expectations or the context in which the information was provided
- • To comply with legal obligations, exercise legal claims or rights, or defend legal claims
- 3. Right to opt-out
- You may request that YOTEL stop selling your personal information. With some exceptions, Yotel cannot sell your personal information after we receive your opt-out request unless you later provide authorisation allowing us to do so again. We must wait least 12 months before asking you to opt back in to the sale of your personal information.
- 4. Right to non-discrimination
- You have the right to non-discrimination under the CCPA. This means that YOTEL cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.
- However, if you refuse to provide your personal information or ask us to delete or stop selling your personal information, and that personal information or sale is necessary for us to provide you with goods or services, then we may not be able to complete that transaction.
Categories of personal information collected in the last 12 months and who it is collected from:
- Identifiers such as a real name, Internet Protocol address, email address, unique personal identifier, online identifier.
- Signature, bank account number, credit card number, debit card number.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with an internet website, app or advertisement.
- Geolocation data.
- Information collected at the point of booking relating to preferences and requirements for your stay at out hotel.
- Data is collected directly from you (including your devices based on your settings, from third parties such as Online Travel Agents (OTAs) and other travel agents or parties making bookings on your behalf. It may also be received from the hotel properties.
- Characteristics of protected classifications under California or federal law such as race, sex, age, religion, national origin, disability, citizenship information, or genetic information are not actively collected although may be acquired through the use of security monitoring such as CCTV at the hotel property or at Yotel HQ. We keep and use recordings only as strictly necessary to fulfil security purposes such as keeping our guests and staff safe in hotels or at our corporate offices.
Information sold in the last 12 months
- YOTEL has not sold any categories of personal information as specified by the CCPA in the last 12 months.
Information disclosed in the last 12 months for a business purpose
- • Identifiers such as a real name, Internet Protocol address, email address, unique personal identifier, online identifier.
- • Signature, bank account number, credit card number, debit card number.
- • Internet or other electronic network activity information, including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with an internet website, app or advertisement.
- Data is disclosed to hotel properties to fulfil bookings, to 3rd party service providers to fulfil services, to the AF/KLM Flying Blue and Virgin Points for the purposes of earning air miles and to other entities as required by law.
Exercising your rights
- To exercise your right to know and right to delete, please contact us at: [email protected]. California residents may exercise their right to know up to twice in a 12 month period at no charge.
- We have 45 days to respond to your request.