Skip to content
Book A Stay
Book A Table

The Castle Hotel Privacy Policy

The Castle Hotel is managed by Genesta Georgian LLP trading as ‘Sutton Hotel Collection’.

This privacy policy explains how we use any personal information we collect about you when you use this website or stay at our hotel.


▪ What information do we collect about you?

▪ How will we use the information about you?

▪ Your rights.

▪ Keeping your information.

▪ Our Legal Basis for using your personal information.

▪ How we secure your information.

▪ Marketing

▪ Cookies

▪ Changes to our privacy policy

▪ How to contact us

What information do we collect about you?

At various times, we will be obliged to ask you, as a customer of The Castle Hotel, for information about you and/or members of your family, such as:

▪ Contact details (for example, last name, first name, telephone number, email)

▪ Personal information (for example, date of birth, nationality)

▪ Information relating to your children (for example, first name, date of birth, age)

▪ Your credit card number (for transaction and reservation purposes)

▪ Your membership number if you are a member of any Sutton Hotel Collection

rewards scheme

▪ Your arrival and departure dates

▪ Your preferences and interests (for example, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests)

▪ Your questions/comments, during or following a stay in one of our hotels

The information collected in relation to persons under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult.

How will we use the information about you?

We use your information in a number of different ways, primarily to fulfil a contract and also to provide excellent service to our customers — what we do depends on the information. The tables below set this out in detail, showing what we use the information we collect for.

Personal Information and What we use it for

Contact Details

To manage the reservation of rooms and accommodation requests and other hotel services.

To manage your stay at the hotel, room lists, restaurant bookings, special requests and services.

To monitor your use of hotel services.

To manage invoicing and payment records.

Personal Information

To improve hotel services, to input to our marketing programme, to assist promotion of our services, and adapting our products.

Information relating to your children

Limited to nationality and D.O.B. only supplied by an adult. Used to manage their stay at the hotel.

Credit Card Number

To guarantee bookings and to take payment.

Loyalty Membership Number

To record use of services and supply rewards where applicable.

Arrival and Departure dates

To manage your hotel booking.

Preferences and Interests

To enhance customers, stay at our hotel and to customise and improve the services we offer.

Device technical details

To manage the provision of services at our properties that you may wish to connect to, such as: wifi, room TVs.

Questions / Comments

To collect feedback to improve our services and monitor customer experience.

Your Rights

You have rights relating to your personal information:

▪ The right to be informed about how your personal information is being used (like this notice!)

▪ The right to access the personal information we hold about you

▪ The right to request the correction of inaccurate personal information we hold about you

▪ The right to request that we delete your data, or stop processing it or collecting it, in some circumstances

▪ The right to stop direct marketing messages, and to withdraw consent for other consent-based processing at any time

▪ The right to request that we transfer or port elements of your data either to you or another service provider

▪ The right to complain to your data protection regulator — in the UK, the relevant supervisory authority is the Information Commissioner’s Office (ICO). You can contact the ICO via their web-form at or call the ICO helpline on +44 (0)303 123 1113.

If you want to exercise your rights, have a complaint, or just have questions, please contact us, details in the contact us section at the end of this document.

Keeping Your Information

We will hold on to your information for as long as you have a booking with us, and for as long as is necessary to provide support-related reporting.

We will also hold on to your information If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even if it is no longer needed to provide the services to you.

Our Legal Basis for using your personal information.

We only process your personal information when we have a legal basis to do so. This depends on the purpose of the processing.

We use the following lawful basis to process your data;


To allow us to fulfil our contract with you. We need to collect and process your personal information to supply and administer services. Objecting to providing this information may mean we will be unable to provide services to you.


We will sometimes need your personal information to comply with existing legal or regulatory requirements.

Legitimate Interests

To allow us to manage and protect our business interests and supply, improve and tailor our services.


We may request your consent to process your personal information, you will always be able to remove this consent.

How we secure your information

The Castle Hotel takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are aligned with widely accepted international standards, we apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

For example:

Policies and procedures

▪ We have measures in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data

▪ We have a Business Continuity and Disaster Recovery strategy that is designed to safeguard the continuity of our service to our clients and to protect our people and assets

▪ We place appropriate restrictions on access to personal information

▪ We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely

▪ We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies

Training for employees and contractors

▪ We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal information and other sensitive data

▪ We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions

Vendor risk management

▪ We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal information with which they are entrusted in accordance with our security policies and procedures


We would like to send you information about products and services of ours and other companies in our group which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of Sutton Hotel Collection. If you no longer wish to be contacted for marketing purposes, please click here.


We use cookies when you visit our site. Here’s how and why we use them.

Certain parts of the website use cookies to keep track of your visit and to help you navigate between sections. A cookie is a small data file that may be stored on your computer’s hard- drive when you visit a website. Cookies can contain information such as your user ID and the pages you have visited.

We use cookies on the website to enable us to deliver content that is specific to your interests, to give us an idea of which parts of the website you are visiting and to recognise you when you return to the website. Our cookies do not read data from your computer’s hard drive or read cookies created by other websites that you have visited. This means that your visit will be tracked, but that to all intents and purposes you remain anonymous.

There are three types of cookies used on this website:

Session Cookies

These are temporary cookies that only remain until your browser is closed. They are used by our web application in order to maintain the information relating to your transaction from page to page following any input, such as when a form is completed over several screens.

Web Analytics Cookies

These cookies are used to help us compile anonymous statistics in order to improve and manage our sites. An example of the information collected would be the path you used to gain access to the site and your patterns of browsing when navigating the site.

Information Cookies

These cookies allow the site to remember how you have answered a question in order to change the content displayed to you. For example, if you have already taken a survey, this cookie will ensure you are not asked again.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access the website.

Changes to how we protect your Privacy

We may change this page from time to time, to reflect how we are processing your data. If we make significant changes, we will make that clear on our website, or by some other means of contact such as email, so that you are able to review the changes before you continue to use our services

How to contact us

If you:

▪ Have any questions or feedback about this notice.

▪ Would like us to stop using your information.

▪ Want to exercise any of your rights as set out above or have a complaint.

You can contact our privacy team by emailing us at:

The Castle Hotel Data Protection Team

Or if you would like to, you can write to us at:

The Castle Hotel Data Protection Team
The Castle Hotel
18 High Street