Privacy Policy

1. Introduction

This website is operated by Sintillate (UK) Ltd (“we”, “us” or “Sintillate”) and we are a controller for the purposes of the Data Protection Act 1998 and the EU General Data Protection Regulation 2016/679. This means that we are responsible for, and control the processing of, the personal information you provide to us when using this website in accordance with this privacy policy.

Sintillate understands that customers care about the use and storage of their personal information and we value your trust in allowing us to do this in a careful and sensible manner. We have created this privacy policy statement in order to demonstrate our commitment to the privacy of our customers.

By using Sintillate services, our websites (including our mobile site), our social media pages, our telephone reservations line, our online chat function and any other Sintillate service, you are acknowledging that we are processing your personal information and, where necessary consenting to such practices, as outlined in this statement.

2. Your information

2.1 What information we store about you

We collect personal information about you (and others if their personal information is provided by you) when you:

  • (a) make or manage a booking/order either personally or as a guest of another guest;
  • (b) register or alter details for your account;
  • (c) sign up for our newsletter and other marketing emails (in line with Marketing below);
  • (d) make an enquiry or contact our reservations department via email, through the “Contact Us” form on our website or by calling our telephone number;
  • (e) complete customer feedback or surveys as part of your experience at one of our events;
  • (f) register your details at one of our events;
  • (g) raise a complaint or dispute with us or are involved in a legally recordable incident at our events;
  • (h) speak to one of our representatives, telephone agents or members of our customer services or PR team;
  • (i) participate in competitions or promotions;
  • (j) and / or use our website and customer applications in any other way.

The personal information collected in the above manner may include the following about you (and others if their personal information is provided by you):

  • full name;
  • gender;
  • date of birth;
  • occupation;
  • city, postcode & country;
  • email address;
  • telephone numbers;
  • machine identifiers (such as IP addresses);
  • image data;
  • behavioural data (tags and cookies – see Cookies and Tracking section below);

2.2 How we use your information

2.2.1 In order to take the necessary steps in preparation of, or to fulfill our obligations under, a booking contract:

  • a) Bookings and payments – provide communications about bookings, products and services being provided to you (and others if their personal information is provided by you);
  • b) Bookings and account updates – send details of new, amended or cancelled bookings or you account details and changes – usually via email;
  • c) Update you on matters affecting your booking – contact you (and others if their personal information is provided by you) in the event of a change that affects a booking or any data or personal information you have provided us with, such as changes to terms and conditions of booking or this privacy policy;
  • d) Website service communication – provide notifications of any changes to our website or to our services that may affect you (and others if their personal information is provided by you);
  • e) Customer service communication – provide you with requested information or correspondence, such as a response from us to an enquiry made by you;
  • f) To provide assistance in completing bookings – send reminder emails to continue with a booking which is in your “basket” on our websites but is not paid and completed;
  • g) Maintain your Sintillate accounts – create a profile about you in relation to your booking, to update our records, create and maintain your account.

2.2.2 With your consent:

  • a) Marketing communications – create a profile about you for marketing purposes to tailor our communications to you. We may use automated processes to do this;
  • b) Promotional offers – inform you about promotional offers and other products or services that may be of interest (in line with Marketing communications above);
  • c) Maintain records indicating your consent to status – to ensure we accurately reflect your wishes when communicating to you;.

2.2.3 In our legitimate interest* improve our services:

  • a) Market research – to contact you (and others if their personal information is provided by you) to ask about the experience using our services as part of a continual programme of customer service improvement. This is not marketing communication and is separate to Marketing communications above.
  • b) Website customisation – to customise our website and its content to your particular preferences in accordance with the Cookies and Tracking section below;
  • c) Customer support – monitor calls and help train staff in relation to our customer support and helpdesk function;
  • d) Product and service improvement – to improve our product and services;
  • e) Service analysis – to conduct research, statistical analysis and behavioral analysis. This may include providing aggregate statistical information relating to customers, sales, traffic patterns and related site information to reputable third parties.

2.2.4 In our legitimate interest* to protect against fraud:

  • a) Website improvement and fraud prevention – improve our websites, prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf;
  • b) Security – carry out security checks when allowing you access to our services and to block fraudulent or suspected fraudulent activity.
* any reliance on legitimate interest shall not prejudice your interest or fundamental rights and freedoms.

2.2.5 In order to meet our legal obligations:

  • a) Taxation – ensure we meet our tax and other regulatory obligations;
  • b) Registration – ensure local jurisdiction regulations are complied with (where registration is necessary in such jurisdictions).

2.2.6 Marketing

We may periodically send promotional material to you about new products, special offers or other information which we think you may find interesting based on the profile we have created about you to the email addresses and phone numbers which you have provided.

If these are similar to products, services and bookings previously supplied by us to you, we will assume, under our legitimate interests to promote similar goods and services, that you are willing to receive this information unless you tell us otherwise. Please note that we do not want to send you information that you do not want to receive and you can opt out at any time (please see ‘The right to ask us to stop contacting you with direct marketing’ below for further information).

We will always ask your permission before sending you email marketing information (unless you have already received similar services, products or bookings from us as mentioned above). We do this by asking for your positive confirmation (e.g. by providing a tick or inserting your contact details in the relevant boxes) indicating that you wish to receive marketing and you can opt out at any time (please see ‘The right to ask us to stop contacting you with direct marketing’ below for further information). This ensures you only receive information that you have given us permission to send and are willing to receive.

We may use your information to create a profile about you in order to tailor, by automated means, our communication and marketing to you. You can object to such profiling, please see ‘The right to object to automated decision making / profiling’ below).

From time to time, we may also use your information to contact you for research purposes and / or to ask about your experience using our services and services as part of a continual programme of customer service improvement. We may contact you by email, telephone, text, social media and / or mail. We may also use the information to customise the website according to your interests.

2.3 Where your data is stored

We use a third-party service, White Label Technologies Ltd, who provide our CRM, Apps and booking website. They act as a data-processor on behalf of SINTILLATE. All data collected via the SINTILLATE website or APP is stored in their secure encrypted database hosted by Amazon Web Services, a company located in the Republic of Ireland. All AWS services comply with the General Data Protection Regulation (GDPR).

AWS has a long list of internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5)

We also use a third-party email service, Signupto.com, to manage our regular email communications to members and Sign-Up.to act as a data-processor on behalf of SINTILLATE. By submitting your personal data, you agree to this.

2.4 Keeping your data secure

Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit, however, to give users greater confidence the SINTILLATE website is protected via a HTTPS connection, verified by SSL certificate, which provides encryption for data entered on the site. However, no data transmitted over the internet can be guaranteed to be 100% safe and SINTILLATE do not accept liability for any data in transit and any data you send is at your own risk.

We take reasonable steps to secure your Personal Data and have operational procedures and security features in place to keep your data secure once we receive it.

2.5 Data Retention

We retain your information for a range of purposes and will not be kept longer than necessary for the purpose. Data will be retained for 6 years however you may ask for this to be deleted in accordance with the Rights of the GDPR (see Right to be forgotten) by contacting us via info@sintillate.com

3. Your Rights

To protect your information, Sintillate has policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have proportionate and reasonable security measures in place. To achieve this, employees, contractors, sub-contractors and third party suppliers have contracts, with defined roles and responsibilities. While we take commercially reasonable measures to ensure the safety and security of your data, due to the inherent risks with the Internet, we are unable to warranty the absolute security of your data when using our services.

In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right.

3.1 Access to your data

At any point you can contact us to request details concerning the information we hold about you, why we have that information, who has access to the information and where we got the information. In most cases you may be entitled to copies of the information we hold concerning you. Once we have received your request we will respond within 30 days. Please submit a request via info@sintillate.com

3.2 Update your data

If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated. Please submit a request via info@sintillate.com

3.3 Right to be forgotten

If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted. Please submit a request via info@sintillate.com

3.4 Object to processing & request restriction

You have the right to request that Sintillate stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.

You have the right to request that we stop contacting you with direct marketing. On promotional emails we provide an ‘unsubscribe’ link at the top and bottom of the email which will unsubscribe you from that service. You can also unsubscribe by updating your subscriptions on your account on our website or via our unsubscribe link. If you wish to opt out with respect to more than one email address, you must complete a separate request for each email address.

You have the right to request that we stop profiling you in relation to our direct marketing practice. You can inform us and we will deal with your request accordingly.

You can make a complaint to us by contacting us via info@sintillate.com or to the data protection supervisory authority – in the UK, this is the Information Commissioner’s Office, at https://ico.org.uk/.

3.5 Data Portability

You have the right to request that we transfer your data to you in a machine readable format. Once we have received your request, we will need to verify your identity and comply where it is feasible to do so.

4. Data Security

We will always take appropriate technical and organisational measures to protect personal information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing (including taking reasonable steps to ensure the reliability of employees who have access to personal information).

We protect user information by employing secure servers, firewalls, SSL encryption (where appropriate) and other technology. Our employees may only process personal information in accordance with this privacy policy, and any employee who breaches this privacy policy may be subject to disciplinary action, up to and including dismissal.

We have put in place internal procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

5. Cookies

Sintillate websites and mobile app use cookies and tags. A cookie is a small text file that can be stored by your browser on the device you use to access internet and allows the browser to pass small amounts of information about user behavior on the given website to a web server. Tags are pieces of code that exist on web pages and collect information about usage of the web pages.

At Sintillate we use our own cookies and tags as well as those from third parties to enable the smooth operation of the websites, such as the use of the basket function or to automatically log you in when you visit (with your permission). We also use cookies/tags to monitor visits to our website and continuously look for places to improve your website experience.

5.1 Cookie Consent

The first time you access a Sintillate website, you will be informed about our use of cookies to improve your site experience. By continuing to browse our website you consent to our use of cookies.

5.2 Description of Cookies

Analytics (Google Analytics):

These cookies give us critical information about various pages on the websites and how our users interact with them. We use this information to improve the performance of our website and the information presented to users.

Authentication (Sintillate):

When you create an account with Sintillate, these cookies allow the website to remember you in order present you with information that is directly relevant to you.

Functional (Sintillate):

A set of cookies designed to deliver a smooth booking journey for you. We use these cookies to remember selected hotels, anything you may have already added to the basket etc. so you do not have to enter information more than once. We also use these cookies to identify areas of improvement in the browsing experience.

5.3 How to reject and delete Cookies

Should you wish to reject or block the use of cookies, you can do so at any time, usually by clicking ‘Help’ on your browser. Cookies are specific to individual browsers so if you use more than one browser, you will need to delete cookies on each browser. Please be aware though that by rejecting cookies you may not receive the optimum website experience.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

6. Changes to Policy

We may change this policy from time to time. You should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.

It is also important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

7. Contact

If you have any queries about this policy, need further information or wish to lodge a complaint you can use the details below to contact us.

DATA PROTECTION OFFICER
Sintillate (UK) Ltd
The Courtyard
Esmond Street, Putney
London, SW15 2LP
Email: info@sintillate.com
Telephone: +44 208 871 0047
Once again I really want to thank you for how helpful you have been and how quick you have been in getting back to me - Charlotte