The Weston Hotel (“we”, “us”, or “our”) is strongly committed to protecting personal data.  This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights.  It applies to personal data provided to us, both by individuals themselves or by others.  We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

What we collect

We may collect the following information:

  • Contact details including title, name, postal and email addresses, postcode, contact telephone numbers;
  • Business information, such as employer details and job title, particularly from our corporate customers;
  • Transaction information, including booking and payment details;
  • Purchase history including activities on site (e.g. food, beverage or sundry purchases) and the date(s) of your stay;
  • Registration information, including nationality, car registration number, food allergies, room and other expressed preferences.  For non-UK citizens, passport information and next destination;
  • Demographic information;
  • Customer communication preferences;
  • Customer feedback;
  • CCTV images within public areas of the hotel.

Where you book accommodation for other people, we may ask you to provide information about them (e.g. we will usually ask for the title, first name and surname of a person for each room that you book for identification purposes). You should only provide us with information about other people if you have their permission to do so.  It is your responsibility to ensure that the people you have provided personal data about are aware that you’ve done so, and they have understood and accepted how we use their information (as described in this Privacy Statement).

We also may collect personal data when an individual gets in touch with us with a question, complaint, comment or feedback.  In these cases, the individual is in control of the personal data shared with us and we will only use the data for the purpose of responding to the communication. 

We ask that you do not provide sensitive information (such as race or ethnic origin; political opinions; religious or philosophical beliefs; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) to us; if you choose to provide sensitive information to us for any reason, the act of doing so constitutes your explicit consent for us to collect and use that information in the ways described in this privacy statement or as described at the point where you choose to disclose this information.

How we collect data

Depending on how you book or enquire about our services, we may collect personal data by telephone, online via this website, by email, in writing by post, or face to face at our hotel premises.  If you are part of a group using our services your personal data may have been provided to us by the group organiser who should have obtained your permission to do so.

We may also receive personal data from third party booking agents if you choose to use their services.   Please note that if you use a booking agent, they will be acting as data controller for any personal data that you provide to them and you should refer to the booking agents own privacy statement.  We only become responsible for the processing and security of your data when it is received by us.

We do not source data from third party data vendors or from publicly available sources.

How we use your personal information

We are allowed to collect and process personal data only if we have a proper reason to do so.  Data protection legislation sets out the lawful bases under which personal data may be processed; we rely on the lawful bases of (i) fulfilling a contract, (ii) legal obligation and (iii) legitimate interests.

We use personal data for some or all of the following purposes:

  1.  Administration and management of room and restaurant bookings;
  2.  Processing transactions;
  3.  Administration of our online booking facility;
  4.  Business, website and consumer analysis and reporting;
  5.  To improve our products and services;
  6.  Prevention of fraud and crime;
  7.  Correspondence between us, including where you use our 'Contact Us' form:
  8.  Service information communications;
  9.  Sending you communications about our products and services we think may be of interest to you and to keep you informed of news and offers;
  10.  To comply with legal requirements for the registration of hotel guests.

The lawful bases that we rely on are:

  • Performance of a contract - i.e. fulfilling the contract we have with you to provide our services.  We rely on this basis for purposes 1 to 3 above;
  • For our legitimate interests - which are the administration, management and marketing of our business, being the provision of hotel accommodation, food and beverage, and ancillary services.  We rely on this basis for purposes 4 to 9 above.
  • Legal obligation - the processing is necessary to comply with the law.  We rely on this basis for purpose 10 above.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.  Our legitimate interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your specific consent or are otherwise required or permitted by law).

If you have any concerns about the processing of your data, you do have the right to object to processing that is based on our legitimate interests.   For more information please see “Your Rights” section below.

We do not sell any personal data and we will not make your personal data available to third parties unless we have your permission or are required by law to do so.


We are committed to ensuring that your information is secure.  In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages of our website are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Google analytics

We use Google Analytics to collect anonymised data about visitors to our website. We use this data to improve visitor experience, and to help us make the site better and attract more visitors.  Google Analytics records:

  • Any website the visitor came from to get to our website.
  • The kind of computer they are using (Windows, Mac, etc. as well as information like screen resolution, web browser etc.)
  • The visitors general location (e.g. London, United Kingdom)
  • Where the visitor clicked on the site and how long they stayed for.

The data is only processed in a way which does not identify any person. 

You can opt out of Google’s advertising tracking cookie or use a browser plugin to opt out of all Google Analytics tracking software.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over those other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.   You should exercise caution and look at the privacy statement applicable to the website in question.

Data retention

We only retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation.

Direct marketing emails

You can view the personal data that we hold for direct marketing purposes by visiting our subscription data management web page by clicking here. If you enter your email address you will be sent a link to your personal data, which you can check and amend if incorrect, and you will also be able to remove your personal information from any of our marketing lists. 

Alternatively you can unsubscribe from receiving marketing emails from us by clicking the “unsubscribe” link at the bottom of any of our marketing emails.  Once again this will take you to our data management web page, where you are able to unsubscribe from all or any marketing list.

Your rights

You have rights under data protection law which include the right to request access to your data, to object to processing where we are doing so based on our legitimate interests, to request rectification of incorrect data or erasure of data, and to data portability.

Should you wish to receive a copy of personal information that we hold about you or exercise any of your other rights, please send an email or write to us using the contact information shown below.

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email or write to us with the details of your complaint, using the contact information shown below.   We will look into and respond promptly to any complaints we receive.

You also have the right to lodge a complaint with the Information Commissioner's Office (“ICO”) (the UK data protection regulator).   For further information on your rights and how to complain to the ICO, please refer to the ICO website.

Changes to this privacy statement

We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.

This privacy statement was last updated on 25th May 2018.

Data controller and contact information

The data controller is the Weston Hotel; if you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Weston Hotel
33/34 Esplanade
North Yorkshire
YO11 2AR

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: 01723 373423