Privacy Policy

Last updated: 07/01/2026

1. Who We Are

St Giles House Hotel Limited (“we”, “us”, “our”) operates this website and provides hotel accommodation and related services.

We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR).

Contact details:
St Giles House
Address: 41-45 St Giles Street, Norwich NR2 1JR
Email: reservations@stgileshousenorwich.com
Phone: 01603 275 180

2. Personal Data We Collect

We may collect and process the following personal data:

a. Information You Provide

• Name

• Email address

• Telephone number

• Postal address

• Reservation and stay details

• Special requests or preferences (including accessibility needs)

• Identification details where required by law

b. Marketing Information

• Marketing preferences

• Records of consent for email marketing

• Interaction with marketing emails (e.g. opens or clicks)

c. Payment Information

Payments are processed securely by third-party payment providers. We do not store full payment card details.

d. Website & Technical Data

• IP address

• Browser type and device information

• Pages visited and website usage data

• Cookies and similar technologies

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

• Contract – to manage bookings and provide accommodation

• Legal obligation – to comply with UK legal and regulatory requirements

• Legitimate interests – to operate and improve our business and website

• Consent – for marketing emails and non-essential cookies

You may withdraw your consent at any time.

4. How We Use Your Personal Data

We use personal data to:

• Process and manage reservations

• Communicate with guests before, during, and after their stay

• Process payments and refunds

• Provide customer service

• Send marketing emails about offers, events, and news (where consent has been given)

• Improve our website, services, and guest experience

• Meet legal and regulatory obligations

5. Marketing Communications

We send marketing emails only where:

• You have given explicit consent, or

• You are an existing customer and marketing relates to similar services, in line with UK law

You can unsubscribe at any time by clicking the link in our emails or by contacting us directly.

6. Cookies

Our website uses cookies to:

• Ensure the website functions correctly

• Analyse website traffic and performance

• Remember user preferences

Non-essential cookies are used only with your consent. You can manage cookie preferences through your browser or our cookie banner.
For more details, please see our Cookie Policy [insert link if separate].

7. Sharing Your Personal Data

We do not sell your personal data.

We may share data with:

• Booking and reservation system providers

• Email marketing platforms

• Payment service providers

• IT, website, and hosting providers

• Professional advisers (legal, accounting)

• Public authorities where required by law

All third parties are required to protect your data and process it lawfully.

8. International Data Transfers

If personal data is processed outside the UK, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations

• International Data Transfer Agreements (IDTAs)

9. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. Access is restricted to authorised personnel only.

10. Data Retention

We retain personal data only for as long as necessary:

• Booking and financial records: as required by UK tax and accounting laws

• Marketing data: until consent is withdrawn or you unsubscribe

• Website analytics data: in line with our cookie policy

11. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data

• Correct inaccurate or incomplete data

• Request erasure of your data

• Restrict processing

• Object to processing

• Request data portability

• Withdraw consent at any time

To exercise your rights, please contact us using the details above.

12. Complaints

If you have concerns about how we handle your data, you may lodge a complaint with the UK Information Commissioner’s Office (ICO):

Website: https://www.ico.org.uk

13. Children’s Data

Our website and services are not intended for children under the age of 16, and we do not knowingly collect personal data from children.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated revision date.