Privacy Policy – The ICON Hotel Luton
Last updated: 6/10/2025
Address: The ICON Hotel, 15 Stuart Street, Luton, Bedfordshire, LU1 2SA, United KingdomGeneral Enquiries: Click to show email
The ICON Hotel Luton (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you interact with us, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
- Who We Are
The ICON Hotel Luton
15 Stuart Street, Luton, Bedfordshire, LU1 2SA, United KingdomEmail: Click to show email
We are the data controller responsible for your personal data.
- Information We Collect
We may collect, store, and use the following types of personal data:
A. Information you provide directly
- Full name, address, email
- Payment details (processed securely through third-party payment providers)
- Booking information (dates of stay, room preferences, special requests)
- Identification details (e.g., passport, driving licence where required by law)
- Business information (for corporate bookings and events)
- Correspondence and feedback
B. Information we collect automatically
- IP address, browser type, device details, and website usage (via cookies and analytics tools)
- CCTV footage for security purposes within the hotel premises
C. Information from third parties
- Travel agents, online booking platforms (e.g., Booking.com, Expedia)
- Event organisers, corporate partners, or loyalty programme providers
- How We Use Your Personal Data
We use your information to:
- Process bookings, payments, and reservations
- Communicate with you before, during, and after your stay
- Manage your check-in/check-out experience
- Provide personalised services (room preferences, dietary requirements, etc.)
- Maintain security and prevent fraud
- Meet legal, tax, and regulatory obligations
- Send marketing communications (only if you have opted in)
- Legal Basis for Processing
We process your data under the following lawful bases:
- Contractual necessity – to fulfil your booking or service request
- Legal obligation – to comply with laws and regulations (e.g., record-keeping for authorities)
- Legitimate interests – to operate and improve our business and guest experience
- Consent – for marketing communications and promotional emails
- Marketing Communications
You will only receive marketing communications from us if you have given explicit consent. You can withdraw consent or unsubscribe at any time by:
- Clicking the “unsubscribe” link in any email, or
- Contacting us at Click to show email
- Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined above or as required by law.
Typical retention periods:
- Guest records: up to 6 years after your last stay
- CCTV recordings: typically 30 days unless required for investigation
- Financial records: 6 years for tax compliance
- Data Sharing
We may share your data with:
- Trusted service providers (IT, booking systems, payment processors)
- Government authorities where required by law (e.g., for security checks)
- Professional advisors (e.g., accountants, legal advisors)
All third-party providers are contractually bound to handle your data securely and only for the agreed purposes.
- International Transfers
Some service providers may transfer data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).
- Data Security
We apply appropriate technical and organisational measures to protect your data from loss, misuse, or unauthorised access, including:
- Secure servers and encryption technologies
- Access controls and staff training
- Regular system monitoring and data protection audits
- Your Rights
Under UK GDPR, you have the right to:
- Access your personal data (“Subject Access Request”)
- Request correction or deletion of your data
- Object to or restrict processing
- Withdraw consent at any time
- Lodge a complaint with the Information Commissioner’s Office (ICO)
ICO Contact:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk - Cookies
Our website uses cookies to enhance your browsing experience. You can control or disable cookies through your browser settings.
For more details, please see our Cookie Policy.
- Updates to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website with the updated date shown above.
- Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy, please contact:
The Data Protection Officer
The ICON Hotel Luton
Email: Click to show email
Privacy Policy – The ICON Hotel Luton
Last updated: 6/10/2025
Address: The ICON Hotel, 15 Stuart Street, Luton, Bedfordshire, LU1 2SA, United KingdomGeneral Enquiries: Click to show email
The ICON Hotel Luton (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you interact with us, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
- Who We Are
The ICON Hotel Luton
15 Stuart Street, Luton, Bedfordshire, LU1 2SA, United KingdomEmail: Click to show email
We are the data controller responsible for your personal data.
- Information We Collect
We may collect, store, and use the following types of personal data:
A. Information you provide directly
- Full name, address, email
- Payment details (processed securely through third-party payment providers)
- Booking information (dates of stay, room preferences, special requests)
- Identification details (e.g., passport, driving licence where required by law)
- Business information (for corporate bookings and events)
- Correspondence and feedback
B. Information we collect automatically
- IP address, browser type, device details, and website usage (via cookies and analytics tools)
- CCTV footage for security purposes within the hotel premises
C. Information from third parties
- Travel agents, online booking platforms (e.g., Booking.com, Expedia)
- Event organisers, corporate partners, or loyalty programme providers
- How We Use Your Personal Data
We use your information to:
- Process bookings, payments, and reservations
- Communicate with you before, during, and after your stay
- Manage your check-in/check-out experience
- Provide personalised services (room preferences, dietary requirements, etc.)
- Maintain security and prevent fraud
- Meet legal, tax, and regulatory obligations
- Send marketing communications (only if you have opted in)
- Legal Basis for Processing
We process your data under the following lawful bases:
- Contractual necessity – to fulfil your booking or service request
- Legal obligation – to comply with laws and regulations (e.g., record-keeping for authorities)
- Legitimate interests – to operate and improve our business and guest experience
- Consent – for marketing communications and promotional emails
- Marketing Communications
You will only receive marketing communications from us if you have given explicit consent. You can withdraw consent or unsubscribe at any time by:
- Clicking the “unsubscribe” link in any email, or
- Contacting us at Click to show email
- Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined above or as required by law.
Typical retention periods:
- Guest records: up to 6 years after your last stay
- CCTV recordings: typically 30 days unless required for investigation
- Financial records: 6 years for tax compliance
- Data Sharing
We may share your data with:
- Trusted service providers (IT, booking systems, payment processors)
- Government authorities where required by law (e.g., for security checks)
- Professional advisors (e.g., accountants, legal advisors)
All third-party providers are contractually bound to handle your data securely and only for the agreed purposes.
- International Transfers
Some service providers may transfer data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).
- Data Security
We apply appropriate technical and organisational measures to protect your data from loss, misuse, or unauthorised access, including:
- Secure servers and encryption technologies
- Access controls and staff training
- Regular system monitoring and data protection audits
- Your Rights
Under UK GDPR, you have the right to:
- Access your personal data (“Subject Access Request”)
- Request correction or deletion of your data
- Object to or restrict processing
- Withdraw consent at any time
- Lodge a complaint with the Information Commissioner’s Office (ICO)
ICO Contact:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk - Cookies
Our website uses cookies to enhance your browsing experience. You can control or disable cookies through your browser settings.
For more details, please see our Cookie Policy.
- Updates to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website with the updated date shown above.
- Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy, please contact:
The Data Protection Officer
The ICON Hotel Luton
Email: Click to show email
