Premier Inn Privacy Policy

  • General

    Privacy Notice and Information for Data Subjects pursuant to Art. 13 and Art. 14 of the EU General Data Protection Regulation.

    This notice describes how we process your personal data.

    If you book a hotel room with ‘Premier Inn’ or ‘ZIP by Premier Inn’, or a table at ‘Thyme Restaurants’, the controller is ‘Premier Inn Hotels Ltd’.

    The address of both companies is Whitbread Court, Houghton Hall Business Park, Porz Avenue, Dunstable, Bedfordshire, LU5 5XE, United Kingdom. Please see “How do I get in touch with you” below for contact details for specific matters.

    If you book a hotel room with ‘hub by Premier Inn’, or a table at ‘ProvenDough Deli+Bar’, the controller is ‘Premier Inn Ochre Ltd’

    If you book a hotel room with ‘Premier Inn’ in Germany the controller is Premier Inn GmbH, or Premier Inn Hotel GmbH, depending on which hotel you book (the Terms and Conditions of your booking will show you which Premier Inn hotels are operated by the aforementioned companies). The address of these companies is
    Premier Inn Holding GmbH, Sitz: Europa-Allee 22, 60327 Frankfurt am Main, Germany.

    The aforementioned companies are also the respective controllers in respect of the reservation data we receive from online travel agents in accordance with their privacy policy if you book a hotel room through such online travel agent for a "Premier Inn" in Germany. This data may be: Name/title of the person(s) making the booking, name/title of guests, gender, address, email address, telephone number, travel dates, purpose of travel, room rate. Otherwise, we have no influence on the further processing of your data by the online travel agent. You can find information on the processing of your data by the online travel agent in the privacy policy of the relevant online travel agent.

    If you book a hotel room with ‘Premier Inn’ in the Isle of Man, the controller is Premier Inn (Isle of Man) Ltd, whose address is 2nd Floor, St Mary’s Court, 20 Hill Street, Douglas, IM1 1EU, Isle of Man.

    If you book a hotel room with ‘Premier Inn’ in Dublin, the controller is Premier Inn Hotels and Restaurants Ireland Ltd, whose address is Dublin Airport, Airside Retail Park, Swords, Co. Dublin, Ireland.

    If you book a hotel with ‘Premier Inn’ in Jersey, the controller is Premier Inn (Jersey) Ltd, whose address is 4th Floor, St Paul’s Gate, 22-24 New Street, St Helier, JE1 4TR, Jersey.

    Whenever you deal with one of these companies, the ‘controller’ of your personal information will be the company in our group that you are interacting with or with whom your information has been shared. A ‘controller’ is a company that decides why and how your personal information is processed.

    Where this policy refers to "we", "our" or "us" or “Premier Inn” below, unless it mentions otherwise, it’s referring to the particular company that is the controller of your personal information.

    This notice applies to:

    • Bookers;
    • Guests;
    • Visitors;
    • Callers; and
    • Other customers.

    And anyone contacting, visiting or using our:

    • Websites;
    • Apps;
    • Facebook sites
    • LinkedIn sites
    • Xing sites
    • Newsletter
    • Reservation Centre;
    • Guest Relations Team
    • Hotels and other premises;

    • Our complaints procedure channel pursuant to Section 8 of the German Supply Chain Due Diligence Act for reports of human rights or environmental risks or violations of human rights or environmental obligations caused by our business activities or the business activities of one of our direct suppliers.
    • Summary of the purposes for processing your personal data and the legal basis for doing so:
    • We process personal data to make, amend and administer room bookings, provide hotel services, process and store payment details and provide other products and services (such as meals and car parking). We also deal with enquires, gather customer feedback, undertake market research and direct marketing (including analysis to create profiles), in our legitimate interests to promote our business and improve our service and delivery.
    • When booking with us, we don’t ask for accessibility, dietary, health or other sensitive personal data. If you (or someone on your behalf) do provide such information to us, please be aware we may need to ask for your explicit consent. In some cases, it may be permissible for us to have such data as it is in your vital interests that we do so.
    • On our websites we use third party marketing and analytical cookies plus similar technologies are included in our marketing emails, as explained in our Cookie Notice. You can reject and block cookies in your browser settings.
    • If you visit our website or use our App and enable push notifications, we’ll send you notifications using your browser or devices notifications function. You can turn this off at any time by using your browser or device settings. You’ll need to do this in each browser in which you enabled notifications.
    • We monitor social media to respond to comments or complaints about our business and with the permission of the platform owner we may reproduce your comments on our website, on the lawful basis of our legitimate interests.
    • In our legitimate interests, we also seek to prevent and detect crime as well as protect our business and premises.
    • If you report human rights or environmental risks or violations of human rights or environmental obligations caused by our business activities or the business activities of one of our direct suppliers via our complaints  procedure channel pursuant to Section 8 of the German Supply Chain Due Diligence Act, we will process your data (provided that the report was not made anonymously) in order to process the report. If the report was filed anonymously, the data controller for the corresponding data processing is our service provider, who operates the platform for the complaints procedure channel. For further information, please refer to their information on data protection.
    • In order to fulfil the above purposes:
      • we disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical service providers and advisers, to manage your bookings, arrange payments, respond to enquiries and provide services.
      • we may transfer your personal data outside the European Economic Area (the EU Member States plus Iceland, Lichtenstein and Norway) and, where we do this, we will use safeguards to protect your data.
    • We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
    Your rights
    • Any consent(s) you give us may be withdrawn at any time.
    • You have an absolute right to object to direct marketing (and any profiling for the purposes of direct marketing) at any time.
    • You also have the qualified right to:
      • request access, rectify, and erase your personal data;
      • object to processing for any purpose where we rely on our legitimate interests as the legal basis;
      • restrict processing; and
      • supply or transfer your personal data in a portable format.

    Where you exercise any of your rights, we will process your personal data to comply with your request in accordance with our legal obligations.

    • Where we use automated decision-making, you have the right to human intervention, to add a statement, and to have the decision reviewed.

    You have the right to lodge a complaint with any data protection supervisory authority, in particular, the one of the country in which you are resident, work or in which your complaint arises. For the contact details of the Information Commissioner in the UK see www.ico.org.uk, for Information Commissioner in the Isle of Man see www.inforights.im and for the Office of Information Commissioner in Jersey see https://oicjersey.org . For the contact details of the competent German supervisory authority see https://www.bfdi.bund.de Details of all EU supervisory authorities can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 

    We may provide additional information during the booking and check-in process and at other points at which we collect your personal data.

    If you wish to exercise your rights, please visit our Contact Us page where you will be directed to a feedback form. Then please select “Privacy” from the “Reason for contact” drop-down box.

    If you require further details of our Privacy Notice please read more below. 

  • Personal information we collect.

    We collect personal information when you book with us or request or use our services. This includes hotel and restaurant visits, using our websites or apps, or corresponding with us. We may also receive personal data about you from another source. This includes:

    • Personal Identifiers - title, name, marital status, postal and email addresses, postcode, IP addresses and contact telephone numbers. We may also collect the names of those who are part of a group booking where necessary, and the age of children to meet your needs (e.g. to provide a cot) and enable us to confirm any restrictions that may apply to a room booking;
    • Business-to-Business Information - for corporate customers and corporate business leads and contacts: job title, business address and business email address;
    • Transaction Information - payment, reservation and booking details, including meals, beverages & car parking;
    • Membership information - membership details for rewards and Premier Inn Business Account programmes;
    • Shareholder information – where you present a Whitbread plc shareholders’ card;
    • Newsletter – When registering for our newsletter, you provide us with your e-mail address, first name and last name. We use this information exclusively to send you the newsletter. The data you enter when registering for our newsletter will remain stored by us until you unsubscribe from our newsletter. You can unsubscribe at any time via the link provided for this purpose in the newsletter or by sending us a message to this effect. By unsubscribing, you object to the use of your email address.
    • Facebook Page Insights Data - In relation to our Facebook Pages, we may receive Insights Data from Facebook, i.e. aggregated data that can help us to understand how visitors are engaging with our Page, which may be based on personal data collected during your visit to our Page or its contents. In relation to the processing of this personal data only, we are joint controllers with Facebook Ireland Limited. Facebook Ireland Ltd has agreed to take primary responsibility under the GDPR for the processing of Insights Data and to comply with all applicable obligations under the GDPR with respect to the processing of Insights Data, so all requests and queries should be addressed to Facebook Ireland Limited. The Page Insights Controller Addendum sets out our respective responsibilities and is subject to the jurisdiction of the Irish Courts and the laws of Ireland. The Irish Data Protection Commissioner is the lead supervisory authority;
    • Customer special requests, wishes and feedback including complaints - via the Customer Contact Centre, emails and online free text fields 

    • In the event of a call to our Customer Contact Centre, we collect a recording of the telephone conversation with you if you have consented to this and

    • Reports filed via our complaints procedure channel - personal data that you provide about yourself when you submit a report via our complaints procedure channel pursuant to Section 8 of the German Supply Chain Due Diligence Act, as well as personal data that may be included in this report.

    Third parties that we receive personal data from may include:

    • Travel agents, booking agents, other agents, tour operators and schools;
    • Corporate customers and public information sources such as Companies House or similar registers in the jurisdictions of our operations; 
    • Comparison and review websites;
    • Social networks;
    • Car park operators;
    • Business Account management operators;
    • Market researchers;
    • Marketing service providers and advertising technology providers;
    • Government and law enforcement agencies;
    • Other licensees in accordance with licensing requirements;
    • Other hotel providers and other organisations as part of their contingency plans; and
    • Whitbread Group plc and other companies in the Whitbread Group.
  • How do we use your information, and what is the legal basis for this use?
    • To fulfil a contract, or take steps linked to a contract. This is relevant when you want to make a reservation with us; or receive other products and services from us such as meals and includes:
      • making, amending or administering your room booking and meal orders;
      • providing products and services requested by you;
      • verifying your identity;
      • processing payments;
      • to administer your My Premier Inn account;
      • to administer your Premier Inn Business Account;
      • communicating with you;
      • providing customer services, including managing complaints; and
      • alerting you by text, email or phone in the event of an unplanned incident, as a result of which we have to make alternative arrangements under our contract (or where we believe it is in your vital interests).
    If the information we request is not provided, we may not be able to enter into or comply with a contract or our legal obligations.
    In our legitimate interests regarding the conduct of our business, in particular:
    Ensuring customer satisfaction, maintaining goodwill and dispute resolution
    • we provide technical support and investigate and process any complaints about our website or our products or services, and to maintain appropriate records for internal administrative purposes.We reserve the right to request evidence to support any claims or complaints.
    • In our guest satisfaction surveys, we ask you to rate your stay and make suggestions for improvement so that we can improve our services. 
    To protect our business and prevent fraud
    • monitor, test and control the performance and security of our systems, networks, processes and premises to prevent and detect fraud and protect our business; and
    • monitor claims/spend in relation to our Good Night Guarantee (including profiling); and
    • if you provide a credit or debit card as payment, we use third parties to check the validity of your bank account or card details in order to prevent fraud.
    For business performance and improvement
    • monitor and record CCTV, call centre communications, including incoming and outgoing calls and emails for staff training, quality improvement purposes and establishing facts; and
    • analyse transactions to enable us to improve our services and products and plan for our business.
    Safety & Security of our Guests and Employees
    • to protect premises and for security purposes including information recorded from CCTV;
    • to monitor food safety and hygiene;
    • to obtain statements from witnesses to accidents and other incidents; and
    • for the detection and prevention of crime.
    Developing and Marketing Products and Services
    • for raising brand awareness;
    • to understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us;
    • for marketing (including creating profiles), competitions and promotions by post, email, text and push notification where permitted to do so by law;
    • we may use your data to provide personalised promotional offers to you where permitted to do so by law;
    • we may also use your data to provide you with personalised promotional offers on selected partner websites (for example, you might see an advertisement for our products on a partner site such as Facebook and Google);
    • we also share some of your information with marketing service and ad technology providers and digital marketing networks, such as Facebook, Google, Adobe and The Trade Desk, to present advertisements that might interest you.

    For example we may transfer information about you to such providers so that they may recognize your devices and deliver interest-based content and advertisements to you. The information may include your name, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. These cookies may contain demographic or other data in de-identified form;
    • for monitoring the use of our websites and apps in order to improve their performance and optimise our media spend;
    • we use personal data of some individuals to invite them to provide feedback or take part in market research; and
    • for developing corporate business and applying rates.
    Legal and Regulatory purposes
    • in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with claims, legal process or litigation);
    • to comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents;
    • to prevent, investigate and/or report suspected fraud, terrorism, security incidents or other crime, in accordance with applicable law;
    • to fulfil our legal obligation under Section 8 of the German Supply Chain Act Due Diligence Act to establish a complaints procedure; and
    • to anonymise personal data when we no longer need to process it.
    Where we have relied on legitimate interests as the lawful basis for processing, we have carried out a balancing test. For details of these email privacyofficer@whitbread.com if the processing is carried out by one of our companies in the United Kingdom, Ireland or Jersey. If the processing was carried out by one of our companies in Germany, please email skraska@iitr.de
    Where you give us consent:
    • we record your call in our Customer Contact Centre and - if your query is suitable - forward it to our virtual assistant, a software based on artificial intelligence (AI). The virtual assistant answers your question directly or forwards the call to an agent if it cannot answer your query; the recording is processed by Premier Inn for the purpose of training and further development of our employees and our virtual assistant;
    • we will send you emails, texts and push notifications (including newsletters) in relation to products and services provided by us, or by our named affiliates and carefully selected partners;
    • when you use our websites or apps, we place cookies and use similar technologies on your computer, mobile or other device and we use such technologies such as pixel tags and web beacons in marketing emails and communications (also see our Cookie Notice);
    • we may use credit checks if you apply for a Business Account;
    • to participate in competitions we run and, if you win, to use your information for promotional purposes;
    • we will process health information, such as dietary, accessibility, and allergy information you or a party on your behalf provides to us (we may also be able to do this where it is in your vital interests);
    • when you make a donation to a charity, we will process your payment for this purpose; and
    • on other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
    • We will forward your call to a virtual assistant in our Customer Contact Centre in Germany. The virtual assistant software uses artificial intelligence (AI) and will either answer your question directly or forward your call to an agent in our Customer Contact Centre if your query cannot be answered. The call is recorded, and the recording is used exclusively for the purpose of training and further development of our virtual assistant;

     

    For purposes which are required by law:
    • to record the identity and nationality of overseas guests (excluding the Republic of Ireland and Commonwealth citizens) on check-in. These guests will be asked to complete a registration form and provide their identity card/passport details, to comply with the Immigration (Hotel Records) Order 1972, as amended. Acceptable forms of identification are: a passport, driving licence, ID card or police warrant card. When checking in to our hotels in Germany, we must comply with the requirements of the German Federal Registration Act.Guests in Germany are requested to fill out a registration form and to indicate travel dates, names, birthdays, addresses, citizenship and the number of fellow travellers. For non-German guests, the number of a passport or other identity card is also required. 
    • in response to requests by government, law enforcement authorities, or intelligence services and court orders;
    • if required to comply with health and safety legislation to which we are subject;
    • we may be required to share information with other licensees in accordance with local licensing requirements; and
    • responding to a rights request under data protection legislation.
    To protect your vital interests or those of another person:
    • disclosing your personal data to the emergency services where we believe it is necessary to protect your vital interests or the vital interest of another person; and
    • where you (or a person acting on your behalf) provide us with dietary or other personal health data such as allergies.
    To ensure the quality of our hotels and improve our services in order to safeguard the legitimate interests of our business:
    • if you do not object, we will send you satisfaction surveys asking you to rate your stays with us and make suggestions for improvement.
  • Other recipients that we disclose, transfer or share your personal data with.

    Group companies
    We will share your personal data with Whitbread Group plc and other companies in the Whitbread Group for administering hotel and restaurant services & products. Details of the Whitbread group can be found on our corporate website at www.whitbread.co.uk. The group includes inter alia Whitbread Group plc and Premier Inn Hotels Limited in the UK and Premier Inn Holding GmbH and its subsidiaries in Germany. Premier Inn shares data within the Whitbread group when Whitbread Group plc provide us with support, advisory, IT, safety and security, including CCTV, and other services.

    Premier Inn Hotels Ltd is the representative of Premier Inn (Isle of Man) Ltd and Premier Inn (Jersey) Ltd in the EU.

    Service Providers
    For some activities Premier Inn uses third party service providers including where we are joint controllers. Your personal data will be disclosed to such organisations where this is necessary to provide a service to you, or where it is in our legitimate interests. You will be informed separately if a third party is operating as a joint controller with Premier Inn. Third parties are used to:

    • administer bookings;
    • provide Wi-Fi;
    • provide parking facilities (e.g. for Sleep Park Fly);
    • undertake customer feedback surveys;
    • respond to enquiries in the Customer Contact Centre for Germany via a virtual assistant and eventually forward it to the responsible employees;
    • provide analytics;
    • send promotional offers;
    • provide personalised advertisements;
    • provide insurance;
    • to provide and operate the complaints procedure channel pursuant to Section 8 of the Supply Chain Due Diligence Act;
    • provide IT development, support, maintenance and hosting, including the provision of applications and website hosting;
    • process payments to enable you to pay by credit or debit card;
    • provide credit checks and fraud checks; and
    • provide CCTV systems and maintenance.

    Other parties
    Personal data may be shared with regulators, government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes.

    We disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical advisers, to manage your bookings, arrange payments, and provide services.

    With your consent, we will also disclose your personal data to Ombudsman services and Citizens’ Advice.

    A very small number of hotels using the Premier Inn brand are run by a franchisee partner Greene King Brewing and Retailing Limited. Your data will be shared with such franchisee where you book one of those hotels to enable them to fulfil your booking and any related services requested by you. Such franchisee is committed to protecting your privacy but, to be clear, the franchisee is an independent business and is responsible for the operation of its own hotels and compliance with data protection laws.

    Restructure and sale
    We may restructure our internal group of companies so that different group companies run our hotels and related services. So, for example, in the future Whitbread Group plc (or another group company) may take over responsibility for the running and operation of hotels from Premier Inn Hotels Ltd. If this happens we will let you know and your data may be shared with such company and processed as set out in this notice.

    In the event that the business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

    International transfers
    Sometimes we may need to send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein and Norway) (‘EEA’). For example, to follow your instructions, comply with a legal duty or to work with or receive services from our service providers who we use to help run your accounts and our services.

    If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards:

    • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU.
    • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU.
    • Transfers to service providers and organizations that are listed as certified in the EU-US Transfer Privacy Framework Program (EU-US-DPF) by the US Department of Commerce and have submitted to the obligations therein. Based on the EU Commission's adequacy decision dated 10.07.2023, this ensures that the personal data and fundamental freedoms of the data subjects are adequately protected at these service providers and organizations. The list can be found at: Participant Search (dataprivacyframework.gov).
    • Binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries which do not provide an adequate level of protection.

    For some of our service providers in the US, we rely on EU-US-DPF. For example the party who helps us with our customer feedback surveys. We rely on contractual measures for a small number of our suppliers who have or use offices outside the EEA and who have restricted access to some data to provide us with IT services including development, testing, support and maintenance. For further details on the mechanisms used and for a copy of the chosen safeguards please contact privacyofficer@whitbread.com

    Business Account
    If you apply for a Business Account a separate Privacy Notice will also apply. Further information is available by clicking here.

    Significant automated decision-making
    Like many businesses we use business rules on financial and other information in order to detect and prevent fraud. When used, these may identify a risk and, as a result, a particular transaction may not be processed.

  • What rights do I have?

    Withdrawing consent

    Wherever we rely on your consent, you will always and at any time be able to withdraw that consent with effect for the future. We will continue to process your personal data for other purposes on a different lawful basis (other than consent) where that applies.

    Objecting to data processing including direct

    You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is conducted on the legitimate interest basis or which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, including profiling based on those provisions. In such case, we will no longer process your personal data unless we can demonstrates compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or that the processing serves the establishment, exercise or defence of legal claims.

    Where personal data are processed for direct marketing purposes, you have an absolute right to opt-out of direct marketing, and any profiling we carry out for direct marketing, at any time and without any limitation. You can do this by clicking on the 'unsubscribe' link located in the footer of every marketing email or text or by contacting us (see the contact details provided below). Where you objected to our processing for direct marketing purposes, we will no longer process your personal data for such purposes.

    Where you have a relationship with another organisation, such as a social media platform like Facebook, we may ask them to send marketing to you, subject to your consent. If you object to receiving marketing from us we will stop marketing to you. However, please contact the organisation directly if you want to withdraw your consent to such organisation marketing to you.

    Other qualified rights

    • You have the right to know whether or not we process information about you and to access that information.
    • You have the right to update, correct and complete any information we hold about you which is inaccurate or incomplete.
    • You have the right to obtain the personal data you provide to us for a contract or with your consent in a commonly used, structured, and machine-readable format, and to ask us to share (port) this personal data to another controller.
    • You have the right to ask that we erase or restrict (stop active) processing of your personal data.

    These rights may be limited, for example if fulfilling your request would reveal personal data about another person or you ask us to erase information which we are required by law to Relevant exemptions are also included within the data protection laws that apply in the UK or Germany as the case may be. We will inform you of relevant exemptions we rely upon when responding to any request you make.

    To exercise some of these rights, you can get in touch with us by:
    filling out this webform.

    This is the best way for us to handle your request directly and for you to get the quickest response.

    If you have concerns, you have the right to lodge a complaint with any data protection supervisory authority, in particular, the one of the country in which you are resident, work or in which your complaint arises. For the contact details of the Information Commissioner in the UK see www.ico.org.uk, for Information Commissioner in the Isle of Man see www.inforights.im and for the Office of Information Commissioner in Jersey see https://oicjersey.org.

    For the contact details of the competent German supervisory authority see:
    https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

    Details of all EU supervisory authorities can be found at:
    http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

  • How long will you retain my personal data?

    We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.

    The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period. For example, we retain:

    • CCTV recording for up to 31 days in the United Kingdom and 48 hours in Germany;
    • for up to 1 year incoming and outgoing voice recordings (although we will keep a record of any consent you give us during a call for as long as we rely on it as the lawful basis for processing);
    • for up to 25 months from your last stay, any personal data we process for managing your hotel or restaurant bookings;
    • for up to 36 months after it is resolved, any personal data we process in relation to queries, complaints or feedback relating to your hotel or restaurant booking;
    • until a period of 3 years has elapsed since your last interaction with us, personal data we process for marketing (including profiling) purposes, unless you ask us to stop sending electronic direct marketing, in which case we will act on your request, and then keep a record of your request indefinitely;
    • for 3 years in the case of accident report forms (or for accidents relating to a child, for 3 years after the child’s 18th birthday);
    • for up to 6 years from your last stay or access to your account, any personal data in an account you have set up with us, for example a My Premier Inn Account or Business Booker Account;
    • for up to 6 years in the UK and upto 10 years in Germany, financial and transactional data for the purposes of insights and analytics; and
    • for up to 7 years in the UK and upto 10 years in Germany, financial information for accounting, business reporting, analysis and audit purposes.

    In any of the cases mentioned above, we may retain the personal data for longer, if it is required for the purposes of any internal or external investigation or litigation. In these cases, it may be retained until the matter is resolved. We may keep your data for longer in line with any limitation periods, or if we cannot delete it, e.g. for tax, legal or regulatory reasons.

    You have the qualified right to request deletion of your personal data at any time, or we may choose or be obliged to erase your personal data earlier, for example, if we no longer need to process it.

    When you call up our web pages, you transmit data to our web server via your Internet browser (for technical reasons). The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

    • Date and time of the request
    • Name of the requested file
    • Page from which the file was requested
    • Access status (file transferred, file not found, etc.)
    • Web browser and operating system used
    • complete IP address of the requesting computer
    • transferred data volume.

    For reasons of technical security, in particular to defend against attempts to attack our web server, this data is stored by us for a short time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to individual users. In anonymised form, the data is also processed for statistical purposes; it is not compared with other data sets or passed on to third parties, even in excerpts.

  • Cookies and other similar technologies we use.

    Information about the first and third parties cookies and other technologies we use is available in our Cookie Notice

  • How do I get in touch with you?

    Queries and exercise of rights

    If you have any queries or want to exercise any of your rights please see the “Contact Us” page on our website where you will be directed to an enquiry form. Then please select ‘Privacy’ from the ‘Reason for contact’ drop down box.

    General data protection queries

    If you have any questions, suggestions or complaints about the processing of your personal information in the UK, please contact our data protection officer in the UK:

    Whitbread Group PLC, Legal Department, Whitbread Court, Porz Avenue, Houghton Regis, LU5 5XE

    Email: Privacyofficer@whitbread.com

    If you have any questions, suggestions or complaints about the processing of your personal information in Germany, please contact our data protection officer in Germany:
    Dr. Sebastian Kraska, Marienplatz 2, 80331 München
    Email: skraska@iitr.dei

     

    This Privacy Notice was last updated on 22 March 2024. Any changes to this Privacy Notice will be communicated on our website.