This notice explains what we do with your personal data and the steps we take to keep it secure. It explains when and how we collect personal data, who we share it with, how we process it and what your rights are in respect of the personal data processing we carry out.
Henrietta House is a privately owned hotel in Bath, England, UK. Within our company we provide short-term accommodation with breakfast in our property at Henrietta House, 27-29 & 33 Henrietta Street, Bath, England, UK, BA2 6LR.
We believe that a good customer experience means:
We don’t keep your personal data for any longer than we need it. See our Data Protection Policy for more details.
We do not share your personal data with other companies. We will not sell your personal data. We might need to share your personal data to uphold your rights, our rights or the rights of other people and we may need to share your personal data to meet some of our legal obligations.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In such cases, we will notify you and keep you updated.
To avoid misunderstandings, all cancellations are acknowledged in written form and must be confirmed by the hotel via email from Please retain the confirmation in the event of cancellation.
Standard rate, B&B, inclusive of tax:
No cancellation fee will be charged if the reservation is cancelled at least 72 hours/three days prior to arrival. For cancellation less than 72 hours before the intended arrival date, or in the event of a 'no-show' total for the reservation will be charged.
Non-refundable rate, B&B, inclusive of tax:
The payment is required at the time of making the reservation and no refunds will be offered if you cancel your booking. Reservations cannot be modified. There are no refunds in the event of a ‘no-show’.
Group Bookings (4 or more rooms)
To secure a group booking we require credit card details and a non-refundable deposit of 20% of the total cost of the booking. This deposit will be deducted from your total account, which will be payable on arrival.
If the booking or a part of the booking is cancelled 21 days or less before the intended arrival, 100% of the cost (less the deposit) for the total stay will be charged to your card.
Special offers are subject to availability and only valid at time of booking. Bookings must be made on the Henrietta House website or by calling the hotel. Existing bookings and third-party bookings are not eligible for special rates/offers. Offers cannot be combined. No exceptions will be made.
While every effort has been made to ensure the accuracy of all material on this website the hotel does not accept direct, indirect or consequential liability for loss or damage to your property.
Henrietta House collects and uses information about people with whom it communicates. This personal information must be dealt with properly and securely, however it is collected, recorded and used – whether on paper, in a computer or recorded on other materials – and there are safeguards to ensure this is compliant with the Data Protection Act. Henrietta House regards the lawful and correct treatment to personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals. To this end Henrietta House fully endorses and adheres to the principles of Data Protection set out in the General Data Protection Regulations 2018.
The purpose of this policy is to ensure that the staff of Henrietta House, Bath, is clear about the purpose and principles of Data Protection and to ensure that it has guidelines and procedures in place which are consistently followed. Failure to adhere to these guidelines and procedures is unlawful and could result in legal action being taken against Henrietta House or its staff.
The General Data Protection Regulations regulate the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.
Data users must comply with the data protection principles of good practice which underpin the GDPR. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
To do this Henrietta House, Bath follows the eight Data Protection Principles as out lined
The following procedures have been developed in order to ensure that Henrietta House meets its responsibilities in terms of Data Protection. For the purposes of these procedures data collected, stored and used by Henrietta House falls into 2 broad categories:
Henrietta House, as a body is a DATA CONTROLLER under the Act.
Henrietta House obtains personal data (such as names, addresses, phone numbers and email address along with bank card details and other data which may be considered as sensitive data) from clients. This data is obtained, stored and processed solely to assist staff in the efficient running of services. Personal details supplied are only used to send material that is potentially useful. Most of this information is stored on the organisation’s database.
Henrietta House obtains personal data and information from clients in order to provide services. This data is stored and processed only for the purposes outlined in the agreement and service specification agreed by the client either online or by direct phone call.
Personal data is collected over the phone and by other methods such as e-mail. During this initial contact, the data owner is given an explanation of how this information will be used.
Written consent is not requested as it is assumed that informed consent has been granted when an individual freely gives their own details to secure the reservation/receive services.
Personal data will not be passed on to anyone outside the organisation with exception for contracted Data processing companies, without explicit consent from the data owner. This will not be made unless there is a legal duty of disclosure under other legislation, in which case the Henrietta House management will make disclosure.
Only the organisation’s authorised staff will have access to personal data. All authorised staff are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it. Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the delivery of the service. Information will not be passed on to anyone outside the organisation without their explicit consent, excluding statutory bodies e.g. the HMRC. Individuals will be supplied with a copy of any of their personal data held by the organisation if a request is made. All confidential post must be opened by the addressee only.
Henrietta House will take reasonable steps to keep personal data up to date and accurate. If a request is received from an organisation/individual to destroy their records, we will remove their details from the database and request that all staff holding paper or electronic details for the organisation destroy them.
Personal data may be kept in paper-based systems and on a password-protected computer system. Staff are required to not pass any passwords to any unauthorised individuals and lock the computer when not in use. Henrietta House personnel must report any suspicious computer behaviour and not install any software. Access to Henrietta House computer system is strictly prohibited and is allowed only for trained staff. Paper-based data is stored in organised and secure systems.Henrietta House operates a clear desk policy at all times.
Henrietta House will not publish nor produce any photographs of clients unless written consent is obtained.
During the course of their duties with Henrietta House, staff will be dealing with information such as names/addresses/phone numbers/e-mail addresses of employees/clients/contractors. They may be told or overhear sensitive information while working for Henrietta House. The GDPR gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Staff, paid or unpaid must abide by this policy. To help staff comply with the terms of the GDPR, the attached Data Protection/Confidentiality statement has been produced. Employees are asked to read and sign this statement to say that they have understood their responsibilities as part of the induction programme.
Compliance with the Act is the responsibility of all staff, paid or unpaid. Henrietta House will regard any unlawful breach of any provision of GDPR by any staff member paid or unpaid, as a serious matter which will be dealt with under the disciplinary procedure. Any such breach could also lead to criminal prosecution. Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the line manager.
No documents will be stored for longer than is necessary. In regards to employees and contractors the data will be kept on file for up to 6 years. The client data in paper format will be kept for at least 6 years for records purposes. All documents containing personal data will be disposed of securely in accordance with the Data Protection Act principles. The client data in electronic format will be stored in password-protected computer system. All documents produced (print outs) containing sensitive data will be stored in a locked cabinets/drawer marked with ‘confidential data’ tag and will be shredded once they are no longer needed. With the exception of ‘guest registration cards’ all print outs containing sensitive data will be shredded on the day of guest departure. The housekeeping and breakfast lists, along with the evacuation list produced by Hotel Executive software will be shredded at the end of each day. Those documents must also contain an ‘Internal use data’ clause.