Privacy Notice


Rocco Forte Hotels Limited together with its direct and indirect group companies, and all of the separate legal entities that manage hotels and resorts on its behalf worldwide (collectively referred to as “Rocco Forte Hotels”, “we”, “us”, “our”) takes the issue of safeguarding your data privacy seriously. This privacy notice (“notice”) describes what information we collect about our guests, visitors, website and mobile app users, gift certificate purchasers, subscribers, enquirers, business contacts and any other individuals from time to time (each referred to as a “guest”, “user”, “you”, “your”).

Rocco Forte Hotels offers a range of luxury leisure and related products and services, such as hotel and resort accommodation, bar, spa, fitness, restaurant, private dining room, catering services, event and conference services. Our hotel brands include Rocco Forte Hotels, Brown's Hotel, The Balmoral, Hotel Amigo, Hotel Astoria, Hotel de Rome, Villa Kennedy, The Charles Hotel, Hotel de Russie, Hotel Savoy, Verdura Resort, Assila Hotel, Angleterre Hotel and other hotels from time to time. Other brands include F&B Outlets, Spa Outlets, Forte Organics and other brands from time to time.

Please read this notice carefully. By visiting our website, using our services or otherwise interacting with us, you acknowledge the data processing activities described in this privacy notice. Please note that any linked websites are subject to their own terms and privacy notice. If we amend this notice, your continued use of our website and services will amount to your acknowledgement of the amended notice.

If you have any questions about this notice, please contact us by email at dataprivacy@roccofortehotels.com or write to our office at Rocco Forte Hotels, Data Privacy Enquiries, 70 Jermyn Street, London, SW1Y 6NY. Please note your enquiries will be received during UK office hours and we will aim to respond as soon as reasonably possible.

This version of our privacy notice was published in March 2018.

  • What information might we collect about you?
  • What channels do our “electronic communications” include?
  • What do we do with cookies?
  • How do we use your information?
  • etc ...links to section heading below

1. What information might we collect about you?

We may process the following information about you:

  • Information you provide to us. You may give us information about you by, even partially, filling in forms, setting up a user account or profile, subscribing to newsletters and other services, making or cancelling a booking or ordering a product, making applications in respect of job postings, uploading information on our website, sending an "enquiry" about one of our hotels or resorts, using our contact form, participating in one of our on-line surveys, prize draws or promotions or by contacting us in personal or professional capacity by e-mail, phone or otherwise. This information may include your name, email address, billing address, room preferences or special requests, phone number, guarantee and deposit information to secure your reservation, the content of any email you send to us and any other similar information. You are under no obligation to provide this information, but without it, we may be unable to respond to you and to provide you with the requested services, content or information.
  • Information collected during your stay with us. We record your itemised spending and other expenses billed to your room. Information particular to your stay may also be stored, such as service requests, your creditworthiness, special preferences or health related requests. The information specific to your stay is stored in our Property Management System and is combined with information from previous visits that you have made to that hotel or to any other hotels within our group. Images of you may be captured if you are present in areas monitored by CCTV.
  • Information we collect about you. With regard to your website visits or app use we may collect:

    • Information that does not reveal your personal identity; for example, the type of destination you are seeking information on. We use this data mainly for to ensure communication relevance, and we may connect it to your name or email address;
    • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, date and time you access our website, browser plug-in types and versions, operating system and platform and similar information; and
    • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website, pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Information about minors. Our website and services are not intended for minors. If you are a minor, please do not use our website and services, and instead please ask your parent or guardian to engage with us on your behalf. We may collect information from minors as part of the guest reservation and registration processes, but always with the consent of the parent or guardian.
  • Information obtained from someone making a booking on your behalf. If you are acting on behalf of another person, you undertake that you are authorised by that person to provide their personal data, and that the information provided to us is accurate. You may be liable for any loss or damage that we suffer as a result of your breach of this undertaking.
  • Information about you obtained from third party sources. We may receive information from credit reference agencies, online travel agents used by you to make a booking or enquiry, our broadband provider and other service providers who will inform us, for billing purposes, if our guests used certain services and other third parties. In addition, in preparation for your stay, we may collect your photograph from publically available sources so that we can recognise you upon arrival in order to provide you with outstanding customer service.

Where European data protection laws apply to our processing of your information, for example, if you are dealing with one of our hotels or group companies located in Europe, then some of the information collected about you by that group company may constitute so called “personal data”. In such case, you will be referred to as a “data subject”. Personal data will include any information from which you can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Where applicable, we will process your personal data in compliance with such laws.

2. Cookie Statement

What Exactly Are Cookies?

In order to collect some of the information described in this notice, we may use cookies, web beacons and similar technologies on our website and apps. A cookie is a small piece of information which is sent to your browser and stored on your device. First party cookies are placed by the website you are visiting. Third party cookies are placed by third parties such as Google. For more information about cookies please visit www.allaboutcookies.org.

The Cookies Placed through our Website

We use the following cookies.

  • Strictly necessary cookies. These first party cookies are essential in order to enable you to move around our website and use its features. Without these cookies, services you have asked for cannot be provided. They are deleted when you close the browser.
  • Performance cookies. These first party cookies collect information about how visitors use our website and apps. They allow us to recognise and count the number of visitors, see how visitors move around the website when they are using it and identify the regions that they are visiting from.
  • Functionality cookies. These first party cookies allow our website and apps to remember choices you make such as your user name, language or the region you are in, and provide enhanced, more personal features.
  • Analytics. We may use third party analytics services such as Google Analytics and others. Your IP address and other information will be collected by automated means to evaluate your use of the website, compile reports on website activity, identify user patterns and provide related services. These providers may retain and use aggregated data collected from our users in connection with their own business, including in order to improve their products and services. For more information about how Google Analytics uses your information please click here. In addition, authentication and tracking logs will be used to compile user statistics.
  • Targeting or advertising cookies. These cookies allow us and our advertisers to deliver ads more relevant to you, your interests and demographic profile, and to measure the effectiveness of advertising campaigns. They remember that you have visited our website, the length of your visit, the ads you viewed and other information in your “utilisation profile”. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion. As a result, you may see our ads on other websites which participate in advertising networks administered by thirdparty vendors, such as Google AdWords, Bing Ads, Yandex, Facebook, and others.
  • Social Media cookies. These cookies allow you to easily use your social media such as Facebook, Twitter, Instagram and others. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion. If you use these functionalities, the plug-in and its content are loaded directly from the social media provider’s servers and included in the website by your browser. If you log into your respective social media account at the time you interact with the social media plug-ins on our website, the social media provider will connect this information with your social media user profile. We cannot influence which personal data the social media provider will collect about you. For more information, please see the privacy notices of Facebook, Twitter, Instagram and others.

We may combine information from cookies and other technologies with other information about you.

Cookie Consent

We assume that you are happy for us to place cookies on your device. In some cases, when you arrive on our website a pop-up message will appear asking for your consent to place advertising cookies on your device. In order to provide your consent, please click ‘I understand’. Once your consent has been provided, this message will not appear again when you revisit.

3. How do we use your information?

We may process your information in accordance with the law as required in order to:

  • (a) respond to and process your queries, comments, complaints and requests;
  • (b) deliver the services, products or content requested by you, process your bookings or cancellations, manage and administer your user account, and allow you to participate in interactive features of our apps and websites, when you choose to do so;
  • (c) provide you with a customised and premium service including customer service before, during and after your stay, whether you are a new or a returning customer. For these purposes we may create a profile about you including information from our Property Management System, which will also enable us to increase our communication relevance;
  • (d) display content on our websites and apps, such as stories, product reviews, comments and photos, provided by you;
  • (e) handle job application that you may make to us, carry out profiling for recruitment purposes, manage your login details on our careers platforms and use recruitment tools that allow us to assess our applicants’ suitability for specific roles;
  • (f) enable our suppliers and service providers to carry out certain functions on our behalf, including the hosting of our websites, apps and booking platforms, verification, technical, logistical or other functions;
  • (g) send you personalised marketing communications, alerts and newsletters, and serve personalised ads to your devices as permitted by law and, where applicable, subject to your consent. A subscription confirmation email with a link to our Preference Centre will be sent to subscribers where they can select their preferred electronic communication channels such as email, SMS, push notification in apps, telephone, messaging systems such as What's app, WeChat and other social media channels;
  • (h) communicate with you about, and administer your participation in, special events, programs, surveys, contests, sweepstakes, and other offers or promotions;
  • (i) administer our business including financial operations, credit checks and debt recoveries;
  • (j) ensure the security of your user account, our premises and facilities and our business, for example, by monitoring account activity and deploying CCTV; verify your identity, when required; prevent or detect fraud or abuses of our websites, products and services, for example, by requesting verification information in order to reset your account password; implement and enforce our general terms and conditions of business or any other agreements concluded with you; administer technical aspects of our website, including troubleshooting, diagnosis of technical and service problems, testing, encryption and similar operations;
  • (k) carry out data analysis, statistical research, and trend analysis in relation to user activity, demographic information, guest profiles, user comments or other contributions to develop and improve our websites, products and services and to ensure the effectiveness of our business efforts;
  • (l) comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law. We also record information to comply with financial reporting requirements, including those imposed by auditors and government regulators. We may also collect certain information as required by local laws (e.g. passport number, name of all sleepers’ including kids and partners).

The legal basis for our processing of your personal data for the purposes described above will typically include:

  • processing necessary to fulfil a contract, such as our terms and conditions or booking terms, that we have in place with you, such as the processing for the purposes set out in paragraphs Error! Reference source not found., Error! Reference source not found., (c) and (d);
  • processing necessary for our or a third party’s legitimate interests, such as the processing for the purposes set out in paragraphs (e), (f), (h), (i), (j) and (k), which is carried out on the basis of our legitimate interests to ensure that our website, services and content are competitive and provided efficiently, without delays and in an user-friendly and personalised manner taking into account user feedback, data and profiles, to ensure the security of our business and information of our users, and to ensure the proper and efficient administration of our business, unless consent is required for any such processing under applicable law ;
  • your consent, such as the processing for the purposes set out in paragraph (g) and 2, where such consent is required under applicable law;
  • processing necessary for compliance with a legal obligation to which we are subject, such as the processing for the purposes set out in paragraph (l); and • other applicable legal grounds for processing from time to time.

4. Your right to opt-out

If you would like us to stop sending you marketing emails you may use the opt-out link at the bottom of any marketing email we send you. Although we encourage you to use the opt-out link because it is automated, you may also send us a request at unsubscribe@roccofortehotels.com or by phone on +44 (0)20 7321 2626. Please note your enquiries will be received during UK office hours and we will aim to respond as soon as reasonably possible.

If you, or another user of your device, wish to withdraw your cookies consent at any time, you have the ability to accept or decline cookies by modifying your browser setting. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website, content and services. For more information about which cookies may be placed on your device and how to opt-out, please access the tools of the DAA here, Your Online Choices here or NAI here. You may opt-out from Google Analytics here. In some instances, when you opt-out, a new cookie (Opt-Out-Cookie) is placed in your web browser. This tells the third party provider to cease data collection from your browser and prevents advertisements from being delivered to you.

5. Disclosure of your information

We may disclose your information in accordance with the law for the purposes listed above to third parties including:

  • our subsidiaries, affiliates, branches or associated offices through access to our systems, such as the Property Management System, or otherwise;
  • our partner hotels and resorts which we manage on behalf of third party owners. We may share your booking information with such third party owners where it is necessary to fulfil your booking or other requests. In addition, health and safety related data or preference information may be shared to enhance your guest experience. Please note if we cease to manage a particular property, all personal data remains with us. However, guest information required to process pending reservations and information that is historically shared with the property owner is retained by the property owner;
  • the public where you have included information in our blogs, forums and discussion groups;
  • our outsourced suppliers, service providers, consultants, databases, incident response or business continuity providers; our analytics and customer relationship management partners; our marketing, communications and advertising partners;
  • online travel agents who you use to make a booking or enquiry;
  • the payer, such as your employer who pays on your behalf and receives your billing information;
  • third party residential property developers, subject to your consent;
  • legal entities, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company or new owner;
  • public authorities where we are required by law to do so; and
  • any other third party where you have provided your consent.

6. Is my information transferred overseas?

We may transfer your information outside of the country in which it was collected (including to countries where we have hotels under development or operation) for the purposes and to the parties set out above. Our core business systems, including our Property Management System, are located in data centres within EEA, US and Russia.

Such transfers of data may be to a country which may not provide the same level of privacy protection as that provided by the country in which the information was collected. However, we will take reasonable steps (including entering into data transfer agreements based on the European Commission model clauses, where required) to ensure that your personal data are adequately protected by using appropriate technical, organisation, contractual and other lawful means. If you are located in the European Economic Area or in the UK, you may contact us for a copy of the safeguards which we have put in place to protect your personal data in these circumstances.

7. Security of your information

We endeavour to protect your information through the measures set out below. Unfortunately, we cannot always guarantee complete security. Unauthorised entry or use, hardware or software failures, events outside our control and other factors, may compromise the security of your information. Nevertheless, we will comply with our obligation to implement appropriate technical and organisational measures to ensure a level of security of personal data appropriate to safeguard against the risks of a personal data breach.

Each Rocco Forte Hotels group company stores guest information in a secure location, be it a database, Property Management System, marketing and research database or a filing cabinet. Furthermore, we take steps to ensure that only designated individuals have access to this information. When you log-in to complete or modify a Booking Profile or a Guest Service Profile, your online interaction with us is protected from eavesdropping using encryption technology based on the browser you use. Credit card information is transmitted and stored in encrypted format and only unencrypted when required for taking payments or guaranteeing future stays. Access to unencrypted credit card details is restricted to designated individuals as per PCI DSS industry best practise. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) technology, which encrypts information you input and which is certified by the Secure Server Certification Authority. We reveal only the last four digits of your credit card numbers when confirming a reservation or processing on-line purchase transactions.

It is important to note that e-mail communications are not secure. There is a risk inherent in the use of email. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the “Contact Us” section of our website). We recommend that you do not include any confidential information (i.e. credit card information) when using email. For your protection, our email responses to you will not include any confidential information.

Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion. Be sure to choose strong login credentials when setting up an account and protect yourself against unauthorised access to your password and to your computer.

8. How long is my information retained?

Your personal data will be retained for as long as is necessary for the purposes listed above or as required by applicable law. If you are located in the European Economic Area or in the UK, you may contact us about further detail about our data retention periods in relation to your personal data.

We may keep an anonymized form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful reason to do so.

9. Your rights

Where European data protection laws apply and you are a data subject whose personal data are processed by us, you may have certain rights in relation to your personal data, as further described below. In such circumstances, you may exercise your rights by emailing us to dataprivacy@roccofortehotels.com, or unsubscribe@roccofortehotels.com for any consent withdrawal/unsubscribe requests or by calling us on +44 (0)20 7321 2626.

  • Right to make subject access request (SAR). Data subjects may request in writing copies of their personal data. Where possible, we will enable our users to access their information. For example, if you are a My RF Account holder you can access a subset of your guest information on /account/login/ or through the RF Mobile Apps and using your username and password to access your personal information.
  • Compliance with SARs is subject to certain limitations and exemptions and the rights of other individuals. Each request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and payment, where applicable. Rocco Forte Hotels will endeavour to respond to any SARs within one month or as otherwise prescribed by law.
  • Right to rectification. Data subjects may request that we rectify any inaccurate or incomplete personal data.
  • Right to withdraw consent. Data subjects may at any time withdraw their consent to the processing of their personal data carried out by us on the basis of their previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.
  • Right to object to processing including profiling. We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to refuse the data subject’s request. We will comply with each valid opt-out request in relation to marketing communications without delay. Rocco Forte Hotels will aim to respond to any other enquiries within 72 hours. However, it might take up to 7 days to have your profile deleted from all our systems.
  • Rights in relation to automated decisions about you. Where we make a decision based solely on automated processing which significantly affects the data subject, her or she may have the right to contest the decision, express his or her point of view and obtain human intervention.
  • Restriction. Data subjects may request that we restrict our processing of their personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain way.
  • Right to erasure. Data subjects may request that we erase personal data about them and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as, a legal obligation that we have to comply with, or if the continued retention of personal data is necessary for us to comply with our legal obligations.
  • Right to data portability. In certain circumstances, data subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. To the extent this applies to our services, we will comply with such transfer request. Please note that a transfer to another provider does not imply the erasure of personal data.
  • Right to lodge a complaint with the supervisory authority. We suggest that data subjects contact us about any questions or complaints in relation to how we process their personal data. However, each data subject has the right to contact the relevant European supervisory authority directly. A list of supervisory authorities is available here.