Thu
18°
Fri
21°
Sat
19°
Sun
13°
Mon
13°
Book a stay at The Biarritz
Book a table at The Biarritz
read more

Privacy Policy

Biarritz Hotel Ltd (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store and share personal data when you visit biarritzhotel.co.uk, make a booking, dine with us, sign up to our newsletter or otherwise interact with us.

Last updated: 27 April 2026

1. Introduction

Biarritz Hotel Ltd (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store and share personal data when you visit biarritzhotel.co.uk, make a booking, dine with us, sign up to our newsletter or otherwise interact with us.

We are the data controller for the personal data described in this policy. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data Protection (Jersey) Law 2018 and the Privacy and Electronic Communications Regulations (PECR).

2. Who we are

Data controller: Biarritz Hotel Ltd
Address: St Brelade’s Bay, Jersey, JE3 8EA
Telephone: 01534 742 239
Email: info@biarritzhotel.co.uk

If you have any questions about this policy or how your personal data is handled, please contact us using the details above.

3. Personal data we collect

We collect and process the following categories of personal data:

3.1 Information you give us directly

  • Booking and reservation data: name, address, telephone number, email address, payment card details, arrival and departure dates, room preferences, dietary requirements and any special requests.
  • Restaurant reservation data: name, telephone number, email address, party size, date and time of booking, dietary requirements and special requests.
  • Event enquiry data: name, contact details and information you provide about your event (wedding, celebration, baby shower, wake or other private function).
  • Newsletter sign-up data: name and email address.
  • Contact form and enquiry data: name, email address, telephone number and the contents of your message.
  • Correspondence: records of communications between you and us by email, phone or in person.

3.2 Information we collect automatically

When you visit our website, we may automatically collect:

  • Technical data such as IP address, browser type and version, time zone, operating system and device information.
  • Usage data such as pages visited, time spent on the site, referring website and click behaviour.
  • Cookies and similar technologies (see section 8).

3.3 Information from third parties

We may receive booking and guest data from third parties such as online travel agents (for example, Booking.com or Expedia), our central reservation system or our parent group, Bespoke Hotels.

4. How we use your personal data and the legal basis

Under UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

4.1 To perform a contract with you

  • Managing your room reservation, restaurant booking or event.
  • Processing payments, deposits and refunds.
  • Providing the services you have requested during your stay.
  • Communicating with you about your booking.

4.2 To comply with a legal obligation

  • Maintaining records required by HMRC and other regulators.
  • Complying with immigration, hospitality and health and safety requirements.
  • Responding to lawful requests from public authorities.

4.3 For our legitimate interests

  • Improving our website, services and guest experience.
  • Preventing fraud and securing our systems.
  • Sending occasional service communications about your booking.
  • Analysing how guests use our website to improve content and design.

4.4 With your consent

  • Sending marketing emails and newsletters about offers, events and news.
  • Setting non-essential cookies (analytics, marketing and social media).

You can withdraw consent at any time by clicking the unsubscribe link in any marketing email, updating your cookie preferences, or contacting us directly.

5. Who we share your personal data with

We do not sell your personal data. We share it only with the following categories of recipients, and only where necessary:

  • Booking engine provider: TravelClick / iHotelier (Amadeus Hospitality), which processes online room reservations on our behalf.
  • Payment processors: card payment providers that handle transactions securely. We do not store full card details on our own systems.
  • Email marketing platform: Mailchimp (Intuit Inc.), used to send our newsletter and marketing communications.
  • Analytics providers: Google Analytics (Google LLC), used to understand how visitors use our website.
  • Advertising and social platforms: Meta (Facebook) Pixel, used to measure advertising performance and deliver relevant content on Facebook and Instagram.
  • Parent group: Bespoke Hotels, our parent operator, where this is necessary for central reservations, group reporting or guest services.
  • Professional advisers: lawyers, accountants, auditors and insurers, where required.
  • Public authorities: where we are legally required to disclose information (for example, to the police, courts or HMRC).

6. International transfers

Some of our service providers (including Google, Meta, Mailchimp and TravelClick) are based outside the UK, including in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision made by the UK government.

7. How long we keep your personal data

We keep personal data only for as long as is necessary for the purposes set out above, including any retention required by law:

  • Booking and stay records: retained for up to 7 years to comply with HMRC requirements.
  • Restaurant and event enquiries: retained for up to 2 years after your last interaction with us.
  • Marketing data: retained while you remain subscribed and for a short period after unsubscribe to honour your opt-out.
  • Website analytics data: retained in line with the relevant provider’s default settings (typically 14 to 26 months).
  • Correspondence: retained for as long as needed to deal with the matter and for a reasonable period afterwards.

8. Cookies and similar technologies

Our website uses cookies and similar technologies to make the site work, to remember your preferences, to analyse traffic and to support marketing. We use the following categories of cookies:

  • Strictly necessary cookies: required for core site functionality, such as the booking engine and security. These do not require consent.
  • Analytics cookies: set by Google Analytics (GA4) to help us understand how visitors use the site.
  • Marketing cookies: set by Meta (Facebook) Pixel and similar services to measure the effectiveness of advertising.

When you first visit our website, you will be shown a cookie banner allowing you to accept or reject non-essential cookies. You can change your cookie preferences at any time by clearing cookies in your browser or revisiting the cookie settings on our site.

9. Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure: ask us to delete your data in certain circumstances (the “right to be forgotten”).
  • Right to restrict processing: ask us to stop processing your data in certain circumstances.
  • Right to data portability: ask for a copy of your data in a structured, machine-readable format.
  • Right to object: object to processing based on our legitimate interests, including direct marketing.
  • Rights in relation to automated decisions: we do not currently use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us using the details in section 2. We will respond within one month and will not charge a fee unless your request is manifestly unfounded or excessive.

10. How to complain

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve your complaint. You also have the right to complain to the supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk

As a Jersey-based business, we may also be subject to oversight by the Jersey Office of the Information Commissioner (JOIC). If your concerns relate to data we hold about you in Jersey, you can also contact JOIC at https://jerseyoic.org.

11. How we protect your data

We have appropriate technical and organisational measures in place to protect your personal data against accidental or unlawful loss, access, disclosure or alteration. These include access controls, encryption in transit (HTTPS), secure payment processing and staff training.

12. Children

Our website and services are not directed at children under 16. Where we collect data about children as part of a family booking, we rely on the consent of the parent or guardian making the booking.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website, and the “Last updated” date at the top of this page will be revised. We encourage you to review this policy periodically.

14. Contact us

If you have any questions or concerns about this Privacy Policy, please contact us:

Biarritz Hotel Ltd
St Brelade’s Bay, Jersey, JE3 8EA
Telephone: 01534 742 239
Email: info@biarritzhotel.co.uk