Privacy Policy


The Old Gaol Serviced Apartments (OGSA) is dedicated to ensuring that personal information is handled securely, taking care to protect our guests and clients. This policy aims to help you understand what information we may collect, how we will use it, and how it is stored and protected.

Our objective is to ensure that you are fully informed about your rights, and how the OGSA uses your data. Should you have any queries after reading this information, please do not hesitate to contact us via

Legal bases for data collection

Since the General Data Protection Regulations came into force on 25 May 2018, the OGSA is duty bound to ensure that stricter rules are enforced on how companies process and store data. Whilst the GDPR outlines 6 legal bases that a company may use to collect data from individuals, the OGSA only use 4. To get a full understanding of all the legal bases, please visit the Information Commissioner’s Office website.

Contractual obligation

We need to collect and process personal data to perform our contractual obligations to you. This legal basis is normally used when you purchase one of our services. This requires us to collect the following information:

  • Name;
  • Address;
  • Contact information.

This enables us to send you information on how to access your apartment and our check-in procedure.

Legal compliance

We may be required by law to collect and process your personal data. This enables us to pass details of people involved in fraud or other criminal activities affecting the OGSA to law enforcement.

Legitimate Interest

We may collect and process personal data for our own legitimate interests in ways that are reasonably expected to run our business. This could be to monitor trends in demand to help our marketing, setting our rates and monitoring repeat bookings to offer those guests exclusive discounts and offers.


We may collect and process your personal data with consent should you tick a box to accept receiving our newsletter or offers.

Personal data collected by the OGSA

The OGSA collects data at all stages of the customer journey. This is to ensure that we can provide the best customer service and accomplish our contractual obligations.

Data collected How the data is used
When you make a booking either through the website or via phone, we collect the following information:

  • Your name;
  • Your address;
  • Your contact number;
  • Your email address;
  • Names of all the guests;
  • Payment card details
We use this data to fulfil our contractual obligation to you in booking a serviced apartment. We use this information to create your reservation and provide you with the information on what to do upon arrival.
If you add extras to your booking and use a different payment method from when the booking was created, we will need to collect:

  • Your payment card details
We use this data to fulfil our contractual obligation with you.
When you make an enquiry through the website contact form we collect:

  • Your name;
  • Your contact number;
  • Your email;
  • Booking information.
We use this data to respond to your enquiry.
When you enter competitions, we may collect:

  • Your name;
  • Your contact number;
  • Your email address.
We may use this data to pick a winner and keep entries updated on the competition.
When you access our development, the underground carpark and the apartments and gardens Our development operates CCTV which will record your image on entering the development via the bollard system, walking to the apartment, gardens and exiting the development.

Data Use for Legitimate Interest

We may also process all data that we hold for legitimate interests of the company. This may include:

  • Monitoring social media;
  • Monitoring customer service performance;
  • Occupancy and revenue reporting;
  • Reporting on demand trends to better help plan promotions and rates;
  • We may use your booking history to offer exclusive discounts.

How your data is stored

We know how much security matters to all of our clients, therefore, we always treat your data with the utmost care and take all appropriate steps to protect it. We ensure all our third-party systems meet the General Data Protection Regulations and are PC compliant where required. Access to these systems is only given to staff members who require it to complete their daily tasks. Each system is secured via a ‘https’ connection and only accessible via a password-protected portal.

All sensitive data such as payment card details are PCI compliant within Stripe via our Channel Manager and tokenised outside of the system to maximise security.

Time period data is stored

When we collect or process your personal data, we will only keep it for as long as necessary for the purpose for which it was collected.

After the retention period, your personal data will either be deleted completely or anonymised so that it is non-identifiable for business planning.

When you make a booking, we will keep any personal data you provide us for two years so we can comply with our contractual and legal obligations. When you make an enquiry through our website, we will keep any personal data you provide us whilst we deal with the enquiry. Once the enquiry has been dealt with, all personal information will be deleted.

Sharing data

We sometimes share your data with trusted third parties. We have a very strict policy on what information can be shared with third parties to keep your data safe and to protect your privacy. We always ensure:

  • We only provide the information they require to perform their specific services;
  • They may only hold the data we provide for the exact purposes specified in our contract with them;
  • We ensure that they hold your data in a secure manner and that your privacy is protected at all times;
  • If we stop using their services, any data that they may hold will be deleted.

Such examples could be:

Our Accountant may need to share your information in order to produce invoices for business purposes

Our security team may be provided with a list of guest names and the apartments they are staying in to ensure they can identify guests.

We may share information with law enforcement bodies on request, potentially if fraudulent activity is suspected or criminal damage is incurred at our premises.

To help personalise and improve your journey through our websites. We currently use the following companies who will process your personal data as part of their contracts with us:

  • Innstyle,
  • Expedia;
  • Trip Advisor;
  • Facebook,
  • Twitter and
  • Google

Your rights

Under the new GPDR guidelines, you have the right to request a copy of any information the OGSA hold on you at any time and also to have that information corrected if it is inaccurate. To protect the confidentiality of personal data we hold, we will ask you to verify your identity before proceeding with a request for information. If you have instructed a third party to make the request on your behalf, we will ask them to prove they have permission to do so.

Right to withdraw consent

Whenever you have given us consent to process your personal data, you have the right to withdraw that consent at any time.

Back to Top