There is a long-standing law (can't remember the title, but I'm sure someone
on the list will know) which says that hotels must keep a record of the name
and address of everyone who stays (and additional details if they are not a
UK, or possibly EU, resident).
I assume this applies even when the accommodation is booked on their behalf
for a conference. My take on it would be that the hotel is processing that
data for its own purposes, and would therefore be the Data Controller to
that extent.
If the data is provided to the hotel by the conference organiser that should
probably be mentioned in the fair processing statement; if the hotel
collects it directly then it's entirely their business to get the Data
Protection right (and not, for example, say on the form that they will use
the data for marketing unless you write in to a separate address to tell
them not to, as happened to me not long ago).
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: "Simon Howarth" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, May 06, 2009 8:27 PM
Subject: Re: Controller or Processor
> Kevin,
>
>
>
> Funnily enough we are the other side of what you do. Another part of my
> company arranges a conference and it is made quite clear that we are a
> data
> processor and that the controller is the Association on behalf of whom we
> take bookings and arrange accommodation etc. It's just about to start up
> again so the website is in a state of flux, but look at
> www.eip-conference.co.uk and privacy policy is at the bottom. Equally we
> would be happy for any pointers if anyone feels something is not quite
> right. We try to keep privacy very simple and straight-forward and any
> hotels used to book rooms are done through us and only a name is provided
> to
> the hotel, so they can't do much anyway.
>
>
>
> However, one thing I am unsure about is if the hotel ask the attendee to
> fill out a registration card and what they so with that information - I
> must
> look into that.
>
>
>
> Simon Howarth.
>
>
>
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Kevin Tarleton
> Sent: 06 May 2009 16:56
> To: [log in to unmask]
> Subject: [data-protection] Controller or Processor
>
>
>
> As part of the improvement courses and programmes my organisation runs, we
> arrange large events at hotels. We have an event-management partner who
> collect the personal details of our attendees in order to book the hotel
> accommodation.
>
>
>
> I want to make sure we are doing everything we can to protect the personal
> information of our attendees, and at the same time I want to make sure
> each
> organisation that processes their information is aware of its own
> responsibilities to the attendee and ourselves.
>
>
>
> My understanding is that my organisation will remain the Data Controller
> no
> matter who is processing the information for us.
>
>
>
> Even so, I have several questions that have been bugging me that I was
> hoping list members could help me with:
>
>
>
> 1. Are the hotel the data processor for us or for our event-management
> partner?
>
> 2. Is there an argument that our event-management partner are the data
> controller and the hotel their data processor (as they collect information
> directly)? (Although we should have access to this information if we
> require
> it)
>
> 3. Do our event-management partner remain a data processor because they
> are
> collecting the information on our behalf?
>
>
>
> All opinions welcome!
>
>
>
> Kevin
>
> Kevin Tarleton
>
> Information Governance & Security Officer
>
>
>
> Improvement Foundation
>
> First Floor, Gateway House
>
> Piccadilly South
>
> Manchester
>
> M60 7LP
>
>
>
> Tel: +44 (0)161 236 1566
>
> Fax: +44 (0)161 236 4857
>
> Email: <mailto:[log in to unmask]>
> [log in to unmask]
>
> Web: <http://www.improvementfoundation.org/>
> www.improvementfoundation.org
>
>
>
> Please respect the confidentiality of any information you receive from us.
> If you are not the intended recipient of this message, any disclosure,
> distribution or any action taken in reliance on it is prohibited and may
> be
> unlawful. Please notify the sender immediately if this email appears to
> have
> been sent to you by mistake. Please note that any views expressed in this
> email may be those of the originator and do not necessarily reflect those
> of
> the Improvement Foundation.
>
>
>
> Improvement Foundation Limited, Registered number: 5689826 (England).
> Registered Office: First Floor, Gateway House, Piccadilly South,
> Manchester,
> M60 7LP.
>
>
>
>
>
>
>
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _
>
> Any requests under the Freedom of Information Act should be directed to
> [log in to unmask]
>
> Please notify the sender immediately if this email appears to have been
> sent
> to you by mistake;
> Respect the confidentiality of any information you receive from us;
> Remember that emails sent or received by our staff may be disclosed under
> the Freedom of Information Act;
> Let us know straight away if you suspect this email is infected with a
> virus
> by ringing 0161 237 2560 [if outside the UK +44 161 237 2560].
> (We take all possible steps to ensure that our systems are virus-free but
> no
> system is completely secure.)
> Please note that the contents of incoming and outgoing emails are
> automatically scanned for inappropriate content.
>
> _____
>
> All archives of messages are stored permanently and are available to the
> world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
> Selected commands (the command has been filled in below in the body of the
> email if you are receiving emails in HTML format):
>
> * Leaving this list: send leave data-protection to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> * Suspending emails from all JISCMail lists: send SET * NOMAIL to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> * To receive emails from this list in text format: send SET
> data-protection NOHTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> * To receive emails from this list in HTML format: send SET
> data-protection HTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of
> an
> otherwise blank email to [log in to unmask]
>
> Any queries about sending or receiving messages please send to the list
> owner [log in to unmask]
>
> (Please send all commands to [log in to unmask] not the list or the
> moderators, and all requests for technical help to
> [log in to unmask],
> the general office helpline)
>
> _____
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|