Privacy Policy

Last updated: 1 March 2025

Hotel & Resort Magazine Limited ("we", "us", "our") is committed to protecting the privacy and security of your personal information in compliance with the UK General Data Protection Regulation, the Data Protection Act 2018, and applicable guidance from the Information Commissioner's Office.

1. Information We Collect

Subscription and registration data: When you subscribe to Hotel & Resort Magazine, you provide your name, email address, billing address, and payment information. This data is collected and processed solely for the purpose of delivering your subscription and managing your account.

Usage and analytics data: We collect data about how you interact with our digital platforms through cookies, server logs, and analytics tools. This includes pages visited, content engaged with, device information, and geographic location at country level. We use Google Analytics 4 with IP anonymisation enabled, and our own first-party analytics infrastructure. We do not sell this data to third parties.

Communication data: When you contact us by email, through our website forms, or through our social media channels, we retain the content of that communication and your contact information for as long as necessary to respond to and resolve your enquiry.

2. How We Use Your Information

We use your personal data to: deliver your digital and/or print subscription; send editorial newsletters to which you have subscribed; process payment transactions securely; improve our products and editorial content; respond to enquiries; prevent fraud and ensure platform security; and comply with legal obligations. We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

3. Your Rights Under UK GDPR

You have the right to: access the personal data we hold about you (Subject Access Request, responded to within one calendar month); request correction of inaccurate personal data; request erasure of your personal data where we have no lawful basis for continuing to hold it; object to processing based on legitimate interests; request restriction of processing; and data portability. To exercise any right, email: privacy@hotelresortmag.com.

4. Data Security

We implement industry-standard security measures including TLS encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, and annual penetration testing by an independent security firm. Payment data is processed by Stripe and is not stored on our systems. We maintain a documented incident response plan and will notify affected individuals and the ICO of any qualifying data breach within 72 hours of discovery.

5. Contact

Data Protection Officer: privacy@hotelresortmag.com | Hotel & Resort Magazine Limited, 5 Hanover Square, London W1S 1HQ