Hotel Direct Privacy Policy

Contact information

Surest Limited (trading as
Bridge House
St Clement Street
United Kingdom

Company No. 03335622

Telephone: +44 (0)1872 261 100

Privacy and

Surest Ltd (which trades as is committed to protecting and respecting your privacy.
This policy (together with our Terms and Conditions) sets out the basis upon which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this policy carefully to understand our practices regarding your personal data, how we will treat your data and your rights.

For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation (EU) which comes into force in May 2018, the data controller is Surest Ltd. Please see the controller's contact information at the top of this Privacy Policy.

Why we process your personal data and our lawful bases

1. We process your personal data in order to fulfil your contract with To place a hotel booking we are required by hotels to provide the name of the lead guest and under certain circumstances, to provide contact details such as telephone number and/ or email address. Other service providers involved in fulfilling our breaks products including but not limited to ticketing agents, theatres and train operating companies require some or all of the personal data that we collect from you to fulfil the service that they provide. Therefore the processing of the personal data that we collect from you is necessary for the performance of the contract between Surest Ltd and yourself. If you do not wish us to process your personal data for this purpose you must not enter into a contract with us; in other words you should not book via our hotel and hotel breaks booking services. The provision of personal data is a contractual requirement for hotel and hotel package bookings and we cannot fulfil a booking unless you provide the data requested. This legal basis is provided for in GDPR Article 6 paragraph 1(b).

2. The second purpose is optional and not required for the fulfilment of any contract between Surest Ltd and yourself. During the booking process we request a clear affirmation of your consent to process your personal data for the purpose of email promotions and to enter you into our loyalty program where you accrue free credit to spend against future bookings. Only customers who positively confirm their consent to receiving such emails will be included in these programs. The emails are infrequent and designed to be relevant to the customer. You can request a restriction of this use of your personal data and a removal of your email address from our email programs at any time. This legal basis is provided for in GDPR Article 6 paragraph 1(a).

Retention period of personal data

We decide upon the retention period of your personal data on the basis of whether we solely hold that data to fulfil your contract with or whether you have also affirmed your consent to be part of our email promotional programs.

1. If we hold your personal data solely for the purpose of fulfilling your contract with us (in other words in order to deliver the services booked) we will retain the data until the service has been fulfilled and for a period thereafter to allow us to answer and follow-up any post-fulfilment queries that you or a service provider may have. That period is 1 year following the fulfilment of your booking.

2. If you have additionally consented to be part of our email promotion programs we will hold your personal data for 5 years from the fulfilment of your last booking with us. The nature of our short break service is such that customers book infrequently and we therefore consider a period of a booking every 5 years to represent an active customer relationship. If you have not booked within 5 years we will take that as indication that you are a lapsed customer and we will then remove your personal data from our system and you will cease to receive emails and will be removed from our Loyalty Rewards program. If you disagree with this position, you can at any time withdraw your consent to receive emails.

Automated decision making

If you consent to being part of our email promotional programs we will use automated decision making to help ensure that products and discounts that you are offered are relevant to you and that reminders of your Loyalty Rewards are sent when thresholds are reached. Decisions are based upon the services that you buy and complementary travel services and offers that we believe may be of interest to you, can be offered. If you consent to being part of our email promotional programs but do not complete your booking you may be provided with a direct link by email that will enable you, should you wish, to easily access your booking data and complete your reservation.
Not providing or later withdrawing your consent to be included in our email marketing programs will prevent any future automated decision making regarding your personal data.

Your right to access, rectification, restriction and erasure

You have the right to request access to the personal data that we hold on you, to instruct rectification of any errors and under certain circumstances to restrict the use of your data or require the complete erasure of the data. Any such request or instruction should be submitted using the contact information at the top of this Privacy Policy.
You can at any time require the cessation of the use of your personal data within our email programs. Whilst you can withdraw consent at any time such instruction will not affect the legality of the prior marketing use of that data based upon your consent before its withdrawal. You can withdraw consent by clicking 'Unsubscribe' at the base of any of our promotional emails or by using the contact details at the top of this Privacy Policy.
If you have placed an as yet unfulfilled booking with us you cannot instruct the erasure of personal data that is required for the fulfilment of your outstanding contract with us. This does not affect your right to instruct a restriction of the use of your data so that consent for marketing use is withdrawn. Upon fulfilment of our contract (the booking) you can request complete erasure of the personal data that we hold on you. Whilst we normally require the retention of such data for 1 year to assist with any post-fulfilment queries, we will consider any request in this period to restrict or erase data. Any such requests received over 1 year after a customer's last booking will be fulfilled.
We will endeavour to comply with or respond to any requests regarding your personal data within 5 working days. We will confirm back to you the action taken.
If you are dissatisfied with our response to your request or instruction you have a right to lodge a complaint with the Information Commissioner's Office (ICO).

Information we collect from you

We may collect and process the following data about you:

1. Information that you provide by filling in a form on or by calling our customer service centre to submit a booking or request. This information includes but is not limited to your full name and title, address, telephone numbers and email address. Furthermore if you contact us for any other reason, we may keep a record of that correspondence or communication

2. Details of your visits to our website including, but not limited to, traffic data, your device, the resources that you access, the last page that you view and other website data

IP addresses

An IP address is a unique set of numbers that identifies a device using internet protocol to communicate over the World Wide Web. We collect your IP address for system administration and to assist with data security. Third party advertising partners may also record IP addresses to improve the effectiveness of our promotion. IP addresses do not identify you as an individual.


Cookies are small data files stored on your computer when you visit websites. They are very widely used to make websites more efficient and they cannot harm your computer or device. At we use cookies to collect information about your visit to our website. We don't store any personally identifiable information in the cookies. They help to contribute to a better experience for you when you visit our website, such as improving the search process by remembering your query. You can restrict the use of cookies on your computer by changing your browser settings.

We use cookies for the following reasons:

1. Session cookies: these cookies are used so that we can improve your experience on our website. For example we retain the details of what you have searched for, such as the date and number of nights. This has been designed to help if you make multiple searches. These cookies also allow us to attribute and deploy as a discount the correct level of free credit to customers who have earned Loyalty Rewards through previous bookings.

2. Analytical cookies: these cookies help us understand visitor information such as browser usage, visitor numbers, and the final page of our website that you visit in a given session. This information helps us to improve our website and your experience and to make our website presentation and promotions more relevant to you. No personal data is collected.

3. Third party cookies: we have relationships with a small number of suppliers who may also set cookies during your visit for the following reasons:
Advertising Performance - These cookies allow us to monitor the effectiveness of our advertisements that appear on search engines such as Google, Yahoo and Bing. This means we can make those advertisements more relevant to you by providing our best services and most relevant content.
Re-marketing - These cookies from third parties like Criteo, allow us to show you advertisements on other websites after you have left They show hotel and theatre breaks that relate to your search and provide a direct route to the best and most relevant deals on our website. In the industry this is called remarketing or behavioural advertising and is a common online advertising practice. Again these cookies do not collect any personal data.

Page Optimisation - These cookies from third parties partners allow us to test variations of a website page with the objective of optimising the visitor experience and the relevance of the services and messages that we put in front of you. This includes A:B testing where you will see 1 of 2 variations of a website page being tested. These cookies do not collect any personal data.

Social Networks - If you decide to 'share' content through social networks such as Facebook and Twitter you may be sent cookies from these websites. We don't control the setting of these cookies, so we suggest you check third-party websites for more information.

Encryption of personal data

In accordance with recent guidance and best practice, all customer personal data stored by us is kept secure in encrypted format in order to minimise the risk of unauthorised or unlawful use of this personal data.

Corporate accounts

If you have requested on behalf of a company or organisation a corporate account with Surest Ltd. and consented to being the contact for that company or organisation for this purpose, we will retain your personal data (which is limited to name and email address) until you request a change or erasure of your data or advise that your company no longer wishes to hold the corporate account and its associated benefits. The rights to access, rectification, restriction and erasure detailed above apply.