Privacy Policy | Eleven Royal Terrace, Edinburgh
Eleven Royal Terrace Back to the house
Eleven Royal Terrace · Edinburgh

Privacy Policy

Last updated: July 2026

Eleven Royal Terrace respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and share personal data when you visit our website, make a booking, stay with us, contact us, use our services, sign up to marketing, or otherwise interact with Eleven Royal Terrace.

For the purposes of this Privacy Policy, “we”, “us” and “our” means Eleven Royal Terrace and/or the legal operating company responsible for the property.

Legal entity Effective Hospitality Management Ltd
Company Number: SC664745
Registered address: 21a Rutland Square, Edinburgh, Scotland, EH1 2BB
Property address: 11 Royal Terrace, Edinburgh, Scotland
Email: reservations@11royalterrace.co.uk

01Who is responsible for your personal data

The data controller is the organisation responsible for deciding how and why your personal data is used.

For most guest, booking, website and operational matters, the controller is Effective Hospitality Management Ltd, the operating company of the property.

Where we work with service providers, booking platforms, payment providers, technology providers, professional advisers, local authorities or our management company, those organisations may act as processors, independent controllers or joint controllers depending on the purpose and legal arrangement in place.

02Personal data we collect

We may collect and use the following types of personal data.

Booking and guest details

  • name;
  • address;
  • email address;
  • telephone number;
  • country of residence;
  • nationality, where required or reasonably necessary;
  • arrival and departure dates;
  • room type, rate type and booking value;
  • number of guests;
  • guest preferences;
  • special requests;
  • booking history;
  • correspondence with us;
  • notes relevant to your stay.

Payment and transaction details

  • payment card details;
  • billing address;
  • payment status;
  • transaction references;
  • refunds;
  • deposits;
  • pre-authorisations;
  • invoices;
  • outstanding balances;
  • charges made during your stay.

Payments are taken and processed by Mews B.V. and/or its authorised payment service providers. We do not usually store full payment card details ourselves. Payment data may be tokenised, stored or processed through Mews B.V. and/or relevant payment partners so that we can secure bookings, process deposits, take payment, manage refunds, charge agreed extras and deal with no-shows, cancellations or damage charges.

Identification and security information

  • photographic identification, where requested;
  • passport or identity document details, where required by law or reasonably necessary;
  • CCTV images in public and operational areas;
  • access records;
  • incident records;
  • information required for fraud prevention, safety, legal compliance or the protection of guests, staff and the property.

Stay preferences and special requests

  • preferred room features;
  • dietary preferences;
  • accessibility requirements;
  • allergies;
  • celebration details;
  • arrival preferences;
  • communication preferences;
  • service notes relevant to your stay.

Some information, such as accessibility requirements, allergies or certain dietary information, may reveal information about health, religion or other sensitive matters. We only use this information where necessary to provide the requested service, where you have chosen to provide it, where we need to protect your vital interests, or where another lawful basis and special category condition applies.

Website and technical information

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages visited;
  • date and time of visit;
  • referral source;
  • cookie preferences;
  • analytics information;
  • information submitted through forms.

Marketing and communication information

  • name;
  • email address;
  • telephone number;
  • marketing preferences;
  • newsletter sign-up details;
  • records of consent;
  • records of emails sent to you;
  • whether you have opened or interacted with marketing communications.

Recruitment information

  • CV and application details;
  • employment history;
  • qualifications;
  • right-to-work information;
  • references;
  • interview notes;
  • correspondence relating to the recruitment process.

This section applies only where recruitment is handled directly by Eleven Royal Terrace. If recruitment is handled by another company, their privacy information may also apply.

03How we collect personal data

We may collect personal data directly from you when you:

  • make a booking;
  • use our website;
  • complete an online form;
  • contact us by email, telephone, post, social media or messaging service;
  • check in or stay with us;
  • make a payment;
  • sign up to marketing;
  • make a special request;
  • provide feedback or leave a review;
  • apply for a role.

We may also receive personal data from third parties, including:

  • online travel agents;
  • booking agents;
  • travel management companies;
  • corporate bookers;
  • gift voucher providers;
  • payment providers;
  • Mews B.V. and related Mews systems;
  • channel managers;
  • marketing platforms;
  • review platforms;
  • professional advisers;
  • public authorities;
  • law enforcement agencies, where appropriate.

04How and why we use your personal data

We use personal data only where we have a lawful basis to do so. The main lawful bases we rely on are:

  • contract, where we need the data to provide your booking, stay or requested service;
  • legal obligation, where the law requires us to collect, retain or share information;
  • legitimate interests, where we have a fair and reasonable business reason to use the data and your rights do not override that interest;
  • consent, where you have given clear permission, such as for some marketing or non-essential cookies;
  • vital interests, where processing may be necessary to protect someone’s life or safety.

05Purposes and lawful bases

We may use your personal data for the following purposes.

Purpose
Personal data used
Lawful basis
{{ row.purpose }}
{{ row.data }}
{{ row.basis }}

06Special category data

Special category data is personal data that is more sensitive and requires extra protection. It may include information about health, disability, allergies, religion or other protected characteristics.

In a hotel context, this may arise if you tell us about:

  • accessibility requirements;
  • medical needs;
  • allergies;
  • dietary requirements linked to health or religion;
  • assistance dog requirements;
  • emergency or welfare concerns.

We will only use this information where necessary and appropriate. We use it to provide the service you have requested, to protect your health or safety, to make reasonable adjustments, or to comply with legal obligations. We ask that you only provide special category data where it is relevant to your stay or request.

07Edinburgh Visitor Levy / City Tax

Where the Edinburgh Visitor Levy, City Tax or any equivalent local accommodation levy applies, we may process personal data and booking information to calculate, collect, administer, report or evidence the charge. This may include:

  • booking dates;
  • length of stay;
  • room rate;
  • number of guests;
  • booking value;
  • applicable exemptions;
  • payment and invoice records.

We may share information with the relevant local authority, tax authority, auditor, accountant, payment provider or system provider where necessary to administer the levy, comply with legal obligations, respond to official requests or maintain accurate records.

08Mews, booking systems and payment processing

We use Mews and related systems to manage bookings, guest profiles, payments, check-in, check-out, billing, operational records and guest communications. Personal data processed through Mews may include:

  • name;
  • contact details;
  • address;
  • nationality;
  • booking details;
  • stay history;
  • guest preferences;
  • ID or passport details where applicable;
  • communications;
  • payment information;
  • technical information relating to use of guest-facing tools.

Payments are taken and processed by Mews B.V. and/or its authorised payment service providers. This allows us to secure bookings, process card payments, manage refunds, charge extras, reconcile payments and maintain accurate financial records.

Mews and its related entities may process personal data as a processor acting on our behalf, or in some cases as an independent controller for their own legal, security, payment, compliance or service purposes. You should also review the relevant Mews privacy information where you use Mews guest-facing services.

09Marketing

We may use your contact details to send marketing communications about Eleven Royal Terrace, including offers, news, events, packages or updates that may be of interest to you. We will only send marketing where we are legally permitted to do so.

You can unsubscribe from marketing at any time by:

  • using the unsubscribe link in our emails;
  • contacting us directly;
  • updating your marketing preferences, where available.

We will not sell your personal data to third parties. If we use third-party marketing platforms, they will only process your data in accordance with our instructions or their own lawful obligations.

10Service communications

Even if you opt out of marketing, we may still send you service communications relating to your booking or stay. These may include:

  • booking confirmations;
  • pre-arrival information;
  • payment links;
  • check-in details;
  • arrival instructions;
  • cancellation or amendment notices;
  • safety or operational notices;
  • post-stay invoices;
  • responses to enquiries or complaints.

These communications are not marketing and are usually necessary to provide your booking or manage our relationship with you.

11Cookies and website tracking

Our website may use cookies and similar technologies. Cookies are small files placed on your device that help a website function, remember preferences, understand usage or support marketing activity. We may use:

  • essential cookies, which are needed for the website to work properly;
  • preference cookies, which remember choices such as language or display settings;
  • analytics cookies, which help us understand how visitors use the website;
  • marketing cookies, which may help us measure or deliver advertising.

Where required, we will ask for your consent before setting non-essential cookies. You can manage or withdraw cookie consent through our cookie banner or browser settings. Further details should be set out in our Cookie Policy.

12CCTV and security

CCTV may operate in public and operational areas of the property for the safety and security of guests, staff, visitors and the building. CCTV is not used in bedrooms, bathrooms or private guest accommodation areas. CCTV may be used to:

  • prevent and detect crime;
  • protect guests, staff and property;
  • investigate incidents;
  • support insurance or legal claims;
  • respond to lawful requests from public authorities or law enforcement.

CCTV footage is retained only for as long as necessary, unless it is required for an incident, investigation, claim, legal matter or insurance purpose.

13Who we share personal data with

We may share personal data with trusted third parties where necessary and lawful. This may include:

  • Mews B.V., Mews Systems B.V. and related Mews entities;
  • payment processors and card service providers;
  • online travel agents and booking platforms;
  • channel managers and booking engine providers;
  • IT, hosting and website providers;
  • email, SMS and guest communication platforms;
  • marketing and analytics providers;
  • accountants, auditors and tax advisers;
  • legal advisers and insurers;
  • banks and financial institutions;
  • debt recovery providers, where necessary;
  • security providers;
  • maintenance contractors, where relevant to a guest request or incident;
  • recruitment providers;
  • local authorities;
  • HMRC;
  • the City of Edinburgh Council or other relevant authority for Visitor Levy / City Tax purposes;
  • police, emergency services, courts, regulators or public authorities where required or appropriate.

We only share the personal data needed for the relevant purpose.

14International transfers

Some of our service providers may process personal data outside the United Kingdom. Where personal data is transferred internationally, we will take steps to ensure that appropriate safeguards are in place. This may include adequacy regulations, standard contractual clauses, international data transfer agreements or other lawful safeguards recognised under applicable data protection law.

15How long we keep personal data

We keep personal data only for as long as necessary for the purpose for which it was collected. Retention periods vary depending on the type of data and the reason we hold it. As a guide:

  • booking and guest records may be kept for as long as needed to manage the stay, deal with queries and maintain business records;
  • financial, tax and accounting records may be kept for the period required by law or good business practice;
  • marketing records are kept until you unsubscribe, withdraw consent or the data is no longer required;
  • CCTV is usually kept for a short period unless needed for an incident, investigation, claim or legal matter;
  • complaint and incident records may be kept for as long as needed to protect our legal position;
  • recruitment records are kept only for as long as necessary for recruitment and legal purposes.

We may retain limited information after a wider deletion request where we need to comply with legal obligations, resolve disputes, prevent fraud, maintain suppression lists or establish, exercise or defend legal claims.

16How we protect personal data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include:

  • access controls;
  • password protection;
  • secure systems;
  • staff training;
  • supplier due diligence;
  • payment tokenisation;
  • data minimisation;
  • secure storage;
  • controlled access to guest records;
  • policies and procedures for handling personal data.

No system can be guaranteed as completely secure, but we take data protection seriously and work to reduce risk.

17Your rights

Under data protection law, you may have the right to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate or incomplete data;
  • ask us to delete personal data in certain circumstances;
  • ask us to restrict processing in certain circumstances;
  • object to processing based on legitimate interests;
  • object to direct marketing at any time;
  • request data portability in certain circumstances;
  • withdraw consent where processing is based on consent;
  • complain to a supervisory authority.

These rights are not absolute and may depend on the lawful basis for processing and the circumstances of your request. To exercise your rights, please contact us using the details at the end of this policy. We may need to verify your identity before responding to a request.

18Complaints

If you are unhappy with how we handle your personal data, please contact us first so that we can try to resolve the issue. You also have the right to complain to the UK Information Commissioner’s Office.

Information Commissioner’s Office
Website: ico.org.uk
Telephone: 0303 123 1113

19Third-party websites

Our website may contain links to third-party websites, booking platforms, payment pages, social media platforms or partner services. We are not responsible for the privacy practices of those third parties. You should read their privacy policies before providing personal data to them.

20Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on our website. Where changes are significant, we may take additional steps to notify guests or users where appropriate.

21Contact us

For questions about this Privacy Policy or how we use personal data, please contact:

Eleven Royal Terrace
11 Royal Terrace, Edinburgh, EH7 5AB
Email: reservations@11royalterrace.co.uk

Legal entity: Effective Hospitality Management Ltd (SC664745)
Registered address: 21a Rutland Square, Edinburgh, Scotland, EH1 2BB