Skip to main content

Privacy Policy for members

You are: home > privacy policy for members

Hotel Booking Agents Association (HBAA) has appointed a Data Protection Controller (DPC) who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the Data Protection Act 1998. The Freedom of Information Act 2000 and the Protection of Freedoms Act 2012 are also relevant to parts of this policy.

Hotel Booking Agents Association (HBAA) recognises The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) adopted 27 April 2016, the two-year transition period and the application date of 25 May 2018 and is actively working towards compliance with that directive.

The General Data Protection Regulation (GDPR) aims to give you control over your data as do we.  As a company promoting privacy awareness and compliance, we at the HBAA have a Privacy Policy that aims to help you understand what data we collect, what we use it for and how you can exercise your rights

Reading our Privacy Policy is important so we hope you will give it time and attention.

Hotel Booking Agents Association (HBAA) shall be referred to as ‘the HBAA’ in this Privacy Policy.  We follow the following principles in order to protect your privacy:

  • we do not collect more information than is necessary;
  • we do not use your data for purposes other than those specified;
  • we do not keep your data if it is no longer needed;
  • we do not farm your data out to third parties.


1. Information collection, storage and tracking:

1.1. When you visit a website:

You can visit our website without giving away your personal information. By logging into the HBAA Platform we will collect the following personal information used explicitly for communication and profiling by the HBAA.

1.2. What we store:

  • Name,
  • Address,
  • Phone number,
  • Email address,
  • Job Title,
  • Organisation,
  • Profile Photo
  • Twitter handle
  • LinkedIn
  • Bio

When you apply to become either an Agency Member, Venue Partner or International Venue Partner, we collect extended details when you apply to become a member of the HBAA that are classed as ‘Personal Information’ but are not used for any other purposes than being able to fulfill the requirements expected with membership:

  • Contact Name,
  • Email Address,
  • Mobile Number,
  • DDI.

This information is not used for any additional purposes, such as to 3rd party profile those who access our website for marketing or activity tracking, the information will however be used for profiling where an application requires data necessary for all parties to carry out the ongoing performance of the agreement.

1.3. How long we store your data for:

We keep all obtained information for as long as is reasonable to carry out the role we have mutually agreed for us to undertake.

On request you are entitled to object to the retention of personal data after the contract between parties has been terminated and where there is no longer a “legitimate” reason for this data to be retained.


2. When you contact us:

While you can use our website without giving out your personal information, once you contact us or log into the HBAA platform, the HBAA collects information about you.

The information you submit will be processed and stored so that it is possible for us to contact and respond to your request, and/or allow you access to our services.

2.1. Phone Calls:

All our calls are recorded for training and compliance purposes; we do not use the data from these calls for marketing purposes but to help us fulfill the role you ask of us at that time.  Call data is ‘your data’ and as such is subject to the same rights as all other data covered under this policy.-->


3. Email Marketing

Our site features email marketing in the form of a ‘Newsletter Signup’ managed by Mailchimp.  We do not share this information with any other third parties without your explicit consent and you can unsubscribe from our newsletter at any time by either clicking the link in our.

Mailchimp is a trading name of The Rocket Science Group, registered at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

Mailchimp subscribe to the GDPR through the US Department of Commerce’s Privacy Shield framework, details of which can be found by reading their Privacy Policy here:


4. Social media and Social Media plug-ins:

​Our website features three plug-ins for easy sharing and following our social media pages: Facebook, operated by Facebook Inc; LinkedIn and Twitter.

Being on our website does not automatically result in sharing data on these social media networks. These plugins remain inactive (idle) until clicked upon. Once clicked upon, you will be taken to the said social media networks with their own specific privacy policies which we recommend your view.


5. Information Security:

The HBAA cares to ensure the security of personal data.  When the HBAA collects information about you, we also make sure that your information is protected from unauthorised access, loss, manipulation, falsification, destruction or unauthorised disclosure. This is done through appropriate technical measures including SSL certificates and authenticated logins.

The data is stored in a location with alarms, encrypted laptops, laptops tethered to desks when working off site.

The server is within the UK and managed by Port Eighty Hosting, a brand name of Moore-Wilson New Media Ltd and is the ‘Data Processor’.  As a UK company hosting the data within the UK they are bound by the EU’s GDPR rules on data management.

In the event of a data breech or data loss we will notify you within 72 hours of the breech.


6. Access to information:

You have the right to request access to the information we have on you without charge. You can do this by contacting Andrew Chalk at

We will provide you with a copy of all the data we have about you. In order to comply with your request, we may ask you to verify your identity.

We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request outside what is either deemed reasonable or outside of what we are required by law to comply with, we may charge you with an administrative fee.


7. Information Correction & Deletion:

If you believe that the information we have about you is incorrect, you are welcome to contact us so we can update it and keep your data accurate. Any data that is no longer needed for the purposes specified in Information Collection and Use will be deleted.

If at any point you wish to withdraw consent for the HBAA to keep information about you, providing the information isn’t required to be kept by law or considered of ‘legitimate interest’ and therefore necessary to maintain the terms of the agreement, you can simply contact us.-


8. When this Privacy Policy applies:

This Privacy Policy is applicable to the services offered by the HBAA directly via our website. Our website contains links to other websites.

Once redirected to another website, this Policy is no longer applicable.

This version of the Privacy Policy is effective from January 2018.

9. Changes:

We reserve the right to change this Privacy Policy. We constantly review our Privacy Policy and strive towards making it better.

The HBAA will not reduce your rights stated in this Policy without asking for explicit prior consent to the changes.

All changes to our Privacy Policy will be available on this website. You can access the previous versions of this Policy here.


10. To sum up:

In accordance with applicable law, we only collect a limited amount of information about you that is necessary for improving our service and carrying out the role we have been appointed to fulfill.

We do not use profiling, we do not sell or in any other way spread your data to third parties, we do not use your data for purposes other than those we have specified.

We also make sure that your data is stored securely. We delete all information deemed no longer necessary.

We constantly review our Privacy Policy in order to make it better and protect you more.


11. You can contact us at any time to:

  •     Request access to information that the HBAA has about you
  •     Correct any information that the HBAA has about you
  •     Delete information that the HBAA has about you

If you have any additional questions about the HBAA’s collection and storage of data, please contact Andrew Chalk:

Andrew Chalk – Data Controller
Unit 10B, Red House Yard
Gislingham Road
Thornham Magna
IP23 8HH
Company No. 03442834

11.1. The Right to complain:

As a consumer you have the right to complain or address any concerns about your data use.  If you feel your concerns have not been addressed by us you can contact the ICO (Information Commissioners Office) to raise your concerns in confidence, we would request that in the first instance you contact us.


T: 0303 123 1113


Glossary of terms


Cookies are small files or other pieces of data which are downloaded or stored on your computer or other device, that can be tied to information about your use of our website (including certain third party services and features offered as part of our website).


A device is what you use to reach our website, such as a smartphone, tablet or computer.

IP address:

Internet Protocol (IP) address is a number that is connected to your device. An IP address can be used to determine the location of your device typically within a 40km radius, thus not being an exact determination of your location. IP addresses are basically how the Internet functions.

Personal information:

Personal information is information that can identify you. This can be your name, email, contact information or other type of information that can be traced back to you.