privacy policy


This policy is designed to meet the requirements of the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act. Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely. This privacy policy describes the type of personal information that we may collect about you when you stay at or visit our hotel or restaurant, or join a meeting or event, how we use any personal information, the circumstances in which we may share the information and the steps we take to safeguard the information to protect your privacy.

"Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number). Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.

This Customer Privacy Policy forms part of the terms and conditions that govern our hotel.


The Highlander Hotel. 2525 Highlander Place. Iowa City, IA 52245

For the purposes of the General Data Protection Regulation 2018 (GDPR) we are the Data Controller and when carrying out certain contractual responsibilities on behalf of third parties, the data processor.



At various times, we will be obliged to ask you, as a hotel customer, for information about you and/or members of your family or group, such as:

Personal data of hotel customers may be collected on a variety of occasions, including:

Hotel activities:

Transmission of information from third parties:


Data Protection says that we are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are: 

We use your information in a number of different ways, primarily to fulfil a contract and also provide excellent service to our customers.


The information below sets out in detail what we use the information we collect for:

Contact Details

Personal Information

Credit Card Number

Arrival and Departure dates

Preferences and Interests

Questions / Comments


You are entitled to request the following from The Highlander Hotel, these are called your Data Subject Rights and there is more information on these on the Information Commissioners website


Within The Highlander Hotel, in order to offer you the best service, we can share your personal data and give access to authorized employees including:

Information about our hotel guests is an important part of our business and we do not sell this information to others. The Highlander Hotel works with a number of trusted suppliers, agencies and businesses in order to provide you the high quality services you expect from us. Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay. 

Some examples of the categories of third parties with whom we share your data are:

Booking Partners: The Highlander Hotel works with a number of trusted partners who take hotel bookings and manage reservation systems on our behalf. All partners are subject to thorough security checks, and will only hold the minimum amount of personal information needed in order to fulfil the bookings you make on our behalf.

IT Companies: The Highlander Hotel work with businesses who support our website and other business systems.

Marketing Companies: We work with marketing companies who help us manage our electronic communications with you or carry out surveys and reviews on our behalf. If customers have opted-in to receiving information regarding our goods and services we may utilize a marketing company to send out such information. For further information see the ‘Keeping in touch with you’ section of this policy.

Payment Processing: The Highlander Hotel works with trusted third party payment processing providers and banks in order to securely take and manage payments.

Debt Recovery and Fraud Prevention: We release your personal information on the basis that we have a legitimate interest in preventing fraud and money laundering, when we believe release is appropriate to comply with the law; enforce or apply our contractual agreements; or protect the rights, property or safety of The Highlander Hotel or our customers. This includes exchanging information with other companies and organizations for verification of identity fraud protection, credit risk reduction and debt collection. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Local Authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.

Business Transfers: As we continue to develop our business, we might sell or buy hotels. In such transactions, hotel guest information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the customer or member consents otherwise). Also, in the unlikely event that The Bohemian Hotel or substantially all of its assets are acquired, personal information will be one of the transferred assets.

Website: To improve our platform, prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical, research or other functions on our behalf.


If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.

We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 5 years after the date it is no longer needed by us for any of the purposes listed under the ‘How we use your information’ section within this policy.

The only exceptions to this are where:


The Highlander Hotel take data security seriously, and we take appropriate technical and organizational procedures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.

Our information security policies and procedures are aligned with widely accepted international standards, we apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. To this end, we have taken technical and organizational measures.




We want to keep our customers up to date with information about special offers, benefits and improvements to our facilities and services.

When you engage with our marketing activities, either electronically on-line via website or social media for example, or in person at the hotel, we will ask you if you want to opt-in to receive this type of promotional information. If you have consented to receive marketing, you may opt out at a later date.

If you decide you do not want to receive this marketing information you have the right to ask us not to process your personal information for marketing purposes. You can request that we stop contacting you for marketing purposes by emailing, or via the unsubscribe link within any marketing Email or SMS which you receive. You may continue to receive marketing information for a short period while your request is dealt with.

The Highlander Hotel will not share your information with outside companies for their marketing purposes.

We reserve the right to contact our hotel customers as necessary to fulfil the obligations and administration of our service. We will also communicate as deemed appropriate by The Highlander Hotel in regards to any changes to the product, services and facilities of the hotel which may impact on you.


This section is designed to help you understand what cookies are, how The Highlander Hotel uses them and the choices you have in regards to their use.


Cookies are small data files that are transferred to your computer's web browser to enable our systems to recognize your browser and to collect information from your computer such as your IP address and other details about your computer which are collected by our web server, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.


Yes - Cookies are not harmful and do not contain any information such as your home address, date of birth or credit card details. The information stored in cookies is safe and anonymous to any external third party, and your account security is never compromised.

There are four main types of cookies – here’s how and why we use them:

  1. Site functionality cookies – these cookies allow you to navigate the site and use our features.
  2. Site analytics cookies – these cookies allow us to measure and analyze how our customers use the site, to improve both its functionality and your shopping experience.
  3. Customer preference cookies – when you are browsing, these cookies will remember your preferences (like your language or location), so we can make your experience as seamless as possible, and more personal to you.
  4. Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future.


Yes – To change your cookie settings, or if you want to be notified each time a cookie is about to be used, you should amend the settings provided in your web browser to prevent us from storing cookies on your computer hard drive. For information on how to have your browser notify you when you receive a new cookies and how to disable or delete cookies, please consult the "Help" tab of your browser via the menu bar.

Because cookies allow you to take advantage of some of our website’s essential features, we recommend that you leave them turned on.

Website visitors who don’t want their data used by Google Analytics can install the Google Analytics opt-out browser add-on. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. Web site visitors can also opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the google Ad Settings.


We may change or update this Privacy Policy from time to time, to reflect how we are processing your data. If we make significant changes, we will make that clear on our website, or by some other means of contact such as email, so that you are able to review the changes before you continue to use our services.


You have the right to access your personal data collected by The Bohemian Hotel and to modify it subject to applicable legal provisions. Should you need to contact us if you have any questions about this notice, would like us to stop using your information, want to exercise any of your rights as set in this Privacy Policy, or have a complaint; please email us at:

For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of two official pieces of identification, such as a driver's license or passport, along with your request.

If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the Data Privacy department as indicated above.

All requests will receive a response as swiftly as possible and in accordance with applicable law.