Crowne Plaza Hotel and GDPR

Coopy666

Hi all, hoping someone could offer some words of advice.

We stayed at the above hotel in October, and we had a bad nights sleeps due to the location of the room so the hotel kindly agreed to give us 50% back.  However since we booked the room we had changed our debit card and therefore the refund was a little more tricky and we had to give them our new card details. A few weeks later the refund was issued, case closed.

However on Sunday morning we woke up to find that the hotel had taken £340 out of our account for no reason. We phoned them up and they said they didn’t know why it had happened but they would issue a refund straight away and could we let them have our card details again…..so we did. 10mins later the Crowne Plaza took another £340, so we phoned again to be told it would be resolved in 10minutes. Fast forward 2 working days and still no refund from the Crowne Plaza, staff are not interested in helping, managers are always off shift, or on holiday and no-one ever returns our calls. As this was money taken illegally what rights do we have with regards to GDPR should we go to the ICO under S170?

We have today (working days 3) got the money back via our bank and nothing that the Crowne Plaza have done to sort the situation. 

400ixl

What GDPR rules do you think have been broken?

You gave them the card details for the purpose of billing which they did. A mistake has happened which has been rectified, so what losses are you claiming for?

One of those unfortunate things that happen from time to time, no laws have been broken, frustrating as it is, don't waste your time and move on.

LightFlare

400ixl said:

What GDPR rules do you think have been broken?

You gave them the card details for the purpose of billing which they did. A mistake has happened which has been rectified, so what losses are you claiming for?

One of those unfortunate things that happen from time to time, no laws have been broken, frustrating as it is, don't waste your time and move on.

I’m reading it as they took 2x340 instead of refunded 50% of the original cost

If that’s the case - then far from rectified 

As for the GDPR - I agree, not sure they have “broken” anything

400ixl

They also say the bank has refunded them so it is rectified as far as the OP's balance is concerned.

Penguin_

I'm going to go for the person used a card machine to make the refund but didn't press the refund button, so it went through as a sale, then they (or some one else) compounded this by trying to refund but again put it through as a sale - so the 2 lots of money left your account instantly, but it wouldn't be deposited into the Crown Plaza's account immediately, it may take up to 3 days.

With that in mind, when they do a refund via the card machine the money would leave the Crown Plaza's account right away but wouldn't actually reach your account for up to 3 days.

Coopy666

Thanks for your comments, do you not think they have unlawfully used our personal data? Or recklessly or intentionally processing and handling personal data? Surely our card details should have been kept secure after the refund so why 6 weeks later do they have the right to take £680 out of our account? If I took £680 out of the Crowne Plazas bank account without approval surely I would be arrested?

Penguin_

They haven't unlawfully used your personal data, you gave them the new card details.

It is unfortunate that they processed the refund as a sale, twice, but that's all it really is. 

Coopy666

Penguin_ said:

I'm going to go for the person used a card machine to make the refund but didn't press the refund button, so it went through as a sale, then they (or some one else) compounded this by trying to refund but again put it through as a sale - so the 2 lots of money left your account instantly, but it wouldn't be deposited into the Crown Plaza's account immediately, it may take up to 3 days.

With that in mind, when they do a refund via the card machine the money would leave the Crown Plaza's account right away but wouldn't actually reach your account for up to 3 days.

But the refund was 6 weeks ago, why would they have the right to take £680 out of our account one morning when we haven’t booked anything? Why do they still have our card details?

p00hsticks

Penguin_ said:

It is unfortunate that they processed the refund as a sale, twice, but that's all it really is. 

I'm not sure why people are saying it was the refund that was incorrectly processed ?

The OP says that the refund was correctly issued after supplying the hotel with the new card details, and it's only now,  several weeks later that these additional debits have suddenly started appearing ..... so not necessarily related to the refund transaction at all, other than that's how the hotel got the card details.....

TheSpectator

Coopy666 said:

Penguin_ said:

I'm going to go for the person used a card machine to make the refund but didn't press the refund button, so it went through as a sale, then they (or some one else) compounded this by trying to refund but again put it through as a sale - so the 2 lots of money left your account instantly, but it wouldn't be deposited into the Crown Plaza's account immediately, it may take up to 3 days.

With that in mind, when they do a refund via the card machine the money would leave the Crown Plaza's account right away but wouldn't actually reach your account for up to 3 days.

But the refund was 6 weeks ago, why would they have the right to take £680 out of our account one morning when we haven’t booked anything? Why do they still have our card details?

Think you need to do some research as to what a GDPR breach is. Certainly not your situation.

Coopy666

TheSpectator said:

Coopy666 said:

Penguin_ said:

I'm going to go for the person used a card machine to make the refund but didn't press the refund button, so it went through as a sale, then they (or some one else) compounded this by trying to refund but again put it through as a sale - so the 2 lots of money left your account instantly, but it wouldn't be deposited into the Crown Plaza's account immediately, it may take up to 3 days.

With that in mind, when they do a refund via the card machine the money would leave the Crown Plaza's account right away but wouldn't actually reach your account for up to 3 days.

But the refund was 6 weeks ago, why would they have the right to take £680 out of our account one morning when we haven’t booked anything? Why do they still have our card details?

Think you need to do some research as to what a GDPR breach is. Certainly not your situation.

• Personal data

  Any information that can be used to identify an individual, such as names, email addresses, location data, and more 

Data processing

Any action performed on personal data, such as collecting, recording, storing, using, and erasing 

Data subject

The person whose data is being processed 

Data controller

The person or organization that decides how and why personal data is processed 

Data processor

A third party that processes personal data on behalf of the data controller 

Principles

The GDPR's principles include lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability 

The GDPR defines "processing" as any operation performed on personal data, whether automated or manual. It also defines "restriction of processing" as the act of marking stored personal data to limit its future processing. 

What are the 7 principles of GDPR?

Lawfulness, fairness, and transparency; ▪ Purpose limitation; ▪ Data minimisation; ▪ Accuracy; ▪ Storage limitation; ▪ Integrity and confidentiality; and ▪ Accountability.