Privacy Policy

The Golden Jubilee Conference Hotel will always be transparent with you and make sure this privacy notice is available to you on our website or in paper format where required, prior to collecting and processing your personal data.

This privacy statement explains how and why we collect and process your personal data. This relates to personal data you share directly with us – as our guests, our members, our suppliers and our booking partners. It also relates to personal data you share with third-party introducers, booking sites and group travel partners who share your data to provide you with the services that you have requested. Where a third party has shared your data with us, we expect that they have informed you about the processing and sharing of your data.

For the purpose of the Data Protection Legislation and this notice The NHS Golden Jubilee which is the brand name for the National Waiting Times Centre Board is the registered Data Controller on the Information Commissioner’s Office (ICO) website for the organisation. This means that we, the Board, are responsible for deciding how we collect and process personal data about you. Personal data is defined as any information relating to an identified or identifiable natural living person – a ‘data subject’. This privacy notice also provides information about your rights as a ‘data subject’.

The Board is registered under the name National Waiting Times Centre Board.  This registration includes the Board’s full portfolio including the Conference Hotel, Research Institute and the Centre for Sustainable Delivery. This registration also includes the Board’s partnership with NHS National Education for Scotland (NES) within NHS Scotland Academy, for NHS Golden Jubilee only data.

The Data Controller registration number on the ICO website is Z7996020.

Throughout this policy when we say ‘we’ or ‘us’ or ‘our’, we refer to the Golden Jubilee Conference Hotel. 

The Golden Jubilee Conference Hotel is part of NHS Golden Jubilee, one of the organisations which form NHS Scotland (NHSS).

We use personal information on different groups of individuals including:

  • Staff
  • Guests
  • Contractors
  • Suppliers
  • Complainants, enquirers
  • Survey Respondents
  • Individuals using our website or app
  • Individuals seeing our ads on our partners websites or our partners partners websites or apps.
  • Professional experts and consultants
  • Individuals captured by CCTV

We currently collect your personal data through a number of sources, such as:

  • When you contact us by phone, email, live chat and social media platforms, such as Facebook and Twitter
  • When you complete forms on our website
  • When you subscribe to receive our newsletter and receive information about our special offers and services
  • When you book and register as a guest in our hotel
  • When third-party partners, booking sites or travel groups share your data with us in order to book accommodation on your behalf
  • When you apply for membership of our Centre for Health and Wellbeing
  • When you visit our bar or restaurant
  • When you arrange a wedding, event or conference in our hotel
  • When you make any complaints regarding our facilities or the service you have received
  • When you use our website or app
  • When you are shown our ads on our partners websites or our partners partners websites or apps
  • Where you have been involved in any accidents or incidents in our premises
  • When we call or visit you to progress any agreements or contracts to supply us with goods or services
  • When we arrange a contract with you or when we agree to purchase products or services from each other
  • In the administration of our relationship with you
  • Through the fulfilment of our contractual obligations
  • Through CCTV Visual Imaging in areas within our property, Centre for Health & Wellbeing (including poolside), car park and outdoor areas
  • Internet IP addresses and device IDs
  • Details of interactions with our website or app
  • Details of adverts you may have been shown on our partner websites of apps and details of any interactions you may have had with them.

The means of collecting data evolves along with our business and to ensure you are kept informed of our usage. This policy will be reviewed annually unless there is a change in legislation requiring us to review the policy sooner. We are committed to ensuring that the data we collect and the process is accurate, is up to date, is appropriate, is not excessive, is not retained for longer than required and does not constitute an unwarranted invasion of your privacy.

The data we hold and process for you will depend on our relationship with you, the enquiries you have made with us, the bookings and services you have requested from us, along with the products or services we may request from you.

Typically, we may hold:

  • Names, Addresses – personal or business
  • Email address and telephone contact numbers – personal or business
  • Your company name and nature of your business where applicable
  • Details of the events, services, products or facilities you may have enquired about
  • Details of any future and previous booking(s) you may have made with us
  • Details of the events, services, products or facilities you may have taken part in or used when you visited us
  • Details of any special requirements you have informed us of
  • Details of the services and products you currently provide or have previously provided to us
  • Details of any relevant health and ability information when applying for membership with our Centre for Health & Wellbeing
  • Records of correspondence and communications with you
  • Records and detail regarding any complaints or enquiries you make to us
  • Your requests and preferences regarding marketing information and how you would wish to receive this information
  • A record of marketing emails sent to you and whether you have opened, read or clicked through to our website from them.
  • Information from other sources, such as publicly available information, industry networking information, national industry portals and records
  • Visual Imaging recorded on CCTV where you visit or access our property or grounds, including our Centre for Health & Wellbeing and poolside.

We may collect and store personal data for a number of reasons:

  • To fulfil our booking or contractual obligations and to meet agreements we have put in place with you
  • To provide you with information about products or services you have requested from us
  • To provide you with information about services, events and products we feel may be of interest to you
  • To maintain customer and administration records
  • To respond to your feedback and ideas
  • To notify you of any changes to our services
  • To verify identification where required
  • To communicate with you by post, email or phone
  • To plan and manage our property and facilities
  • To investigate and respond to any complaints you may make
  • To process financial transactions, invoicing and maintain group arrangements
  • To prevent and detect crime, fraud or corruption
  • To meet legal, regulatory, statutory and ethical responsibilities
  • To visually monitor the safety and security of data subjects in and around our property and grounds
  • For customer profiling, to help us understand what people want to do when they stay at our hotel and to keep our services, marketing and advertising, as relevant as possible
  • To analyse how people use our website and app, and interact with our adverts.

The Golden Jubilee Conference Hotel will only keep your personal data for as long as is necessary to fulfil the purposes for which it was collected, and in accordance with legal requirements under UK Company Law.

We do want to keep in touch with you, and will only do so if you have actively requested to receive information from us.  You are free to remove yourself from our lists at any time by using the unsubscribe option or by emailing

As you use our website, app and our services we share your data with partners who help us provide and improve our products and services as follows:

● Vendors and service providers: Your information is likely to be available to a greater or lesser extent to those who support our business (and their subcontractors) including:

○ Our booking engine - Travelclick
○ Our GMS (Guest Management Solutions platform) - Travelclick/ihotelier
○ Our CRM (Customer Relationship Manager) system - ACT
○ Our PMS (Property Management System) - Opera
○ Our web developers – Attacat
○ The technical infrastructure hosts (data) – Google and WPEngine
○ Our analytics and advertising providers (data including email addresses) – primarily Google and Facebook
○ Live chat partner (data) – Zendesk
○ Email provider (data) – ihotelier
○ Analytics provider (anonymous data) – e.g. Hotjar
○ Other third party service providers we may require the services of such as trainers, consultants, auditors and accountants, banking services, administration or HR services, IT systems maintenance.

In each case we seek to provide the minimum amount of information or access necessary for those third parties to fulfill their obligations to us and ultimately to you.
Where we can, we also impose strict restrictions on how our partners can use and disclose the data we provide

● Advertising partners: As previously mentioned we use the advertising services offered by the web giants including Google, Facebook, Twitter, LinkedIn, Pinterest and Amazon but primarily Google Advertising Products and Facebook Ads. Whilst each of these companies has had its fair share of criticism around privacy it is our view that because of that scrutiny, they actually now take greater care of your personal data than the sort of ad networks that many of the traditional media brands use. Further they actually provide the least irritating online adverts (no pop-ups etc). You should be aware that through the use of our site and services, data is being shared with these companies. Of particular note:
○ They will probably know you’ve been on our site and what pages etc you’ve viewed (as they do with a huge proportion of the internet) and will understand that you are transacting with us if, for example, you place an order. This allows us to purchase so called “remarketing” ads across their networks so we can encourage you to come back to our site at a later date in accordance with their terms. We deliberately limit the amount of times you will see our ads to avoid unacceptable irritation.
○ If you have given us your email address we may share it with them as part of a service they offer to allow us to buy adverts that reach people they deem to be similar to you (i.e. hopefully other people interested in growing their companies) assuming of course that you are already registered with them.

To opt-out of this data sharing, the best way is to modify your cookie preferences and then drop us an email.

To find out more about how Google and Facebook may use your data, please see the following information provided by them:

How Google uses information from sites or apps that use Google services
Facebook privacy explanation

● Non-financial third party services on our website: Our site, like most websites, includes functionality provided by third parties. A common example is an embedded YouTube video or a Facebook like button. In each case the providers of these services will likely collect data about your usage that they will use to build up your profile as you browse the web. Our site includes the following:
○ Videos (powered by YouTube and Vimeo)
○ Presentation Slides (powered by SlideShare and Google Slides)
○ Google Maps
○ Like and share buttons from
■ Twitter
■ LinkedIn
■ Facebook
■ Google
○ Zendesk (live chat)

● We will also share your personal data within the Golden Jubilee Conference Hotel where it is in our legitimate interests to do so, for the fulfilment of your booking and our contract or agreement with you.

The above lists may change from time to time. To opt-out of this data sharing the best way is to modify your cookie preferences and then send us an email.

Some of the companies in the above lists are based outside the UK. We will only transfer data internationally to organisations based in countries that have appropriate data protection regulation including, but not limited to, the US and EU.

If you cancel your booking with us or fail to turn up, we may share this information with the relevant online booking agent.

The Golden Jubilee Conference Hotel is serious about taking the appropriate measures to protect your personal data.

The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of the data you transmit to our site and we need to make you aware that any transmission is at your own risk. Where passwords are required or chosen by you to access our site or secure platforms as part of the service we provide, it is your responsibility to keep these passwords secure and confidential.

Once we have received your data, we use strict procedures and security features to prevent unauthorised access to your data.

We limit access to our property and facilities to those who require access and have a right to be there – using passes, keys and other technology. We also have a risk framework in place including the appropriate policies and procedures required to keep your data secure. All information provided by you is held on secure servers and any payment transactions will be encrypted. We apply controls and access restrictions across all of our technology platforms and review and test these at regular intervals.

Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use this data only to fulfil the service they provide to you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures.

If we pass any special category personal data onto a third party we will only do so once we have obtained your explicit consent or for the fulfilment of a contract we hold with you, unless we are legally required to do otherwise.

Whilst we are processing your personal data at the Golden Jubilee Conference Hotel, as a ‘data subject’, you have the following rights:

  • Right to be informed: You have the right to be informed about our data processing through this Privacy Notice.
  • Right of Access: By submitting a ‘Subject Access Request’, you have the right to request information about and access to a copy of the personal data held by NHS Golden Jubilee as the Data Controller.
  • Right of Rectification: Where you feel that the information we hold about you is inaccurate or incomplete, you have the right to request that we correct your personal data.
  • Right to be forgotten: When you feel we no longer need your personal data for the purpose it was obtained for or where you have withdrawn your consent to us processing your data, you have the right to ask us to delete and erase your personal data. We can refuse to do this in certain circumstances.
  • Right to restrict processing: Where you feel the personal data we are processing is inaccurate or where you feel your personal data is no longer needed but you want us to retain it for any possible future reference, you have the right to restrict our processing of your personal data.
  • Right to data portability: Where we hold data electronically about you, in certain circumstances, you have the right to ask us to provide that data in an easy to read format and to transfer this data to another organisation.
  • Right to object: You have the right to object to certain types of processing of personal data in certain circumstances although you have an absolute right to ask us to stop using your contact details to send you direct marketing.

If you submit a Subject Access Request, the Golden Jubilee Conference Hotel can confirm the data and information held about you and how we process it. If we process your personal data, you can request the following information from us:

  • Who is the person or organisation that decided how and why to process your data
  • Where applicable, the contact details of their Data Protection Officer
  • The contact details of our Data Protection Officer
  • The legal basis for processing and the purpose of the data processing
  • Where personal data is being processed based on our legitimate interests or the legitimate interests of a third party, we need to be able to confirm what these interests are
  • Which categories of personal data are collected and processed
  • Who we share your data with or disclose your data to
  • If we intend to transfer your personal data to an international organisation
  • How long we will store your data
  • Confirmation of your Data Subject Rights to ask us to correct, erase, restrict, transfer or object to processing your personal data
  • Details regarding your right to withdraw your consent at any time
  • The process to lodge a complaint with the ICO as the UK’s data protection supervisory authority
  • We will clarify if the provision of your personal data is due to a statutory or a contractual requirement
  • Where it is required to enter into a contract between us, if you are obliged to provide the personal data and any consequences possible if you fail to provide the personal data required
  • Where your data was not collected directly from you, confirmation of where your personal data was sourced from

We will normally respond to your request to access your personal data within one month from the date it is received. However, in some cases, we may need to extend this to three months. We will always write to you within one month of receiving your original request to tell you if this is the case.

A copy of your personal data is usually provided free of charge. However, we can charge a ‘reasonable fee’ where we find that the data requested is manifestly excessive or manifestly unfounded and in particular if the request is a repetitive one. We can also charge for additional copies of the personal data.

If you wish to speak to us or question anything in this notice relating to how we collect, store or process your personal data, please email us at or write to our Data Protection Officer at the Golden Jubilee Conference Hotel, Beardmore Street, Clydebank, G81 4SA.

We hope you don’t need to make a complaint about how we process your personal data or how a complaint has been handled. If you feel you do wish to complain, you have the right to complain through our Data Protection Officer as detailed above and the supervisory authority at the contact details below:

UK Data Protection Regulator, The Information Commissioner’s Office (‘ICO’), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or email

This policy was last updated in May 2022.

Cookies are small text files that are placed on your computer by websites you visit. They are widely used to make websites work more efficiently; as well as provide information to the owners of the site you are visiting.

When you arrive on our site we will only place cookies on your device that are deemed essential to the functioning of the site. You will also be asked if we can place additional cookies which are used for non-essential but useful website features to make your use of our site a better one as well as for analytics and advertising (personalised and non-personalised) purposes. We would very much appreciate it if you could consent to us using these additional cookies as ultimately they help us to offer the best service we possibly can as well as help keep costs down.

We use the following cookies:

You can modify your cookie preference at any time here:
Cookie Settings

Most web browsers allow you to control most cookies. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them,

To opt out of being tracked by Google Analytics across all websites visit

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.