Privacy Policy

This Privacy Policy explains how the Hotel collects, uses, stores, and protects personal data of guests and website users, in accordance with the General Data Protection Regulation (GDPR), the Maltese Data Protection Act (Chapter 586 of the Laws of Malta), and applicable hospitality standards.

1. Data Controller
The Hotel acts as the Data Controller for all personal data provided during the reservation process or collected through the Hotel’s website and on-site services.

2. Personal Data Collected
We may collect the following categories of personal data:

  • Identification information: full name, date of birth, nationality
  • Contact details: email address, phone number, physical address
  • Booking information: stay dates, room type, preferences, payment details (processed securely through third-party gateways)
  • Marketing preferences
  • Technical data: IP address, device information, cookies (for website users)

3. Purpose of Processing
Personal data is processed for the following purposes:

  • Managing reservations and hotel services
  • Processing payments and issuing invoices
  • Fulfilling legal obligations (e.g., guest registration records required by Maltese authorities)
  • Improving guest experience and customer service
  • Sending marketing communications, when consent has been provided
  • Maintaining website functionality and security

4. Legal Basis for Processing
We process personal data based on:

  • Contractual necessity (managing bookings and stays)
  • Legal obligations (tourism, safety, and tax requirements)
  • Legitimate interests (service improvement, security)
  • Guest consent (marketing communication, optional services)

5. Data Retention
Personal data is retained only as long as necessary for the purposes listed above:

  • Reservation records: up to 10 years for legal compliance
  • Marketing data: until consent is withdrawn
  • CCTV recordings (if applicable): retained for a limited period, typically 30 days

6. Data Sharing and Transfers
Personal data may be shared with:

  • Payment processors
  • Reservation and booking platforms (e.g., Booking.com)
  • IT service providers maintaining hotel systems
  • Public authorities when legally required

No data is transferred outside the EU/EEA unless adequate safeguards are in place.

7. Guest Rights
Guests have the following rights under GDPR:

  • Right to access personal data
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to data portability

Requests may be submitted via the Hotel’s official contact channels.

8. Security Measures
The Hotel applies appropriate technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or misuse.

9. Cookies and Website Tracking
The Hotel’s website may use essential and analytical cookies. Users can manage cookie preferences through their browser settings.

10. Updates to the Policy
This Privacy Policy may be updated periodically to reflect changes in legal requirements or hotel operations. The latest version will always be available on the Hotel’s website.

11. Contact Information
For data protection inquiries, guests may contact the Hotel via details provided on the official website.