Privacy & GDPR Policy
At SML Hospitality Ltd., we take privacy and data protection seriously. We are committed to protecting the personal data of our employees, customers, suppliers, and any other parties we interact with, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
​
This policy sets out how we collect, process, store, and protect personal data. It also outlines the rights of individuals whose personal data we process, as well as our obligations as a data controller.
​
-
Data collection and processing
We only collect personal data that is necessary for the purposes for which it is processed. We will always inform individuals of the purpose of the processing and ensure that we have a lawful basis for the processing.
The personal data we collect may include:
-
Contact details, such as name, address, phone number, and email address.
-
Identification information, such as passport or ID card details.
-
Financial information, such as bank account details and credit card information.
-
Information about an individual's stay with us, including dates of stay and room preferences.
-
Information about an individual's dietary requirements, allergies, and other preferences.
-
CCTV footage recorded on our premises.
We will never collect or process any sensitive personal data (such as health information, race, ethnicity, religion, or sexual orientation) without explicit consent or a lawful basis for doing so.
​
2. Data storage and protection
We store personal data securely and take appropriate measures to protect it against accidental or unlawful destruction, alteration, disclosure, or access. We have implemented technical and organizational measures to ensure the security of personal data, including:
-
Access controls to ensure that only authorized personnel have access to personal data.
-
Encryption of personal data in transit and at rest.
-
Regular testing and monitoring of our security measures.
We will only store personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
​
3. Data sharing and transfers
We may share personal data with third-party service providers who process personal data on our behalf, such as payment processors, IT service providers, and marketing agencies. We will ensure that any third-party service provider we work with has appropriate security measures in place and processes personal data in accordance with applicable data protection laws.
We may transfer personal data to countries outside the European Economic Area (EEA) where necessary for the purposes for which it was collected, such as to process a payment or to provide a service. We will ensure that appropriate safeguards are in place to protect personal data when transferred outside the EEA.