Privacy Policy
At Okawati Hotel, accessible via okawatihotel.com, we are committed to safeguarding the privacy and personal data of every individual who visits our website, interacts with our services, or communicates with us. This Privacy Policy outlines how we collect, use, disclose, transfer, and protect your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Your trust matters to us, and we are committed to upholding the highest standards of privacy and security.
1. Scope of Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and others who access okawatihotel.com or interact with our hospitality-related services through the website or by other means. For the purposes of the GDPR, Okawati Hotel is the “Data Controller,” responsible for determining the purposes and means of processing your personal data. For CCPA purposes, we act as a “Business” with respect to the personal data we collect.
2. Categories of Personal Data We Process
We may process the following categories of personal data:
a. Usage Data
Includes information such as your IP address, browser type and version, time zone settings, operating system, referring website URLs, access times, and your activity on the website including pages visited and session durations.
b. Account Data
Includes your full name, billing and shipping address, email address, and phone number provided when creating an account or making a reservation.
c. Profile Data
Includes your booking history, travel preferences, dietary or accessibility requirements, feedback, and behavioral patterns during your stay or website interaction.
d. Communication Data
Includes information in your correspondence with us, such as queries submitted through customer support and any follow-up communications.
e. Technical Data
Includes details related to your device, such as device identifier, hardware model, operating system version, browser plugins, and network information.
f. Transaction Data
Includes reservation details, payment methods, payment confirmations, check-in/check-out timing, accommodation type, and delivery instructions related to services rendered.
g. Preference Data
Includes marketing consents, opt-in or opt-out choices, and your expressed interests in services, promotions, newsletters, or features provided by Okawati Hotel.
3. Legal Bases for Processing
We process your personal data under one or more of the following lawful grounds:
– Performance of Contract: To fulfill obligations arising from contractual agreements (e.g., room reservations).
– Consent: Where you have actively provided consent, such as subscribing to our newsletters or accepting cookies.
– Legitimate Interests: To improve our services, provide customer support, and maintain a secure online environment.
– Legal Obligations: Where necessary to comply with laws, court orders, or regulatory requirements.
4. Your Rights
Under the GDPR and applicable privacy laws, you are entitled to the following rights regarding your personal data:
– Right of Access: You have the right to request confirmation of the personal data we process about you and obtain a copy.
– Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
– Right to Erasure: You can request the deletion of your personal data where legally applicable.
– Right to Restriction of Processing: You may request a temporary halt to processing under specific circumstances.
– Right to Data Portability: You can request a structured, commonly used, machine-readable copy of your personal data.
– Right to Object: You can object to the processing of your personal data on grounds relating to your situation.
To exercise any of the rights outlined above, please contact us at [email protected].
5. Security Measures
We implement a range of technical and organizational safeguards to ensure the confidentiality, integrity, and availability of your personal data, including but not limited to:
– Industry-standard encryption protocols during data transmission
– Role-based access controls and authentication mechanisms
– Regular security audits and vulnerability assessments
– Secure backup and disaster recovery systems
– Staff training on data protection principles and incident handling procedures
6. International Data Transfers
Where your personal data is transferred outside the European Economic Area or California, we ensure such transfers comply with applicable data protection regulations. This may include employing appropriate contractual safeguards, such as Standard Contractual Clauses approved by the European Commission, or relying on adequacy decisions recognizing third countries with adequate levels of protection.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this Policy. Specific retention periods include:
– Reservation & Transaction Data: Up to 7 years for accounting and legal compliance.
– Profile and Preference Data: 3 years from last interaction, unless consent is renewed.
– Communication and Support Records: Up to 2 years post-resolution.
– Marketing Consent Records: For the duration of the subscription and up to 1 year thereafter for recordkeeping.
After such periods, data is securely deleted or anonymized.
8. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience and analyze site performance. Cookies deployed include:
– Essential Cookies: Required for core site functionality (e.g., sessions, authentication).
– Functional Cookies: Enable features like saving user preferences.
– Analytics Cookies: Collect usage and performance data (e.g., page views, bounce rates).
– Performance Cookies: Monitor site responsiveness and crash reports.
9. Cookie Management & Compliance
You may control cookie preferences through the banner displayed upon your first visit to okawatihotel.com. You can update your consent settings or revoke consent at any time. Most browsers also enable you to manage cookies through their settings interface. We honor “Do Not Track” signals where applicable and required under the CCPA and GDPR.
10. Children’s Privacy
We do not knowingly collect, solicit, or store personal data from children under the age of 13. If we learn that a child under 13 has provided us personal data without verifiable parental consent, we will promptly delete such information. Parents or guardians with concerns should contact us directly at [email protected].
11. Policy Updates
We reserve the right to revise this Privacy Policy to reflect changes in legal, regulatory, or operational requirements. Any significant changes will be communicated via our website or sent to users who have opted in for such notifications. Reviewing this Policy periodically is recommended to stay informed about how we protect your data.
12. Contact
If you have any questions, concerns, or requests relating to this Privacy Policy or the personal data we process, please contact us at:
Okawati Hotel
Email: [email protected]
Website: https://okawatihotel.com
We remain dedicated to complying with all applicable data protection regulations and fostering a privacy-first digital presence where your rights are respected and protected.