Privacy Policy
How we collect, use, protect, and manage your personal information
Effective Date: 1 April, 2026
Regal Empire Luxury Hotel (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website (regalempireluxuryhotel.com), make a booking via WooCommerce, or stay at our hotel. It also explains your rights regarding your personal data under applicable Nigerian law, including the Nigeria Data Protection Act (NDPA) 2023.
1. Who We Are (Data Controller)
|
Business Name |
Regal Empire Luxury Hotel |
|
Address |
KM 132 Auchi-Okene Expressway, Auchi, Edo State, Nigeria |
|
|
info@regalempire.org |
|
Phone |
07050257165 | 09120830385 |
|
Role |
Data Controller — we determine the purposes and means of processing your personal data |
2. What Personal Data We Collect
a. Information you provide directly:
- Full name, email address, phone number, and home address (collected at booking and check-in).
- Government-issued ID details (passport, national ID, driver’s licence) — collected at check-in as required by Nigerian law.
- Payment details — credit/debit card information is collected and processed by GlobalPay by Zenith Bank. We do not store your full card details on our systems.
- Special requests, preferences, or health-related needs (e.g., dietary requirements, disability access needs) you voluntarily share.
- Communications you send to us via email, phone, or contact forms.
b. Information collected automatically (website):
- IP address, browser type, device type, and operating system.
- Pages visited, time spent on the website, and referral source.
- WooCommerce order history and cart data.
- Cookies and tracking data — see Section 8.
c. Information collected during your stay:
- Check-in and check-out dates and times.
- Room number, room charges, and service usage.
- Incident reports or complaints raised during your stay.
- CCTV footage — for security purposes in public areas of the hotel.
3. How We Use Your Personal Data
We use your personal data for the following purposes:
|
Booking & reservations |
To confirm, manage, and administer your room booking via WooCommerce. |
|
Payment processing |
To process payments securely via GlobalPay by Zenith Bank. |
|
Guest services |
To personalise your stay, fulfil special requests, and communicate with you. |
|
Legal compliance |
To meet our obligations under Nigerian law (ID verification, tax records). |
|
Security |
CCTV monitoring in public areas to protect guests and hotel property. |
|
Marketing (with consent) |
To send you promotional offers, newsletters, or event updates — only if you opt in. |
|
Website improvement |
To analyse how guests use our website and improve user experience. |
|
Dispute resolution |
To investigate complaints, process refunds, or resolve disputes. |
4. Legal Basis for Processing
We process your personal data on the following legal bases under the Nigeria Data Protection Act (NDPA) 2023:
- Contract performance — processing necessary to fulfil your booking and stay.
- Legal obligation — ID verification and record-keeping as required by Nigerian law.
- Legitimate interests — security monitoring, fraud prevention, and service improvement.
- Consent — for marketing communications and non-essential cookies (you may withdraw consent at any time).
5. How We Share Your Data
We do not sell your personal data. We may share your data with:
- GlobalPay by Zenith Bank — to process your online payment securely. Their privacy policy governs data processed on their platform.
- WooCommerce / WordPress hosting provider — to operate our booking platform.
- Government and regulatory authorities — where required by Nigerian law (e.g., immigration, tax authorities, law enforcement).
- Hotel operational staff — only those who need access to deliver your services.
- Third-party service providers (e.g., email marketing, analytics) — under strict data processing agreements.
We require all third parties to maintain appropriate security for your data and prohibit them from using it for their own purposes.
6. Data Retention
Booking records
7 years (Nigerian tax and business record obligations)
Guest ID copies
12 months from check-out date, then securely destroyed
Payment records
7 years (financial regulation compliance)
CCTV footage
30 days, then automatically overwritten unless an incident is under investigation
Marketing data
Until you unsubscribe or withdraw consent
Website analytics
26 months (anonymised after 12 months)
7. Your Rights Under the NDPA 2023
As a data subject under the Nigeria Data Protection Act 2023, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your personal data (subject to legal retention obligations).
- Right to restriction — request that we limit how we use your data in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent — withdraw marketing or cookie consent at any time without penalty.
To exercise any of these rights, contact us at info@regalempire.org or call 07050257165. We will respond within 30 days.
8. Cookies
Our website uses cookies to improve functionality and user experience. Cookies are small data files placed on your device. We use:
Essential cookies
Required for WooCommerce checkout and website functionality. Cannot be disabled.
Analytics cookies
Track how visitors use our website (e.g., Google Analytics). Anonymised where possible.
Marketing cookies
Used to serve relevant promotional content. Only active with your consent.
You can manage cookie preferences via your browser settings or our cookie consent banner. Disabling non-essential cookies will not affect your ability to browse or book.
9. Payment Security (GlobalPay by Zenith Bank)
All online payments are processed via GlobalPay by Zenith Bank, a PCI-DSS compliant payment gateway. Your card details are entered directly into Zenith Bank’s secure environment and are not transmitted to or stored by Regal Empire Luxury Hotel. We strongly advise you never to share card details via email or phone unless you initiated the call to our verified hotel number.
10. Data Security
We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, loss, destruction, or alteration, including:
- SSL/TLS encryption on regalempireluxuryhotel.com.
- Restricted access to guest data on a need-to-know basis.
- Secure storage and disposal of physical ID documents.
- Regular review of our data security practices.
Despite these measures, no data transmission over the internet is 100% secure. If you believe your data has been compromised, contact us immediately.
11. Children’s Privacy
Our website and booking platform are not directed at children under the age of 18. We do not knowingly collect personal data from children. Where a child is included in a family booking, only the responsible adult’s data is processed.
12. International Transfers
Your data is primarily processed and stored within Nigeria. Where third-party service providers (e.g., WooCommerce, cloud hosting) may process data outside Nigeria, we ensure appropriate safeguards are in place in compliance with the NDPA 2023.
13. Policy Updates
We may update this Privacy Policy from time to time. Any changes will be published on regalempireluxuryhotel.com with an updated effective date. We encourage you to review this policy periodically.
14. Contact & Complaints
If you have questions, concerns, or wish to exercise your data rights, contact our Data Privacy Officer:
Name
Data Privacy Officer — Regal Empire Luxury Hotel
Email
info@regalempire.org
Phone
07050257165 | 09120830385
Address
KM 132 Auchi-Okene Expressway, Auchi, Edo State, Nigeria
If you are not satisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.