Privacy Policy

We collect personal information in the following ways:

Information You Provide Directly

• Reservation data: name, email address, telephone number, postal address, nationality, and payment card details when you make a booking.
• Guest preferences: dietary requirements, accessibility needs, special occasion details, and room preferences you share with us.
• Communications: any messages, enquiries, or feedback you send us via our contact form, email, or telephone.
• Reviews: your name and review content when you submit a guest review on our website.

Information Collected Automatically

• Log data: your IP address, browser type, operating system, referring URL, pages visited, and timestamps when you access our website.
• Cookies and tracking technologies: session cookies, analytics cookies, and preference cookies. See Section 4 for full details.
• Device information: hardware model, operating system version, and unique device identifiers.

We use the information we collect for the following purposes:

• Reservations and guest services: to process and manage your booking, provide in-stay services, and communicate relevant information before, during, and after your visit.
• Payment processing: to authorise and process payments securely in compliance with PCI-DSS standards.
• Communications: to respond to your enquiries, send booking confirmations, pre-arrival information, and post-stay follow-ups.
• Marketing: to send promotional offers, newsletters, and hotel updates where you have consented to receive such communications. You may opt out at any time.
• Service improvement: to analyse website usage, review feedback, and improve our facilities, services, and online experience.
• Security and fraud prevention: to protect our guests, staff, and property, and to detect and prevent fraudulent activity.
• Legal compliance: to meet our obligations under applicable laws and regulations in Sri Lanka and internationally.

We process your personal data under the following legal grounds:

• Contractual necessity: processing required to fulfil your reservation and provide the services you have requested.
• Legitimate interests: improving our website and services, ensuring security, and communicating with previous guests about relevant offers where these interests are not overridden by your privacy rights.
• Consent: marketing communications and non-essential cookies, where you have provided explicit consent.
• Legal obligation: retaining financial and booking records as required by Sri Lankan tax and hospitality regulations.

Our website uses cookies small text files stored on your device to enhance functionality and improve your experience. We use the following types of cookies:

• Essential cookies: necessary for the website to function correctly, including session management and security tokens. These cannot be disabled.
• Functional cookies: remember your preferences (e.g., language, currency) to personalise your experience across visits.
• Analytics cookies: provided by third-party services (including Google Analytics) to help us understand how visitors use our website, which pages are most popular, and where we can improve.
• Marketing cookies: used to deliver relevant advertisements on third-party platforms if you have opted in to marketing communications.

You may manage or withdraw your cookie consent at any time via your browser settings. Please note that disabling certain cookies may affect the functionality of this website.

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

• Service providers: trusted third-party companies who assist us in operating our website and delivering services (e.g., payment processors, cloud hosting providers, email delivery services). These parties are contractually bound to process data only on our instructions and in compliance with applicable law.
• Booking platforms: if your reservation was made through a third-party booking channel (e.g., Booking.com, Expedia), certain data may be shared with that platform as necessary to fulfil the reservation.
• Legal authorities: where required by law, court order, or governmental authority, we may disclose personal information to relevant authorities.
• Business transfers: in the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to equivalent privacy protections.

We retain your personal information only for as long as is necessary to fulfil the purposes outlined in this policy, or as required by law:

• Reservation records: retained for a minimum of 7 years to comply with Sri Lankan financial and tax regulations.
• Contact and enquiry data: retained for up to 2 years after our last interaction.
• Marketing consent records: retained until you withdraw your consent or for 3 years following your last engagement, whichever is earlier.
• Website analytics data: retained in anonymised or aggregated form and may be kept indefinitely for statistical purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: to request a copy of the personal information we hold about you.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of your personal data where there is no overriding legal ground for its retention.
• Right to restrict processing: to request that we limit how we use your data in certain circumstances.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to object: to object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: to withdraw previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer at . We will respond within 30 days of receiving your request.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted between your browser and our website.
• PCI-DSS compliant payment processing we do not store raw payment card data on our servers.
• Access controls ensuring that only authorised staff members can access personal guest data.
• Regular security audits and system updates.

While we strive to protect your personal information, no method of transmission over the internet is entirely secure. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorised use of your account.

Our website and services are not directed to children under the age of 18. We do not knowingly collect personal information from minors. If you believe that a child has provided us with personal data without parental consent, please contact us immediately at info@SKYHOTEL.com and we will take steps to delete such information promptly.

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via a prominent notice on our website. We encourage you to review this policy periodically to remain informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• SKY HOTEL NUWARAELIYA
• 123 Lake Drive, Nuwara Eliya, Sri Lanka
• info@SKYHOTEL.com
• +94 81 223 4567