Privacy Policy
Effective Date: 18-February-2025
1. Introduction
Welcome to Heritage Hotels Arua (“we,” “us,” “our”). We value your privacy and are committed to
safeguarding your personal data in accordance with applicable data protection laws in Uganda, as well as the
European Union’s General Data Protection Regulation (GDPR) where relevant.
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with us
in person, stay at our facilities, or use our website (heritagehotelsug.com).
Please read it carefully to understand our practices.
2. Scope and Applicability
This Privacy Policy applies to all personal data processed by Heritage Hotels Arua, including data collected:
- On-site at our hotels, restaurants, and other facilities.
- Through our website, emails, phone calls, or social media channels.
- Via third parties acting on our behalf (e.g., payment processors, booking platforms).
By accessing our services or providing your personal data, you agree to the practices described in this Policy.
3. Data We Collect
We collect various categories of personal data, which may include:
-
Identity Data: Title, name(s), ID/passport details, nationality, date of birth, and images
(including security camera footage).
-
Contact Data: Postal address, email address, phone number(s).
-
Booking & Transaction Data: Room bookings, event reservations, payment details, transaction records.
-
Technical & Usage Data: IP address, browser type, device identifiers, pages visited,
and other information collected via cookies or similar technologies.
-
Profile Data: Username, password (encrypted), preferences, survey responses, loyalty program data.
-
Marketing & Communications Data: Newsletter subscriptions, marketing consents, feedback forms.
-
Sensitive Personal Data (Special Categories): Health details (e.g., for spa treatments or
special accommodations), dietary requirements, or other sensitive information if you voluntarily provide it.
We make efforts to collect only the minimum necessary data. If you choose not to provide certain details,
we may be unable to fulfill your requests or provide specific services.
4. How We Collect Your Data
We collect personal data in multiple ways:
-
Direct Interactions: You may provide data by filling in forms on our website, booking rooms,
emailing us, giving us your business card, or checking in at our front desk.
-
Automated Technologies: We may automatically collect technical data about your equipment,
browsing actions, and usage patterns. This data is collected via cookies, server logs, or analytics tools.
-
Third Parties or Publicly Available Sources: We may receive personal data from analytics providers,
payment processors, or social media platforms.
5. Why We Process Your Data
We rely on the following legal bases for processing your personal data:
-
Performance of a Contract: For booking, check-in, and service provision (e.g., reserving a room,
handling payments).
-
Compliance with Legal Obligations: Maintaining records for accounting, tax, or security
(e.g., local authority requirements, Ugandan laws).
-
Legitimate Interests: Improving our services, ensuring guest safety, fraud prevention,
and securing our website.
-
Consent: Sending you marketing communications or newsletters if you opt in.
You can withdraw your consent at any time.
6. How We Use Your Data
We may use your personal data to:
- Provide hospitality services, process bookings, and manage payments.
- Communicate with you regarding reservations, inquiries, or feedback.
- Administer loyalty programs or promotional offers (if applicable).
- Improve our website, rooms, facilities, and overall guest experience.
- Send marketing communications (if you have consented) about our latest offers or news.
- Enhance security, investigate misconduct, or prevent fraud.
- Comply with local regulations and legal obligations in Uganda or abroad.
7. GDPR Compliance for EU Residents
If you are located in the European Union (EU) or European Economic Area (EEA),
the General Data Protection Regulation (GDPR) grants you additional rights:
-
Right of Access: Request a copy of the personal data we hold about you.
-
Right to Rectification: Ask us to correct any inaccurate or incomplete data.
-
Right to Erasure (“Right to Be Forgotten”): Request the deletion of your data under certain conditions.
-
Right to Restrict Processing: Ask us to limit how we use your data in certain circumstances.
-
Right to Data Portability: Receive your personal data in a structured, commonly used format.
-
Right to Object: Object to our processing of your data, including direct marketing.
-
Right to Withdraw Consent: If we rely on your consent, you may withdraw it at any time.
-
Right to Lodge a Complaint: You can file a complaint with your local data protection authority
if you believe we have infringed your rights under GDPR.
To exercise any of these rights, please contact us using the details in the “Contact Us” section below.
We will respond to your request in accordance with GDPR timelines.
8. Data Sharing & Cross-Border Transfers
-
Service Providers: We share data with trusted third parties who process data on our behalf
(e.g., booking engines, payment gateways).
-
Legal or Regulatory Disclosure: We may disclose data if required by law, court order, or
governmental regulation.
-
International Transfers: Since we are based in Uganda, your personal data may be transferred
to and stored in servers located in other countries, including outside the EU. We will take steps to ensure
an adequate level of protection for your data, such as using appropriate safeguards (e.g., contractual clauses).
9. Data Security & Retention
We implement appropriate technical and organizational measures to protect your data from unauthorized access,
alteration, disclosure, or destruction. However, no online service is completely secure. We retain your data
only as long as necessary to fulfill the purposes outlined in this policy or as required by law.
10. Cookies & Tracking Technologies
We use cookies and similar technologies to personalize content, analyze site usage, and improve user experience.
You can control or disable cookies via your browser settings, but some features of our site may not function properly
if you do so.
11. Children’s Data
Our website is not intended for children under 16, and we do not knowingly collect personal data from them online.
However, children’s images may be captured on our premises via security cameras for safety reasons.
If you believe we have inadvertently collected a child’s data, please contact us so we can delete it.
12. Your Choices & Rights
You may update your preferences for receiving marketing communications at any time by following the unsubscribe link
in our emails or by contacting us directly. If you have any questions about your data or wish to exercise your rights
(including those under GDPR), please reach out via the “Contact Us” details below.
13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory
reasons. Any significant modifications will be posted on our website with an updated “Effective Date.” Continued use
of our services after these changes indicates your acceptance of the revised policy.
14. Contact Us
For any inquiries, requests, or concerns regarding this Privacy Policy or our data practices, please contact us at:
Heritage Hotels Arua
Plot 24, Weatherhead Parklane, Arua
Tel: +256 393274611
Phone: +256 772069207
Email: info@heritagehotelsug.com
If you are in the EU/EEA, you may also contact your local data protection authority to lodge a complaint if you believe
your rights under GDPR have been violated.
By using our website and services, you acknowledge that you have read and understood this Privacy Policy.
