At Dalata Hotel Group Limited (“Dalata”, “we”, “us”, or “our”), we are committed to treating your personal data with the utmost respect, care, and transparency. Protecting your privacy and safeguarding your personal information is central to how we operate, whether you are a guest, employee, candidate, or business partner. We collect, use, and store personal data in accordance with all applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, and the Data Protection Acts 2018 (Ireland). Our privacy notice explains how we handle your personal data, the measures we take to keep it secure, and your rights in relation to your information.
If you have any questions about how your data is processed, please contact our Data Protection Team at dataprotection@dalatahotelgroup.com
1. Introduction
This Privacy Notice applies to Dalata Hotel Group Limited, which operates two distinct hotel brands, Maldron Hotels and Clayton Hotels across the Republic of Ireland, Northern Ireland, the UK, Germany and Netherlands. We also run a collection of uniquely branded hotels such as The Gibson Hotel, The Samuel Hotel in the Docklands and, The Belvedere Hotel, and Hotel 7 in Dublin North City Centre. In addition to our hotel brands, we also have developed food and beverage brands such as the Grain and Grill and the Red Brean Roasty.
Our hotel restaurants and cafés, including the Grain & Grill and the Red Bean Café, process limited personal data such as contact details and booking information to manage reservations, process payments, and deliver dining services. This information is handled securely and in line with our overall Privacy Notice and applicable data protection laws. Marketing communications are sent only where consent has been provided, and you may withdraw consent at any time.
If you use any of our Club Vitae health and leisure centres, please note that these facilities have their own privacy notice, which can be found on the respective Club Vitae website.
This notice explains how we collect, use, share, and protect your personal data across all our different brands. Our Cookie Policy for Dalata, Clayton and Maldron is provided separately below;
- Dalata Hotel Group Cookie Policy
- Clayton Hotels Cookie Policy
- Maldron Hotels Cookie Policy
- The Gibson Hotel Cookie Policy
- The Samuel Hotel Cookie Policy
- Belvedere Hotel Dublin Cookie Policy
- Hotel 7 Dublin Cookie Policy
- Thomas Prior Hall Cookie Policy
2. What Information Do We Collect?
We collect and process the following categories of personal data, depending on your relationship with us:
- Contact & Booking Details: name, address, email, phone, reservation details.
- Stay Preferences & History: previous stays, room or service preferences, special requests.
- Payment Data: card details, billing records, non-present payment information (processed securely under PSD2/SCA).
- Communications Data: emails, voicemails, enquiries, guest messages, pre-stay upsell offers, feedback and surveys. Please note, when you leave a voicemail, your audio message will be recorded and may be automatically transcribed into text. The transcript will be sent by email to the intended recipient. Both the audio recording and the transcript are treated as personal data and processed in accordance with our data protection obligations.
- Operational Data: housekeeping and rooming lists, support tickets, incident reports, service usage.
- Loyalty & Marketing Data: membership identifiers, promotional engagement, voucher purchases and redemptions.
- Facilities & Services Data: spa, leisure and gym bookings (including relevant health information).
- Security Data: CCTV footage in public areas.
- Claims & Incident Data: accident, insurance or emergency response information.
- Recruitment Data: contact details, personal information, Visa’ cover letters and CVs. Please see our separate candidate policy.
- Other Volunteered Data: dietary or accessibility requirements, or information you choose to share with us.
3. How We Use Your Information
We process your information for a range of purposes that enable us to provide our services, comply with legal obligations, and improve your experience. These purposes fall into the categories set out below.
|
Purpose Category |
Examples of Processing |
Legal Basis |
Retention |
|
Guest Reservations & Stays |
Managing bookings, check-in/out (including online systems and pods), group rooming lists, housekeeping apps |
Performance of contract |
Stay duration + up to 7 years |
|
Payments & Financial Administration |
Collecting guest payments (including non-present payments), agent commissions, gift voucher sales |
Performance of contract / legal obligation |
Transaction + up to 7 years |
|
Guest Communication & Marketing |
Handling enquiries, in-stay messaging, pre-stay upsell emails, customer feedback surveys |
Legitimate interest / consent (where required) |
Enquiry resolved + up to 3 years (marketing data) |
|
Events & Corporate Bookings |
Meetings, conferences, catering and technical requirements |
Performance of contract |
Event duration + up to 7 years |
|
Facilities & Services |
Spa and gym bookings, leisure services (including health data) |
Performance of contract / explicit consent (health) |
Booking/membership + up to 2 years |
|
CCTV Monitoring |
Operating CCTV in hotel premises to protect guests, staff, and property (with signage displayed in monitored areas) |
Legitimate interest / legal obligation |
Typically 30 days, unless extended for investigation, legal, or insurance purposes |
|
Security & Compliance |
Fraud prevention, insurance claims, legal and regulatory obligations, emergency incident response |
Legitimate interest / legal obligation / vital interests |
7 years (claims/audit) / longer if required |
|
Analytics & Optimisation |
Analysing booking data, rate optimisation, customer data platform, reporting tools |
Legitimate interest |
Up to 3 years (identifiable); aggregated data retained longer |
|
Recruitment |
Applications, CVs, interview notes |
Performance of contract / legitimate interest |
Up to 2 years (longer if legally required) |
4. Sharing Your Information
We may share your information with:
- Booking partners, payment processors, and voucher providers.
- Service providers supporting IT systems, customer data platforms, CRM (such as Salesforce), and guest messaging tools.
- Insurers, auditors, regulators, or authorities where legally required. In certain jurisdictions, we may be required by law to collect and retain registration details for guests, such as completion of registration cards for non-resident or non-national guests. These details may be shared with relevant authorities as required by local legislation. We retain such information only for as long as necessary to comply with our legal obligations.
- Third-party contractors providing spa, gym, or other leisure services.
5. Joint Data Controller Arrangements
In certain circumstances, Dalata Hotel Group may act as a joint data controller with other entities, such as our operational partners or subsidiaries, for specific processing activities (for example, hotel bookings, invoicing, or loyalty programmes). Where joint controllership applies, we and our partners jointly determine the purposes and means of processing your personal data. You may contact either Dalata or the relevant partner to exercise your data protection rights. Further details of joint controller arrangements are available upon request.
6. International Transfers
Some of our service providers are located outside the European Economic Area (EEA), including technology and CRM partners. Where personal data is transferred internationally, we ensure it is protected by appropriate safeguards such as:
- European Commission adequacy decisions (where applicable).
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Other recognised safeguards required by law.
You may request further details of the safeguards in place by contacting us.
7. Automated Decision-Making and Profiling
We use limited automated processing to analyse booking patterns, optimise room rates, and provide pre-stay offers tailored to your interests. These activities help us deliver relevant services and improve your experience but do not produce legal or similarly significant effects.
Your Rights: You have the right to object to profiling or automated decision-making, to request human intervention, and to contest or express your views on such decisions.
8. Use of Artificial Intelligence (AI)
We may use artificial intelligence (AI) tools to support certain activities, such as analysing booking trends, assisting customer service, or improving operational efficiency. If AI is used, we will ensure that it is applied responsibly, with appropriate human oversight, and in full compliance with all applicable data protection legislation. We will not use AI in a way that produces legal or similarly significant effects without informing you and ensuring that your rights are respected.
9. Marketing and Profiling
We may use your personal data to send you marketing communications about our services, offers, and promotions, both in our own channels and through selected external partners, through email, SMS or WhatsApp messaging. We may also use cookies and similar technologies to personalise your experience and tailor marketing content to your preferences. You have the right to opt out of marketing communications at any time through the unsubscribe option in the communication channel or alternatively you can contact our data protection team at dataprotection@dalatahotelgroup.com.
10. Cookies
We use cookies and similar technologies on our websites to improve functionality, enhance your browsing experience, and tailor services to your preferences. Some cookies are essential for the site to operate, while others support analytics and marketing. For full details and to manage your preferences, please see our separate Cookie Policy.
11. Data Security & Retention
We apply technical and organisational measures to safeguard your personal information, including encryption, access restrictions, staff training, and monitoring. Retention periods are set out in the table above and are aligned with statutory and operational requirements.
12. Your Rights
Under data protection law, including the General Data Protection Regulation (GDPR), the Data Protection Act 2018 you have the following rights:
- Access: to request a copy of the personal data we hold about you.
- Rectification: to have inaccurate or incomplete information corrected.
- Erasure: to request deletion of your information, subject to legal or contractual requirements.
- Restriction: to limit the way we process your information in certain circumstances.
- Objection: to object to certain types of processing, including direct marketing, profiling, and automated decision-making.
- Not to be subject to automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. Where automated decisions are made, you may request human review, express your views, and contest the decision.
- Portability: to request transfer of your data to another service provider, where technically feasible.
- Withdraw Consent: to withdraw consent at any time where processing is based on consent.
13. Processing personal data under the Temporary Protection Directive
Dalata provides accommodation services on behalf of the Department of Justice, Home Affairs and Migration under the EU Temporary Protection Directive (2001/55/EC). As part of this arrangement, we may process limited personal information about residents staying with us through this programme, such as names and rooming details, to manage accommodation and ensure the safety and comfort of all guests
The Department of Justice is the data controller for information processed through its Procure to Pay (P2P) system. Dalata remains an independent data controller for information processed in connection with day-to-day hotel operations. For more details on how the Department handles personal data, please visit the Privacy Notice for Providers on the P2P System at gov.ie https://www.gov.ie/en/department-of-justice-home-affairs-and-migration/publications/privacy-notice-for-providers-on-p2p-system/
14. Contact Us
For any questions or to exercise your rights, please contact:
Data Protection Team
Dalata Hotel Group Limited
3 Arkle Road, Sandyford Business Park,
Dublin 18, D18 C9C5 Ireland
Email: dataprotection@dalatahotelgroup.com
We are committed to maintaining the highest standards of privacy and data protection. If you have any questions, concerns, or requests regarding your personal data or this privacy notice, please contact our Data Protection Team at dataprotection@dalatahotelgroup.com.
In the unlikely event that you wish to lodge a complaint about our handling of your data or request you can complain to The Data Protection Commissioner in Ireland, The Information Commissioners Office in the United Kingdom, the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) in Dusseldorf, the Autoriteit Persoonsgegevens (AP) in Amsterdam or to the Supervisory Authority in your country of residence.
We regularly review and update our privacy practices to ensure ongoing compliance with applicable laws and to reflect changes in our business operations. We encourage you to review this notice regularly to stay informed about how we protect your personal data. Thank you for trusting Dalata Hotel Group with your personal information.