Your privacy is very important to us at Greatville Hotels. This Privacy Policy explains what personal information we collect from our guests and website users, how we use and protect that information, and your rights regarding your data. We are committed to handling your personal data in accordance with applicable laws, including the Nigeria Data Protection Regulation (NDPR) 2019 and relevant international data protection laws.

Information We Collect

Personal Information for Bookings: When you make a reservation or register on our site, we collect information necessary to process your booking. This may include your name, email address, phone number, home address, and payment details (e.g., credit card information). We may also record your government‑issued ID details at check‑in as required by law for guest registration (such as ID number or passport number). Additionally, during your stay we keep records of your room preferences or special requests (e.g., non‑smoking room, preferred bed type, etc.) to better serve you.

Information from Third Parties: If you book our hotel through a third‑party travel agency or online booking platform, that third party may send us your personal details (name, contact, booking details) in order to confirm your reservation. We treat any information received from third‑party booking sources with the same care as data collected directly on our site. We may also receive information if you use social media or other services to log into our website (to the extent you have consented to share it with us).

Website Usage Data: When you visit our website, we automatically collect certain technical information using cookies and similar tracking technologies. This can include your IP address, browser type, device information, pages viewed on our site, the time and date of your visits, and the referring URL (the webpage that led you to our site). This data does not directly identify you by name, but it may be considered personal data in some jurisdictions (e.g., IP addresses).

Cookies: Cookies are small data files stored on your browser. Our website uses cookies to enhance user experience and gather analytics data. For example, cookies help remember your preferences (such as language or currency selection) and help us understand how users navigate our site. Some cookies are necessary for the site to function (e.g., for logging in or booking engine), while others are optional analytics or advertising cookies.

Analytics Tools: We use third‑party analytics tools such as Google Analytics to collect information about website usage. Google Analytics may set its own cookies or use other identifiers to collect information like how often users visit the site, what pages they visit, and what site referred them to ours. This helps us analyze web traffic and improve our website and services. The data Google Analytics collects is generally aggregated and anonymized; it does not identify you personally to us. (Google’s ability to use and share information collected by Google Analytics about your visits to our site is restricted by the Google Analytics Terms of Use and Privacy Policy. You can learn more in Google’s Privacy Statement.)

Payment Information: If you make a payment on our website, you will provide payment details (credit card number, expiration date, etc.). Importantly, we do not store your full credit card information on our servers. Online payments are processed securely through our payment providers (such as Flutterwave or Paystack, and their global partners). Your sensitive payment data is encrypted and transmitted directly to the payment gateway for processing. We only retain non‑sensitive details like the transaction ID or card type, which are needed for reference. For in‑person payments, card transactions are handled via secure POS terminals and we do not keep card numbers on file without your consent.

Other Interactions: If you contact us via email, phone, or contact forms (for example, sending an inquiry or feedback), we will collect whatever information you choose to provide in that communication (such as your name, email address, and the content of your message). If you subscribe to a newsletter or marketing communications (when available), we will collect your email address and any preferences you indicate.

How We Use Your Information

We use the collected information for various legitimate business purposes in accordance with your bookings and use of our services.

The main uses include:

To Process Reservations and Provide Services: We use your personal information to process and confirm your hotel bookings, take payments, and provide the services you have requested. For example, we use your name and ID to register you at check‑in, your contact information to send booking confirmations or notify you of any changes, and your payment information to secure your reservation and settle your bill. If you have special requests or preferences, we note those to personalize your stay (such as setting up an airport pickup or arranging the correct room type).

Communication: We may use your contact details (email or phone) to communicate with you about your reservation and stay. This includes sending pre‑arrival information, check‑in instructions, or responding to inquiries you make. After your stay, we might email you to request feedback or reviews about your experience. We do not send marketing emails unless you have explicitly subscribed or agreed to receive them. If you do subscribe to our newsletter or promotional updates, we may occasionally send you information about special offers, new services, or events at Greatville Hotels that we think may interest you. You always have the option to opt‑out of marketing communications (see Your Rights below).

Improvement of Services and Website: The usage data and analytics we collect help us understand how our website is used and how we can improve it. For example, analyzing which pages are most visited or where users spend more time guides us in optimizing our site navigation or content. We may also use feedback from guest surveys or reviews to improve our hotel facilities and customer service. Overall, this helps us enhance our products, services, and the overall user experience for future visits.

Security and Fraud Prevention: We may use personal information as necessary to protect the security of our guests, staff, and property. For instance, ID verification at check‑in ensures the legitimacy of guests. We also maintain CCTV security cameras in some public areas of the hotel for safety – these may incidentally capture footage of guests in those areas (CCTV footage is used solely for security monitoring and incident investigation). Your information may be used to prevent or detect fraud and other illegal activities. For example, in processing payments we might use tools to detect fraudulent transactions. If an incident occurs (such as damage to property or a safety concern), we might use personal details (including CCTV or registration info) to investigate and address the issue.

Legal Compliance: We may process and retain your data to comply with legal obligations. For example, Nigerian regulations may require us to keep a guest register with identity information, or financial laws may require we keep records of transactions. If law enforcement or regulatory authorities lawfully request guest information, we may provide it as required by law. Also, in rare cases, we might use or disclose personal data to enforce our Terms & Conditions, to pursue any available legal remedies, or defend against legal claims.

Other Purposes with Consent: If we intend to use your information for any purpose not outlined above, we will explain at the time of collection and, if required, request your consent. We will not sell or rent your personal information to third‑party marketers. We also do not use your data for any automated decision‑making or profiling that produces legal effects concerning you.

How We Share Your Information

Greatville Hotels respects your privacy and treats your personal information with care. We do not sell or trade your personal data to unrelated third parties for their own marketing use. However, in order to serve you and run our operations, we may share information in these limited scenarios:

Service Providers (Processors): We share necessary information with trusted third‑party service providers who perform functions on our behalf. These include:

Payment Processors: As mentioned, when you provide payment details, those are transmitted to our payment gateway partners (e.g., Flutterwave, Paystack, or banking institutions) to process the transaction. They receive the necessary billing information to authorize and complete the payment. These entities are required to keep your information secure and use it only for the purpose of processing the transaction.

Email and IT Services: We may use third‑party platforms for sending confirmation emails, storing booking data, or hosting our website. For instance, if our booking engine or database is powered by a third‑party software provider, your booking details will be stored on their servers. We ensure that such providers are also bound by confidentiality and data protection obligations. They are not allowed to use your data for anything other than providing services to Greatville Hotels.

Analytics and Cookies: As noted, we use Google Analytics which will process usage data about our site. Google may receive certain info (like your IP, device info) in the process. However, this information is anonymized and used in aggregate form for analytics – it is not tied to your personal identity in our systems.

Other Providers: We may also share data with service providers like our SMS gateway (if we send text updates), cloud storage or backup services for our records, or customer support software if you interact with an online chat or support system.

These third parties are essentially extensions of our team, and we have agreements in place to ensure they protect your data.

Within Our Hotel Group: Currently Greatville Hotels in Lagos operates as a single entity. If in the future we open or affiliate with other hotels (under the Greatville brand or as sister properties), your information might be shared between these affiliated entities for coordinated services. For example, if you have a loyalty account or you want to make a booking at a future Greatville hotel in another city, we may transfer the necessary details to that property. Any such affiliated hotels will uphold the same privacy standards. (If this happens, we will update this policy accordingly.)

Legal Requirements and Protection: We may disclose personal information when required by law or if reasonably necessary to: comply with a legal process (such as a court order or subpoena), respond to government or law enforcement requests, or enforce our policies. We may also share information if disclosure is necessary to protect the rights, property, or safety of Greatville Hotels, our employees, our guests, or the public. For example, providing guest information to authorities for public health contact tracing, or sharing details with law enforcement in case of criminal activity on the premises.

Business Transfers: If Greatville Hotels undergoes a business transaction such as a merger, acquisition by another company, or sale of assets, your personal data might be part of the assets transferred. Should this happen, we will ensure the new owner continues to handle your data according to a privacy policy at least as protective as this one. We would also notify you (for example, by posting a notice on our website or via email) of any such change in ownership or data use.

Importantly, any third parties with whom we share data for the above reasons either (a) get no more information than is necessary for them to perform their specific task, and (b) are contractually obligated to keep your information confidential and secure.

Data Security and Storage

We take appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards: We use encryption protocols for data transfer (our website and booking forms are served over HTTPS, which encrypts data in transit). Sensitive information (like passwords or credit card numbers) is handled via secure, PCI‑compliant payment systems. Our databases and servers are protected by firewalls, anti‑malware systems, and other security software to prevent intrusion.

Organizational Measures: Only authorized personnel are allowed to access personal data, and only for permitted business functions. Our staff are trained on data protection principles and must adhere to confidentiality policies. We limit access to your information to employees who need it to perform their job (for instance, front desk staff processing check‑ins, reservation managers, accounting for billing).

Physical Security: For information maintained in physical form (like a copy of your ID or a printed registration card), we keep these documents in secure areas. The hotel’s IT equipment and records are located in controlled facilities. We also maintain CCTV surveillance in parts of our premises to deter and detect any unauthorized access or security breaches.

Payment Security: We do not store full payment card details on our systems to minimize risk. Our payment processors are PCI DSS compliant (Payment Card Industry Data Security Standard), meaning they follow strict protocols in handling card data. After a transaction, your credit card details are not retained on our web servers. Any retained data (like the last 4 digits of your card for reference, or a payment token) is protected.

Retention Period: We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, and as required by law. For example, we keep guest registration records and invoices for a certain number of years to meet legal and financial record‑keeping requirements. Web analytics data is generally retained for analytic purposes in aggregate form. If you register an account on our website, we hold your information until you delete your account or it’s inactive for a long period. For marketing mailing lists, we retain your email until you unsubscribe. We periodically review the data we have; information that is no longer needed is securely deleted or anonymized.

Despite all precautions, please note that no system is 100% secure. The Internet by its nature cannot be guaranteed to be completely secure, and therefore we cannot warrant absolute security of your data. However, we follow best practices and continually update our security measures to adapt to new threats. In the unlikely event of a data breach that might compromise your personal information, we will follow applicable laws in notifying you and the authorities, and take steps to mitigate any damage.

Your Rights and Choices

We respect your rights regarding your personal data. Under NDPR and other data protection laws, you have certain rights that you may exercise, including:

Access and Correction: You have the right to request a copy of the personal data we hold about you and to correct any inaccuracies. For instance, if you believe we have the wrong address or misspelled your name, you can ask us to correct it. Most basic profile information can also be corrected by you if you have an online account on our website.

Deletion (Right to be Forgotten): You may request that we delete your personal data. For example, if you cancel your account with us or if you withdraw your consent (in cases where consent is required for us to hold the data), you can ask that your information be erased. Do note that we might need to retain certain information for legal reasons (e.g., transaction records for accounting) and thus may not be able to fully delete those until the retention period passes. But we will inform you of what we can delete immediately and what might be retained as required by law.

Objection to Processing: You have the right to object to or restrict certain processing of your data. For example, you can opt out of marketing emails (unsubscribe) at any time – there will be an “unsubscribe” link in any promotional email, or you can contact us to remove you from the list. If we were to process data for direct marketing or profiling, you can object to that. You can also disable cookies through your browser settings if you do not want us to track your website behavior; most browsers allow you to refuse cookies or alert you when cookies are being used. Keep in mind that disabling certain cookies (especially functional ones) might affect the functionality of our site (for example, the booking engine might require cookies to remember your selections).

Data Portability: To the extent applicable, you may request a copy of the personal data you provided to us in a machine‑readable format. This primarily applies to data collected based on consent or contract (e.g., your profile data if you created an account).

Withdraw Consent: If we rely on your consent to process any personal data (for instance, use of your email for marketing), you can withdraw that consent at any time. Withdrawing consent will not affect the legality of any processing we did prior to withdrawal, but it means we will stop the specific practice going forward (e.g., stop sending marketing emails).

Lodging a Complaint: If you believe we have violated your privacy rights or any relevant data protection law, you have the right to lodge a complaint with the relevant data protection authority. In Nigeria, that would be the National Information Technology Development Agency (NITDA), which oversees NDPR compliance. We encourage you to contact us first, so we can address your concerns directly.

To exercise any of these rights, please contact us (see Contact Us section below). We may need to verify your identity (to ensure we don’t release data to the wrong person), and your request should provide enough detail for us to understand and respond. We will respond to your request within a reasonable timeframe as required by law (generally within 30 days). There is no fee for reasonable requests, though if you make repeated, excessive requests we might charge a small fee as allowed by law. Please note, if you are an international guest (for example, from the EU or UK where GDPR applies), you also have similar rights under those laws. We aim to provide the same high standard of privacy protection to all our guests, regardless of origin.

Cookies and Tracking Technologies

As mentioned, our website uses cookies to personalize and improve your experience. When you first visit, you’ll be notified about our use of cookies and given the option to accept. You can always manage cookies through your browser settings:

Necessary Cookies: These are essential for the website’s core functionality (such as keeping you logged in during a session, or remembering what dates you searched for). Without these, the site may not function properly. These cookies do not require consent as they are necessary for providing the service you requested (e.g., making a booking).

Analytics and Performance Cookies: These cookies collect information about how visitors use our site (which pages are popular, if any errors occurred, etc.). We use this data to improve site performance and design. We currently use Google Analytics, which sets cookies like _ga and _gid to track page views and user interactions. The information collected is aggregated and anonymous.

Preference Cookies: These remember choices you make, like language or region, so we can show you localized content. For example, if our site is in multiple languages, a cookie might remember that you selected English on your last visit.

Advertising Cookies: At present, we do not have third‑party ads on our site, so we do not use advertising cookies. If this changes in the future, we will update our policy and seek appropriate consent.

Managing Cookies: If you do not want cookies to be stored on your device, you can adjust your browser settings to refuse some or all cookies, or to alert you when cookies are being placed. You can also delete cookies that have already been set. Please refer to your browser’s help documentation for instructions on how to do this (common browsers include Chrome, Firefox, Safari, Edge, etc.). Keep in mind that if you disable cookies, certain features of our site (especially the booking functionality) may not work properly.

Do Not Track: Some browsers offer a “Do Not Track” (DNT) feature that lets you signal websites not to track you. Currently, our site does not respond differently to a DNT signal, in part because there is no standard interpretation of DNT in practice. We will review this as standards evolve.

By using our website without disabling cookies, you consent to our use of cookies as described here. For more details on our cookie usage, you can refer to our Cookie notice (if available) or contact us.

International Data Transfer

Greatville Hotels is based in Nigeria, and our website and databases are hosted in Nigeria (or possibly on cloud servers that could reside in other countries). If you are accessing our services from outside Nigeria, be aware that your personal data will be transferred to and stored in Nigeria (and possibly on servers located in other jurisdictions). Data protection laws in Nigeria or those other jurisdictions may not be as comprehensive as those in your country. However, we will take steps to ensure that your privacy remains protected consistent with this policy. By providing your information or using our services, you consent to the transfer of your personal data to Nigeria and other jurisdictions as necessary. We handle all data in accordance with NDPR and this Privacy Policy, regardless of where it's processed. If we ever need to transfer data to a third party or affiliate in another country, we will ensure an adequate level of protection, for example by using contracts with standard data protection clauses or transferring to countries with recognized adequacy for data protection. Our goal is to ensure your data is given the same level of security and respect internationally as it is at home.

Children’s Privacy

Our website and services are not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age without consent of a parent or guardian. If you are under 18, please do not provide any personal information to us – have a parent or guardian assist you. For example, minors should not make bookings or create accounts on our site without parental oversight. If we discover that we have inadvertently collected information from a minor under 18 without proper consent, we will delete that information. Parents or guardians who believe we might have information about their child can contact us to request deletion. For children who stay at our hotel as part of a family, we may collect minimal necessary information (such as child’s name, age) only for the purpose of making appropriate arrangements (like providing an extra bed or meal). This information is provided by the parent/guardian. We do not market to children and we do not collect more data than needed in relation to children. (Note: We comply with the U.S. Children’s Online Privacy Protection Act (COPPA) as applicable for any users under 13 on our site, even though our primary jurisdiction is Nigeria. In line with COPPA, we do not knowingly collect information from children under 13, and our site is intended for general audience or adult use.)

Links to Other Websites

Our website may contain links to external websites or services for your convenience (for example, links to local attractions, or an online travel blog, or our social media pages). Please be aware that once you leave our site or are redirected to a third‑party website or application, this Privacy Policy no longer applies. We do not control the privacy practices of other sites. We encourage you to read the privacy policies of any external websites you visit via links on our site. We are not responsible for the content or data handling of those external sites or services.

Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time, in order to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify guests through our website (and/or by email if appropriate). The “Effective Date” at the top will be updated to the latest revision date. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Continued use of our services or staying at our hotel after policy changes will signify your acceptance of the updates. If we were to materially change how we use your data (beyond what’s stated at the time of collection), we would seek your consent for the new purposes as required.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We have a designated team to handle data protection queries. You can reach us at: Greatville Hotels – Legal Office

We will be happy to assist you with any questions or issues. Your trust is important to us, and we will do our utmost to safeguard your personal information. Thank you for choosing Greatville Hotels. We look forward to welcoming you and ensuring you have a comfortable and secure experience with us!