Privacy Policy

Last Updated: 21 July 2025

1. Introduction

Welcome to Nira Caledonia. We are committed to protecting and respecting your privacy. This policy explains when and why we collect personal information about people who visit our hotel and our website, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

We are Nira Caledonia, operated by our management company, Shanti Hospitality (UK) Limited (23 Buckingham Gate, London, SW1E 6LB).

Our hotel contact details are:

  • Address: 6 & 10 Gloucester Place, Edinburgh, EH3 6EF, Scotland
  • Phone: 0131 225 2720
  • Email: info@niracaledonia.com

For the purposes of data protection law, Nira Caledonia is the "data controller".

Data Protection Lead:

  • Our lead contact for data protection is Matt Goldyn (Hotel Manager). He can be reached at matt.goldyn@niracaledonia.com.

3. What Information We Collect

We may collect, store, and use the following kinds of personal information:

  • Identity & Contact Data: Includes your full name, postal address, email address, and telephone number.
  • Booking & Financial Data: Includes your hotel or restaurant booking details (dates, preferences), and payment card information.
  • Communications Data: Includes the content of your correspondence with us via email, WhatsApp, or other communication channels.
  • Website Usage Data: Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit, and page views).
  • Marketing & Communications Data: Includes your preferences in receiving marketing from us.
  • CCTV & Audio Data: Images and audio recordings collected from CCTV systems in public areas of the hotel.
  • Guest Wi-Fi Data: Information required to provide you with access to our guest Wi-Fi service, which may include your name, email, and device information.
  • Special Category Data: On occasion, we may process health-related data if you provide it to us for accessibility or dietary requirements. We only process this with your explicit consent.

4. How We Use Your Information & Our Lawful Basis

We use your information for the following purposes, and we will only do so if we have a lawful basis:

Purpose of Processing Type of Data Lawful Basis for Processing
To manage your hotel or restaurant booking and provide our services Identity, Contact, Booking, Financial Performance of a contract with you.
To process payments Identity, Contact, Financial Performance of a contract with you.
To manage our relationship with you (e.g., responding to enquiries) Identity, Contact, Communications Legitimate interests (to provide good customer service).
For marketing communications (e.g., newsletters, special offers) Identity, Contact, Marketing Consent. You can withdraw consent at any time.
To provide Guest Wi-Fi Identity, Contact, Wi-Fi Data Performance of a contract with you.
To ensure the safety and security of our guests, staff, and property CCTV & Audio Data Legitimate interests (for security and crime prevention).
To improve our website and services Website Usage Data Legitimate interests (to develop our business).
To comply with legal or regulatory obligations Identity, Contact, Financial Compliance with a legal obligation.

 

5. Data Sharing and Third Parties

We will not sell or rent your information to third parties. We may pass your information to our trusted third-party service providers for the purposes of completing tasks and providing services to you on our behalf. These include:

Property Management & Channel Management:

  • Oracle Opera Cloud: Our central Property Management System.
  • SiteMinder: Processes bookings from Online Travel Agents (e.g., Booking.com, Expedia) and pushes this information to our PMS.
  • SynXis (by Sabre Hospitality): Processes bookings from channels such as SLH.com, Hilton, and Global Distribution Systems (GDS) and pushes this information to our PMS.

Guest Services & Communication:

  • Canary: For online and mobile check-in services.
  • Google Workspace: Our email service provider.
  • WhatsApp: For direct guest communication.

Booking Platforms:

  • Profitroom: Our direct online booking engine for hotel reservations.
  • OpenTable, Quandoo, The Fork: For restaurant reservations.

Payment & Marketing:

  • Blink, Stripe, SiteMinder Payments: For processing payments securely.
  • Revinate: Our marketing and guest communications platform.

On-site Services:

  • IT Support & Wi-Fi Providers

We only disclose the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

6. Data Retention

We will hold your personal information on our systems only for as long as is necessary for the relevant activity. Our retention periods are as follows:

  • Guest Information: Booking, contact, and financial information is retained for the current year plus five subsequent years to comply with our legal and accounting obligations.
  • CCTV Footage: CCTV and audio footage is retained for a maximum of 30 days, unless a specific incident requires longer retention for investigation purposes.

7. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • The right to be informed about our collection and use of your personal data.
  • The right of access to the personal data we hold about you.
  • The right to rectification if any personal data we hold is inaccurate or incomplete.
  • The right to erasure (the "right to be forgotten").
  • The right to restrict processing of your personal data.
  • The right to data portability allowing you to obtain and reuse your personal data for your own purposes across different services.
  • The right to object to us using your personal data for particular purposes.
  • Rights in relation to automated decision making and profiling.

If you wish to exercise any of these rights, please contact us at matt.goldyn@niracaledonia.com.

8. Security of Your Information

We take appropriate technical and organisational measures to secure your personal data and to protect it against unauthorised or unlawful use or processing, and against accidental loss, destruction, or damage.

9. International Data Transfers

While our Property Management System (Oracle Opera Cloud) stores data within the EU, some of our third-party service providers are based outside the UK and European Economic Area (EEA). For example, data may be transferred to the USA.

When we do transfer your data outside the UK/EEA, we ensure it is protected with appropriate legal safeguards. This may include relying on:

  • An "adequacy decision" from the UK Government, which confirms a country has data protection laws equivalent to our own (such as the UK Extension to the EU-U.S. Data Privacy Framework).
  • Standard Contractual Clauses (SCCs) issued by the UK's Information Commissioner, which are legally binding agreements requiring the recipient to protect the data to UK standards.

10. Right to Complain

If you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is not compliant with the law, you can complain to the Information Commissioner’s Office (ICO). Their contact details are:

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113
  • Website: https://www.ico.org.uk

11. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on our website.