China City Hotel

Mail Address : info@cch.co.ke

Call No. : +254 717 955 555

Privacy Policy

China City Hotel – Comprehensive Privacy Policy

1. Introduction

China City Hotel (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data in compliance with:

  • Kenya’s Data Protection Act (2019)
  • General Data Protection Regulation (GDPR) for EU guests
  • Other applicable data protection laws

This detailed privacy policy explains how we collect, use, disclose, transfer, and store your information when you:

  • Visit our website (www.cch.co.ke)
  • Make reservations
  • Stay at our hotel
  • Participate in our loyalty programs
  • Interact with our staff or services

2. Information We Collect

2.1 Personal Information

We may collect:

  • Full name and title
  • Contact details (email, phone number, address)
  • Identification documents (passport, national ID, driver’s license)
  • Payment information (credit card details, mobile money)
  • Demographic information (age, nationality, gender for statistical purposes)
  • Travel itinerary and booking details
  • CCTV footage in public areas (for security purposes)
  • Vehicle registration details (for parking services)

2.2 Sensitive Personal Data

In limited circumstances, we may collect:

  • Health information (for accessibility requirements or medical emergencies)
  • Dietary restrictions (for catering services)
  • Religious preferences (for special arrangements)

2.3 Automated Collection

Through our website and systems, we collect:

  • IP addresses and device information
  • Browser type and version
  • Pages visited and time spent
  • Cookies and tracking technologies (see Section 7)

3. How We Use Your Information

3.1 Primary Purposes

  • Processing reservations and managing stays
  • Processing payments and preventing fraud
  • Providing personalized services
  • Communicating reservation confirmations and updates
  • Ensuring security and safety of guests and property
  • Complying with legal obligations (immigration, tax, etc.)

3.2 Secondary Purposes

  • Marketing communications (with consent)
  • Customer satisfaction surveys
  • Service improvement and analytics
  • Loyalty program administration
  • Special offers and promotions

4. Legal Basis for Processing

We process your data based on:

  • Contractual necessity (for reservations and services)
  • Legal compliance (tax, immigration, etc.)
  • Legitimate business interests (security, service improvement)
  • Your explicit consent (for marketing, sensitive data)

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share information with:

  • Online travel agencies (Booking.com, Expedia)
  • Payment processors
  • Housekeeping and maintenance contractors
  • IT service providers
  • Marketing agencies (with consent)

5.2 Legal Requirements

We may disclose information when required by:

  • Court orders or legal processes
  • Government authorities (immigration, tax)
  • Law enforcement agencies

5.3 Business Transfers

In case of merger, acquisition, or asset sale, guest information may be transferred as a business asset.

6. International Data Transfers

Your data may be transferred and processed outside Kenya, particularly:

  • To our global reservation systems
  • For payment processing
  • When required for bookings by international guests

We ensure all transfers comply with applicable data protection laws through:

  • Standard contractual clauses
  • Adequacy decisions
  • Other appropriate safeguards

7. Cookies and Tracking Technologies

7.1 Types of Cookies Used

  • Essential cookies (for website functionality)
  • Performance cookies (for analytics)
  • Marketing cookies (for personalized ads)
  • Social media cookies (for sharing content)

7.2 Cookie Management

You can:

  • Adjust browser settings to refuse cookies
  • Use our cookie preference center (if available)
  • Note that disabling cookies may affect website functionality

8. Data Security Measures

We implement:

  • Encryption of sensitive data (SSL/TLS)
  • Secure payment processing (PCI DSS compliant)
  • Access controls and authentication
  • Regular security audits
  • Staff training on data protection
  • Incident response procedures

9. Data Retention

We retain personal data:

  • For active guests: 3 years after last stay
  • For financial records: 7 years (per tax requirements)
  • CCTV footage: 30 days (unless needed for investigations)
  • Marketing data: Until consent is withdrawn

10. Your Rights

Under data protection laws, you have the right to:

  1. Access your personal data
  2. Request correction of inaccurate data
  3. Request deletion of data (where applicable)
  4. Restrict processing of your data
  5. Object to certain processing activities
  6. Data portability (where feasible)
  7. Withdraw consent (for consent-based processing)
  8. Lodge complaints with the Data Commissioner

To exercise these rights, contact our Data Protection Officer at: dpo@chinacityhotel.co.ke

11. Children’s Privacy

We do not knowingly collect data from children under 16 without parental consent. Children’s data collected for reservations is used only for the stay purpose and deleted afterward unless required by law.

12. Changes to This Policy

We may update this policy periodically. Significant changes will be:

  • Posted on our website
  • Communicated via email (where appropriate)
  • Dated with a new “Last Updated” notice

13. Contact Information

For privacy-related inquiries:

China City Hotel Data Protection Officer
📍 Kindaruma Road,Kilimani, Nairobi
📞 +254 717 955 555
📧 info@cch.co.ke

Office of the Data Protection Commissioner
📍 P.O Box 30920-00100, Nairobi, Kenya
📞 +254 202 222 017
🌐 www.odpc.go.ke

Your Privacy Matters at China City Hotel

We collect only necessary information to manage your reservation and stay securely. This includes:
✓ Contact details & payment information
✓ Special requests (dietary/accessibility needs)
✓ Website usage data (via cookies)

We Promise To:

  • Never sell your data
  • Use encryption for all payments
  • Delete data when no longer needed
  • Only share with trusted partners (e.g., payment processors)

Your Rights:
You can access, correct, or delete your data anytime. Contact our Data Protection Officer:
📧 info@cch.co.ke | 📞 +254 717 955 555

Staff Data Protection Policy (Summary)

(For internal training/employee handbook)

Confidentiality Requirements:
🔒 All guest data must:

  • Be accessed only for job purposes
  • Never be discussed publicly
  • Be stored securely (locked cabinets/encrypted files)

Prohibited Actions:
❌ Sharing login credentials
❌ Removing guest lists/data from premises
❌ Discussing guest details on social media

Incident Reporting:
Immediately notify the DPO if you:
⚠️ Suspect a data breach
⚠️ Receive unusual data requests
⚠️ Lose devices containing guest information

Penalties:
Violations may result in disciplinary action up to termination.

Additional Recommended Materials:

  1. Guest Consent Form (for check-in):
    “I agree to China City Hotel’s processing of my personal data for reservation and stay purposes. [ ] I consent to receive promotional offers.”
  2. Staff Training Checklist
    • Annual privacy training
    • Password management protocols
    • Secure document disposal procedures

Write a review