POLICY STATEMENT

• Trianum Hospitality Limited values your privacy and takes great care to protect and maintain the confidentiality, integrity and availability of personal data you provide us. We are committed to processing your personal data in lawful, fair and transparent manner and in accordance with data protection laws applicable in Kenya.

• This Privacy Policy explains how we collect, use or otherwise process your Personal Date in connection with our services.

• Please take time to read this Privacy Policy to understand how and why we collect and use your information in connection with our services.

WHO IS TRIANUM HOSPITALITY LIMITED?

• Trianum Hospitality Consulting and Operations Limited is a boutique consulting and management firm. The Company was founded in 2010 and manages a network of high quality, fully furnished serviced apartments and boutique hotels situated in multiple locations across the country including Executive Residency by Best Western, Fedha Residences, Ulwazi Place and Heri Heights.

• We are located in Hurligham, along Tigoni Road at Fedha Residences.

• In this Policy, Trianum Hospitality Consulting and Operations Limited and Executive Residency by Best Western, Fedha Residences, Ulwazi Place and Heri Heights shall collectively be referred to as (“We, “Us” “Our”).

WHO DOES THIS POLICY APPLY TO?

• This Website Privacy Notice applies to all our Guests (Accommodation, Swimming Pool, Gym, Restaurant and Events), Suppliers, Office Visitors, Website Users, Suppliers, Office Visitors who may access this website. 

• By accessing https://www.trianum.co.ke/ you acknowledge that you have read and understood this Privacy Policy. 

WHAT IS PERSONAL DATA?

• In this Privacy Policy, “personal data” refers to any information that relates to an identified or identifiable individual. This includes, but is not limited to, identification details, contact details, booking details, check-in and check-out details, CCTV footage, cookies and other online identifiers when you access our website and any other data that can be used to directly or indirectly identify an individual.

• Personal data may also include sensitive information, such as racial or ethnic origin, religious beliefs, health information, family information including children’s information, next of kin details, property records, financial information, transaction records, where applicable and subject to applicable laws and regulations.

TYPES OF INFORMATION COLLECTED PURPOSE AND LAWFUL OBLIGATION

• We collect Personal Data directly from you as well as from other available sources to the extent permitted by law. We endeavour to only collect Personal Data that is necessary for the purpose(s) for which it is collected and to retain such data for no longer than necessary for such purpose(s). Subject to applicable law and practice, the categories of Personal Data that are typically collected and processed are:

Data subject	Type of personal data collected	Purpose of Collection	Lawful Basis
Guests (Accommodation)	Identification details: name, ID/Passport, KRA PIN, gender, date of birth Contact details: phone number, email address. Booking details: check-in and check-out date, number of guests (adults and children), address, preferred room type, preferred mode of payment, any special requests. Guest Cancellation details: cancellation requests made through phone calls/email. Check-in details: date and time of arrival, room number, period of stay, number of guests, emergency contact, next of kin details Check-out details: check-out time Payment details: M-Pesa number,invoice, payment notification payment receipt, credit card details (applies where guest pays during check-in/check-out) Information collected through our data collection forms e.g. Feedback Form. Complaints and general Correspondence: general complaints and queries made by guests. Children’s data: date of birth, passport details, age Cookies and online other identifiers such as IP addresses CCTV footage	Check room availability and process customer booking details Facilitate the check-in and check-out processes Process cancellation requests Respond to customer enquiries and resolve customer complaints. Communication and follow up. Provide guests information about our properties Safeguard our properties premises Improve user experience when they access our websites	Contract Legal Obligation Legitimate Interests
Guests (Events)	Identification details: name, ID/Passport, KRA PIN Contact details: phone number, email address. Event details: nature of event, number of event participants, date of event, information contained in Events Agreements. Payment details: M-Pesa number, invoice, payment receipt, credit card details CCTV footage General Correspondence and queries Cookies and other online identifiers such as IP addresses	perform the Events Agreements Safeguard our properties’ premises improve user experience when you access our website.	Contract Legal Obligation Legitimate Interests
Guests (Swimming Pool, Gym and Restaurant	Identification details: name, ID/Passport, KRA PIN Contact details: phone number, email address. Payment details: M-Pesa number, invoice, payment receipt, credit card details CCTV footage General correspondence and queries Cookies and other online identifiers such as IP addresses	Process payments Safeguard our properties’ premises Improve user experience when you access our websites	Legal Obligation Legitimate interests
Suppliers	Identification details: name, ID/passport. KRA PIN contact details: phone number, email address. identification details: name, ID/Passport, KRA PIN contract details Payment details: credit terms supplier statements, bank account details CCTV records Complaints/requests	Supplier management and communication. Process payments	Contract Legal Obligation
Office Visitors	Contact details: name, phone number Identification details: name, ID, Car registration number CCTV records Complaints/requests	Security and access control	Legitimate interests
Website Visitors	Contact details: name, phone number/email address. Unit preferences Online identifiers such as cookies and related tags, IP addresses	Communication & follow up Customer user preferences and experiences.	Consent

CONSEQUENCES OF FAILING TO PROVIDE PERSONAL DATA

• In some cases, if you choose not to provide certain personal data requested by us, it may impact our ability to fully provide you with the requested services, or information. The specific consequences of not providing personal data will depend on the context and the purpose for which the data is requested.

• We encourage you to carefully consider the personal data requested and its importance for the intended purposes. If you have concerns about providing certain information, please contact us to discuss your specific circumstances and requirements. We will endeavor to find alternative solutions or assess if there are any legal or contractual obligations that require the provision of the requested data.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We may collect your personal information from various sources including: –

• Directly from you when you fill in our data collection forms, call or email us and visit our company premises 

• Indirectly: –

• From our third party service providers such as booking agents and travel agents,
• when you interact with our website or other social media platforms such as Facebook, Instagram, LinkedIn, Twitter and YouTube (in this case we collect cookies and online identifiers
• when you access our premises which are under CCTV surveillance

DATA SHARING

• We may share your personal data within the Company to facilitate our internal operations and provide you with efficient services.

• We may share your personal data with third parties in the following circumstances:

• Service Providers: We may engage third-party service providers to perform various services on our behalf, such as IT data processors and legal services providers. These service providers will have access to your personal data as necessary to perform their functions but are strictly prohibited from using your personal data for any other purposes.
• Business Partners: We may share your personal data with trusted business partners who collaborate with us to provide products or services to you. These partners may use your personal data only for the purposes specified in our agreement with them.
• Legal Obligations: We may disclose your personal data if required to do so by law or in response to a valid legal request, such as a court order or government inquiry.
• Corporate Transactions: In the event of a merger, acquisition, or any form of corporate restructuring, we may transfer your personal data to the involved parties, if they agree to treat your personal data in accordance with this privacy policy.
• Consent: We may share your personal data with third parties if you have given us explicit consent to do so. You have the right to withdraw your consent at any time.

• When sharing your personal data with third parties, we prioritise the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.

• We carefully select and evaluate third-party service providers, business partners, and other recipients of your personal data. We enter into contractual agreements with these parties, imposing obligations to protect your personal data and restricting their use of the information solely for the specified purposes outlined in our agreement. Furthermore, we require these third parties to implement appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction of your personal data.

DATA SECURITY

• We understand the importance of keeping your personal data secure and take appropriate measures to protect it against unauthorized access, loss, misuse, or alteration. We have implemented robust security measures to ensure the confidentiality, integrity, and availability of your information, including: –

• Technical Safeguards: To protect your information during transmission, we utilize industry-standard encryption protocols, ensuring the confidentiality of your data. Our secure network infrastructure incorporates firewalls, intrusion detection systems, and other security measures to prevent unauthorised access and mitigate external threats. Additionally, access controls are in place, restricting data access to authorised individuals through unique user credentials, strong passwords, and role-based privileges. Regular data backups and recovery processes are performed to maintain data integrity and availability.

• Organisational Safeguards: Our commitment to data security extends to our employees and third-party service providers. Strict confidentiality agreements bind them, emphasizing the importance of maintaining the security and confidentiality of your personal data. Regular training programs are conducted to educate employees on data protection best practices, security protocols, and their responsibilities. Access controls and authorization mechanisms ensure that only authorised personnel can access your data. We have established comprehensive data protection policies and procedures to guide the proper handling, storage, retention, and disposal of personal data. In the event of any security incidents, our incident response plan enables swift identification, mitigation, and notification, as well as measures to prevent future occurrences.

• While we continually enhance our security measures, it is important to note that no security measure can provide absolute protection. However, we are dedicated to maintaining the highest possible standards of data security and will continue to invest in measures to safeguard your information.

• If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by sending us an email on dpo@trianum.co.ke

PERSONAL DATA RETENTION

• We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by applicable laws and regulations. 

• Once the retention period expires, we shall securely delete or anonymise your data in accordance with our Data Retention and Disposal Policy. 

COOKIES

• We use cookies and similar technologies on our website to enhance your browsing experience, personalize content, analyse website traffic, and track user interactions. A cookie is a small text file that is stored on your device when you visit our website.

• We use different types of cookies on our website:

1. • Essential Cookies: These cookies are necessary for the functioning of our website and enable you to navigate through the site and use its features. They are essential for providing services that you have requested, such as accessing secure areas of the site or making use of online forms.
   • Analytical and Performance Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most frequently or if any error messages occur. We use this information to analyse and improve the performance and functionality of our website.
   • Marketing and Advertising Cookies:These cookies are used to deliver targeted advertisements and promotions that may be of interest to you. They are placed by third-party advertising networks with our permission. These cookies may track your browsing activities across different websites.

• Cookie Consent: By using our website, you consent to the placement of cookies on your device as described in our Cookie Policy. You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may impact the functionality and performance of our website. 

• Third-Party Cookies: We may allow certain third-party service providers to place cookies on our website for advertising, analytics, or other purposes. These third parties have their own privacy policies and may collect information about your browsing activities on our website and other websites.

• Data Collected by Cookies: The information collected by cookies may include your IP address, browser type, device information, and browsing behaviour. We take appropriate measures to protect the security and confidentiality of cookie data. We ensure that any third parties that have access to cookies comply with strict data protection standards and process the information in accordance with our instructions.

WHAT RIGHTS DO YOU HAVE OVER YOUR DATA?

• Under the Data Protection Act, 2019, you have several rights regarding your personal data:-

• right to information: you have a right to be informed how the Company will use your personal data.
• right of access: you are entitled to access your personal data that is in our possession or custody.
• right to object: you can object to the processing of all part of your personal data, except when we can demonstrate a compelling legitimate interest for the processing which overrides your interests or for the establishment, exercise or defence of a legal claim.
• right to rectification: you have the right to request the correction of inaccurate, outdated, incomplete or misleading personal data in our possession or under our control, without undue delay.
• right to erasure: you have the right to request deletion or destruction, without undue delay, of personal data that we are no longer authorised to retain, or that is irrelevant, excessive, or obtained unlawfully.
• right to data portability: you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit the data to another data controller without hindrance. Where technically feasible, you may also request direct transmission of your personal data from us to another data controller or data processor.
• automated decision making you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects affects you. If we make automated decisions based on your personal data, you will be notified in writing. You can also request us to reconsider any decisions made solely through automated processing or to make a new decision that is not solely automated.
• right of restriction: You can request the restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of the data, it is no longer needed for processing, it was processed unlawfully, or you have objected to the processing pending verification of our legitimate interests.
• Right to withdraw consent: you have a right to withdraw consent where the lawful basis for processing your personal data is based on consent.
• Right to lodge a complaint to the Office of the Data Protection Commissioner (ODPC): you have a right to lodge a complaint to the ODPC if you are aggrieved by a decision regarding the processing of your personal data.

• If you wish to exercise any of the rights outlined above, please write an email to the Data Protection Officer (DPO) on dpo@trianum.co.ke

• We will make every effort to address your inquiries and requests via email within the timelines specified by applicable data protection laws and regulations.

• To ensure the security and accuracy of the personal data we provide, we may request additional information and verification of your identity. This is necessary to confirm that we are releasing the data to the rightful owner.

• While we strive to fulfill all valid requests, there may be cases where we are unable to comply. If such a situation arises, we will inform you of the reasons for our inability to fulfill your request.

INTERNATIONAL DATA TRANSFERS

• As part of our business operations, we may your transfer personal data to recipients located in countries outside Kenya.

• We are committed to ensuring that any transfer of personal data outside of Kenya complies with the provisions set forth in the Data Protection Act, 2019. We prioritise the privacy and security of your personal data throughout the transfer process.

•  If you have any questions or concerns regarding our international data transfer practices, please contact our Data Protection Officer (DPO) at dpo@trianum.co.ke. We will strive to address your inquiries and provide you with transparent information regarding the transfer of your personal data outside of Kenya.

YOUR RESPONSIBILITIES

• As a data subject, it is important that you understand and fulfill certain responsibilities to ensure the protection and privacy of your personal data. By providing your personal data to Trianum Hospitality Limited,you agree to adhere to the following responsibilities: 

• Accuracy and Updates: You are responsible for providing accurate and up-to-date personal data to the Company. Please inform us promptly of any changes or updates to your contact details or other relevant information.

• Third-Party Data: If you give us personal data of third parties, such next of kin date or emergency contact details, it is your responsibility to ensure that you have obtained the necessary consent or authority to share their information. Inform these individuals about the processing activities and possible international transfers of their data.

• Exercise of Rights: If you wish to exercise your rights with respect to your personal data, including the rights of access, rectification, erasure, objection, or data portability, please follow the procedures outlined in our Privacy Policy. We may require additional information or verification to process your request and ensure the security and confidentiality of your data.

• Reporting Concerns:If you have any concerns or complaints regarding the processing or transfer of your personal data, please contact our designated Data Protection Officer (DPO) at dpo@trianum.co.ke.We appreciate your feedback and will promptly address any issues raised.

CHANGES TO THIS POLICY

• We may periodically update or revise this Privacy Policy to ensure its alignment with legal requirements and our evolving business practices. We will promptly inform you of any material changes to this Policy by posting a pop-up notification or sending you a direct communication. 

• Your continued use of our services after the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy. We recommend that you regularly check this Privacy Policy to stay updated on any changes. If you disagree with any modifications to this Policy, you should discontinue using our services and contact us to exercise your rights or request the removal of your personal data, as outlined in this Policy.