Introduction
At Arbor Boutique Hotel we take your privacy seriously. This policy explains how we collect, use, store and share personal information when you visit our website, contact us or make a reservation. Although we are registered in both the United Kingdom and The Gambia, we operate solely in The Gambia. Because of our UK registration we comply with the UK General Data Protection Regulation (UK GDPR) and also respect the relevant laws of The Gambia. By using our services you agree to the practices described here.
What information we collect
We collect only the personal information necessary to provide our services and meet our legal
obligations. We do not knowingly collect information from children under 18.
1. Identity data – your name, title, date of birth and identification documents (such as
passport details) when required.
2. Contact data – billing and postal addresses, email address and telephone numbers.
3. Transaction data – details of your bookings, stays, purchases and payments.
4. Financial data – payment card details or bank account information used to secure your
reservation or pay for services.
5. Technical data – IP address, browser type and version, operating system, device
identifiers and time zone settings collected when you browse our website.
6. Marketing and preference data – your preferences, feedback, survey responses and
marketing opt-in status.
7. Security data – CCTV footage and other surveillance data collected on our premises to
ensure safety.
We collect data when you make a reservation, complete contact forms, sign up for our newsletter,
participate in surveys, use our Wi-Fi or browse our website. Technical data is collected through
cookies and similar technologies.
How we use your information
We collect only the personal information necessary to provide our services and meet our legal
obligations. We do not knowingly collect information from children under 18.
1. Identity data – your name, title, date of birth and identification documents (such as
passport details) when required.
2. Contact data – billing and postal addresses, email address and telephone numbers.
3. Transaction data – details of your bookings, stays, purchases and payments.
4. Financial data – payment card details or bank account information used to secure your
reservation or pay for services.
5. Technical data – IP address, browser type and version, operating system, device
identifiers and time zone settings collected when you browse our website.
6. Marketing and preference data – your preferences, feedback, survey responses and
marketing opt-in status.
7. Security data – CCTV footage and other surveillance data collected on our premises to
ensure safety.
We collect data when you make a reservation, complete contact forms, sign up for our newsletter,
participate in surveys, use our Wi-Fi or browse our website. Technical data is collected through
cookies and similar technologies.
Legal bases for processing
Under the UK GDPR we must have a lawful basis to process your personal information. We rely
on the following bases:
1. Performance of a contract – we need your information to process your reservation and
deliver the services you have requested.
2. Legitimate interests – we use your data to improve our services, enhance security and
prevent fraud where our interests are not outweighed by your fundamental rights and
freedoms.
3. Consent – we will send marketing communications only if you have given us permission.
You may withdraw your consent at any time.
4. Legal obligations – we process certain data to comply with laws, for example retaining
financial records and cooperating with law enforcement.
5. Vital interests – in rare situations we may process your data to protect your vital interests
or those of another person, such as in an emergency.
Sharing your information
We do not sell your personal data. We share it only when necessary and in accordance with this policy:
- Service providers – We use trusted third parties to process payments, manage bookings, send marketing messages and provide IT and analytic services. These providers have access to personal data only to perform specific tasks on our behalf and are bound by
confidentiality and data protection obligations. - Business transfers – If our business is sold or merged, personal data may be transferred to the new owners under the same privacy protections.
- Legal requirements – We may disclose information if required by law, to enforce our
terms or to protect our rights, property or safety
Cookies and tracking technologies
Cookies are small text files placed on your device when you visit our website. We use essential cookies to make our site work and analytics cookies to understand how visitors use our site and to improve user experience. You can control cookies through your browser settings and through
the cookie banner on our website. Disabling cookies may affect site functionality.
How long we keep your information
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy and to meet our legal obligations. For example, we keep financial records for six years to comply with tax and accounting requirements. When we no longer need your data, we will delete it or anonymise it so it can no longer be associated with you.
Data security
We use technical and organisational measures to protect your personal information, including encryption where appropriate, secure servers, firewalls and access controls. We regularly review our security practices. However, no system is completely secure and we cannot guarantee absolute security. You are responsible for keeping any passwords confidential.
Your rights
You have certain rights under the UK GDPR and other applicable laws, including:
Access – to request a copy of the personal data we hold about you.
Rectification – to ask us to correct inaccurate or incomplete data.
Erasure – in certain circumstances, to request deletion of your data.
Restriction – to limit the way we use your data in certain circumstances.
Objection – to object to our processing if it is based on legitimate interests or direct marketing.
Withdraw consent – if we process your data based on consent, you may withdraw it at any time.
Lodge a complaint – you can complain to the Information Commissioner’s Office in the UK or the relevant authority in The Gambia if you believe your rights have been violated.
To exercise your rights, please contact us using the details below. We may need to verify your identity before responding.
International transfers
Because we operate in The Gambia but are registered in the UK, your data may be transferred between these jurisdictions. We ensure an adequate level of protection for international transfers by using standard contractual clauses or relying on other safeguards permitted by law. By using our services you consent to this transfer.
Children’s privacy
Our services are not intended for children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it.
Changes to this policy
We may update this Privacy Policy to reflect changes in law or our business practices. The most recent version will be available on our website with a revised “Last updated” date. If the changes are significant we will notify you via email or a notice on our website.
Contact us
If you have any questions or concerns about this Privacy Policy or the way we handle your data, please contact:
- Email: hello@arborgambia.com
- Phone: +44 7448 826 602
- Postal address: Arbor Boutique Hotel, Brufut, The Gambia
We hope this policy explains our data practices clearly. Please contact us if you would like further information.