Effective Date: June 2026

Website: Derby Hotel

Derby Hotel ("Derby Hotel," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you visit our website, make reservations, stay at our hotel, attend events, or interact with our services.

This Privacy Policy has been developed in accordance with internationally recognized privacy principles, including the General Data Protection Regulation (GDPR), UK GDPR, and applicable Zimbabwean data protection laws where relevant.

1. Who We Are

Derby Hotel
Bellevue, Bulawayo, Zimbabwe

Website: www.derbyhotel.co.zw

Derby Hotel provides accommodation, conferencing facilities, event hosting, hospitality services, and related guest services.

2. Information We Collect

We may collect personal information directly from you, automatically through our website, or from third parties involved in reservation processing.

Information You Provide

When making a booking, inquiry, or using our services, we may collect:

Full name
Email address
Telephone number
Physical address
National ID number
Passport details
Vehicle registration details
Payment information
Company information (for corporate bookings)
Guest preferences
Event booking information
Emergency contact details

Information Collected Automatically

When you visit our website, we may collect:

IP address
Browser type
Device information
Operating system
Website usage data
Referral URLs
Date and time of access
Pages visited
Session information

Information Collected During Your Stay

For operational and security purposes, we may collect:

Check-in and check-out records
Guest service requests
CCTV footage in public areas
Access control records
Incident reports
Feedback and reviews

3. How We Use Your Information

We use personal information to:

Reservation Management

Process bookings
Confirm reservations
Manage check-in and check-out
Provide guest services

Customer Support

Respond to inquiries
Handle complaints
Resolve disputes

Payment Processing

Process transactions
Verify payments
Prevent fraud

Service Improvement

Improve hotel operations
Enhance guest experiences
Analyse website performance

Marketing Communications

With your consent where required, we may send:

Special offers
Promotions
Newsletters
Event announcements

You may opt out of marketing communications at any time.

Legal Compliance

We may use information to:

Comply with legal obligations
Fulfil immigration or guest registration requirements
Prevent fraud
Protect our rights and property

4. Legal Basis for Processing

Where applicable, we process personal information based on:

Contractual necessity
Legal obligations
Legitimate business interests
Guest consent
Protection of vital interests
Public interest obligations

5. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to:

Improve website functionality
Remember user preferences
Analyse website traffic
Enhance user experience

Cookies may include:

Essential Cookies

Required for website functionality.

Analytics Cookies

Used to understand website performance and visitor behaviour.

Marketing Cookies

Used to deliver relevant promotional content where applicable.

Users may manage cookie preferences through browser settings.

6. Sharing Your Information

We do not sell personal information.

We may share information with:

Service Providers

Including:

Payment processors
Website hosting providers
IT support providers
Reservation management systems

Government Authorities

Where required by law or regulatory obligations.

Professional Advisors

Including:

Lawyers
Accountants
Auditors
Insurance providers

Business Transfers

If Derby Hotel undergoes a merger, acquisition, restructuring, or sale of assets.

All third parties are required to handle personal information securely and lawfully.

7. International Data Transfers

Where services involve international technology providers or cloud-based systems, your information may be processed in countries outside Zimbabwe.

When such transfers occur, Derby Hotel will take reasonable measures to ensure appropriate data protection safeguards are in place.

8. Data Security

We implement appropriate technical and organizational measures to protect personal information against:

Unauthorized access
Loss
Misuse
Disclosure
Alteration
Destruction

Security measures may include:

SSL encryption
Secure payment gateways
Access controls
Password protection
Staff confidentiality obligations

While we strive to protect your information, no internet transmission or storage system can be guaranteed 100% secure.

9. Data Retention

We retain personal information only for as long as necessary to:

Provide services
Meet legal obligations
Resolve disputes
Enforce agreements

Retention periods may vary depending on:

Regulatory requirements
Tax obligations
Accounting standards
Security investigations

When information is no longer required, it will be securely deleted or anonymized.

10. Your Privacy Rights

Subject to applicable laws, you may have the right to:

Access

Request a copy of personal information we hold about you.

Correction

Request correction of inaccurate or incomplete information.

Deletion

Request deletion of personal information where legally permissible.

Restriction

Request limitations on how we process your information.

Objection

Object to certain types of data processing.

Data Portability

Request a transferable copy of your personal data where applicable.

Withdraw Consent

Withdraw consent for marketing communications or other consent-based processing.

Requests may be subject to identity verification.

11. Children's Privacy

Our services are not directed at children under the age of 18.

We do not knowingly collect personal information from children except where provided by parents, guardians, or authorized adults as part of a reservation.

12. CCTV Monitoring

For guest safety, security, and crime prevention, CCTV systems may operate in public areas of the hotel.

CCTV recordings:

Are used for security purposes only.
Are retained for a limited period.
May be disclosed to law enforcement where legally required.

No CCTV monitoring occurs in guest rooms, bathrooms, or other private areas.

13. Third-Party Websites

Our website may contain links to third-party websites, including:

Social media platforms
Mapping services
Online booking providers

We are not responsible for the privacy practices of third-party websites.

Users should review the privacy policies of those websites independently.

14. Marketing Communications

Where legally permitted, Derby Hotel may send:

Booking updates
Promotional offers
Newsletters
Event information

You may unsubscribe at any time by:

Clicking the unsubscribe link in emails
Contacting Derby Hotel directly

Transactional communications related to bookings may still be sent.

15. Data Breach Procedures

In the event of a personal data breach that poses a risk to affected individuals, Derby Hotel will:

Investigate the incident promptly.
Take appropriate corrective measures.
Notify affected individuals where required by law.
Cooperate with relevant authorities.

16. Changes to This Privacy Policy

Derby Hotel reserves the right to modify this Privacy Policy at any time.

Updated versions will be published on our website with a revised effective date.

Continued use of our website and services after changes are published constitutes acceptance of the revised policy.

17. Contact Us

If you have any questions about this Privacy Policy or your personal information, please contact: