PRIVACY POLICY

Welcome to Sulimha Durbar. We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, who we share it with, your rights, and the choices you can make about your information when you visit sulimhadurbar.com, use our online booking services, contact us, stay at our hotel, dine with us, or otherwise interact with Sulimha Durbar (collectively, the “Services”).

If anything below is unclear or you want help exercising any right, please contact us (see “Contact Us” at the end).

  1. Who we are / scope

Controller: Sulimha Durbar (a boutique heritage hotel located at Sulimha Square, Pimbahal, Patan, Lalitpur, Nepal). This Privacy Policy applies to information collected:

  • On our website and booking engine,
  • When you call or email us,
  • When you stay with us or dine with us,
  • When you use our Wi-Fi or service apps,
  • When you apply for jobs, participate in promotions, or complete surveys,
  • When you interact with our social media profiles.

  1. Information we collect

We collect several types of information depending on how you interact with us:

A. Personal identity & contact information

Examples: name, title, postal address, email address, telephone/mobile number, emergency contact.

Collected when you: make a booking, sign up for our newsletter, contact us, register for events, or check in for a stay.

B. Booking & stay information

Examples: reservation dates, room preferences, special requests, billing name and address, guest names, arrival/departure times, loyalty or membership numbers, group/banquet details.

Collected when you: reserve rooms, book events, or request group services.

C. Payment & billing information

We collect payment information necessary to process payment for bookings and services (e.g., name on card, billing address). Card numbers and full card data are handled by our third-party payment processors — we do not store raw card numbers unless you expressly opt to use a tokenized vault service offered by a processor.

D. Transaction & records

Examples: invoices, receipts, booking history, refund or dispute details, tax and accounting records.

E. Communications & marketing interactions

Examples: contact form content, email correspondence, marketing preferences, SMS consent, social media messages, feedback, reviews.

F. Device, usage & technical information

Examples: IP address, browser type and version, device identifiers, operating system, pages visited, referral/exit pages, search terms, clickstream data, time stamps, and cookies or other tracking technologies.

Collected automatically when you use our website or digital services (see Cookies & Tracking below).

G. Special categories (limited)

Examples: dietary restrictions, accessibility requirements, religious or cultural preferences, or other special requests that may be sensitive.

Collected only if voluntarily provided (e.g., for room accommodations or dining) and processed with appropriate safeguards.

H. CCTV and security footage

When you visit our premises, CCTV may capture footage for safety and loss prevention. Footage is retained and accessed only as necessary for security, safety or legal reasons.

  1. How we collect information
  • Directly from you: when you book, fill forms, email, call, register, sign up for newsletters, apply for jobs, or otherwise provide information.
  • Automatically: via cookies, web server logs, analytics tools, and other tracking technologies when you visit our site.
  • From third parties: payment processors, travel agents/OTAs (e.g., booking.com, Expedia), corporate bookers, channel managers, identity verification services, social media platforms, or publicly available sources.
  • From other guests or persons: when someone booking on behalf of others provides guest information.

  1. Why we use your information (purposes) & legal bases

We use your information for the following core purposes:

  1. To provide and manage bookings, stays and services.
    — Process reservations, confirm bookings, allocate rooms, provide requested services (e.g., dietary or accessibility requests), and manage check-in/out.
  2. To process payments and refunds.
    — Charge for rooms, events, F&B, and related services via third-party payment processors.
  3. To communicate with you.
    — Send booking confirmations, pre-arrival information, service messages, invoices, receipts, and notifications about your stay.
  4. To deliver marketing and offers (with consent where required).
    — Send newsletters, promotional offers, and special event invitations if you opt in. You can opt out at any time.
  5. To operate, maintain and improve our website and services.
    — Analytics, troubleshooting, performance monitoring, and platform security.
  6. To ensure safety, security and loss prevention.
    — CCTV, incident investigations, fraud prevention, enforcement of hotel policies.
  7. To comply with legal, tax, accounting and regulatory obligations.
    — Record keeping, tax reporting, legal holds, or responding to lawful requests.
  8. To manage recruitment and employment processes.
    — When you apply for jobs, we process CVs and application material to evaluate candidates.
  9. To respond to requests, complaints, and legal matters.
    — Cooperate with law enforcement, defend legal claims, and address regulatory inquiries.

Legal basis: depending on the law applying to you this may include contractual necessity (to perform the booking contract), consent (for marketing, cookies), legitimate interests (fraud prevention, direct marketing to existing customers, improving our services), and compliance with legal obligations.

We will not use your personal data for uses incompatible with the purposes described without first notifying you.

  1. Cookies & tracking technologies

Our website uses cookies and similar technologies (local storage, web beacons) to:

  • Make the website work (essential cookies),
  • Remember preferences,
  • Analyze site traffic and performance,
  • Deliver targeted advertising through third parties (with consent where required).

You can control cookies through your browser settings and opt-out of certain third-party tracking (for example by using browser-based Do Not Track settings or vendor opt-out pages). Blocking essential cookies may affect the functioning of our booking engine.

  1. Third-party services & sharing

We share personal data only as necessary and with safeguards in place. Typical recipients:

  • Payment processors: to take and refund payments (we rely on PCI-compliant third parties).
  • Booking engines & channel managers / OTAs: to manage reservations and inventory.
  • Analytics & advertising providers: e.g., analytics platforms and ad networks to measure ads and site usage.
  • Email & messaging providers: to deliver transactional and marketing messages.
  • IT and cloud service providers: to host, store and process data (servers, backups).
  • Professional advisors: auditors, lawyers, accountants where required.
  • Government, law enforcement or regulatory bodies: when required by law or to protect legal rights.

We require third parties to maintain appropriate data protection and security measures and only process data in accordance with our instructions.

  1. International transfers

Your information may be transferred to and processed in countries outside Nepal where our service providers operate. Where transfers occur, we will take reasonable steps to ensure adequate safeguards (e.g., contractual protections) are in place to protect your data consistent with this policy and applicable law.

  1. Data retention

We retain personal data only as long as necessary for the purpose collected, for legitimate business or legal reasons, or to meet regulatory requirements. Typical retention examples:

  • Booking & billing records: retained for the period necessary for customer service, tax, accounting, and legal obligations (for many businesses this is often several years; consult local tax counsel if you require a specific statutory period).
  • Marketing preferences: until you withdraw consent or opt out.
  • CCTV footage: for a limited period (e.g., days to months) unless required longer for an incident or legal request.
  • Job applications: retained for a reasonable recruitment period; if unsuccessful, records may be retained with consent for future openings.

If you would like to request deletion or discuss retention periods, contact us (see “Contact Us”).

  1. Security

We maintain reasonable administrative, technical and physical safeguards designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Examples: access controls, encryption in transit, secure hosting, and staff training.

No system is 100% secure — if we detect a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

  1. Your rights and choices

Depending on your jurisdiction you may have rights including:

  • Access: request a copy of personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”): request deletion where lawful.
  • Restriction: ask that processing be limited in certain circumstances.
  • Portability: receive a copy of data in a structured, machine-readable format.
  • Object: object to processing based on legitimate interests or direct marketing.
  • Withdraw consent: for processing based solely on consent (e.g., marketing or cookies).

To exercise these rights, send a request using the contact details below. We may ask for proof of identity and will respond within applicable legal timeframes. If you are not satisfied you may lodge a complaint with a relevant supervisory authority.

  1. Marketing communication & promotional messages

We will only send marketing messages with your consent where required. If you have previously booked or enquired, we may send relevant offers based on legitimate interests unless you opt out. All marketing emails and SMS messages include an unsubscribe link or opt-out method. You can also contact us directly to change preferences.

  1. Reviews, user content & public postings

When you submit reviews or post content on public forums or third-party review sites, that content may be publicly visible. You are responsible for content you voluntarily share publicly. We may use reviews or testimonials in our marketing after obtaining necessary consent where required.

  1. Children

Our Services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected a child’s data in error, contact us and we will take steps to delete it.

  1. Third-party websites & links

Our website may contain links to third-party sites (OTAs, social media, review platforms). This Privacy Policy does not apply to those sites. We encourage you to read the privacy policies of any third-party site you visit.

  1. Automated decision-making & profiling

We do not rely on automated decision-making that produces legal effects about you (for example, automated credit decisions). We may use analytics and profiling to improve our services and personalize offers, but human oversight is maintained.

  1. Data breach notification

If we become aware of a security breach affecting personal data, we will follow applicable legal obligations and notify affected individuals and authorities when required and appropriate.

  1. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make changes we will revise the “Effective date” and, where appropriate, notify existing customers by email or posting a notice on our site. Continued use of our Services after changes indicates acceptance of the updated policy.

  1. Governing law & dispute resolution

This policy and any disputes arising out of it will generally be governed by the laws of Nepal. You agree that the courts of Lalitpur (or another Nepalese jurisdiction we specify) will have jurisdiction over disputes, unless otherwise required by applicable law.

  1. How to exercise your rights / Contact Us

If you have questions, requests to access, correct or delete your personal information, wish to file a complaint, or want to change marketing preferences, please contact:

Privacy Contact / Data Protection Officer (DPO)
Sulimha Durbar
Sulimha Square, Pimbahal, Patan, Lalitpur, Nepal
Email: contact@sulimhadurbar.com
Phone: +977 01-5405060

Please include sufficient detail (your name, email used with us, booking reference if applicable) so we can locate your records and respond promptly.

  1. Additional notes for business owners / implementers (expert tips)
  • Ensure all third-party provider contracts include data processing terms and obligations.
  • Use tokenization for card storage and PCI-compliant processors. Do not store full card numbers on your servers.
  • Maintain a cookie banner with granular consent options for non-essential cookies and a record of consent.
  • Keep an internal data map to track where guest data is stored (property management system, CRM, OTAs, accounting).
  • Train staff on privacy basics (guest identity checks, minimum necessary access, responding to data requests).
  • Periodically review retention policies with legal/tax counsel to align with Nepalese requirements.

 

Scroll to Top