Privacy Policy

Sunflower Hospitality Limited — Privacy Policy

Last Updated: 2026-04-26 10:57:28


1. Introduction

Sunflower Hospitality Limited ("Sunflower", "we", "our", or "us") operates a group of hotels and hospitality services across multiple cities. We are committed to protecting the privacy and personal data of our guests, website visitors, customers, partners, and all individuals who interact with our services.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your personal data when you:

  • Visit our websites
  • Make hotel reservations
  • Stay at our hotels
  • Use our services and facilities
  • Subscribe to newsletters
  • Fill contact forms
  • Make online payments
  • Participate in promotions
  • Communicate with us

This policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) and applicable global data protection best practices.

2. Who We Are (Data Controller)

Sunflower Hospitality Limited is the data controller responsible for your personal data collected through our websites and hotel operations.

We determine how and why your personal data is processed.

Contact details are listed in Section 15 below.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

A. Identity Information
  • Full name
  • Title
  • Gender
  • Date of birth
  • Nationality
  • Identification documents (where legally required)
B. Contact Information
  • Email address
  • Phone number
  • Residential or business address
  • Country and city
C. Booking & Stay Information
  • Reservation details
  • Check-in and check-out dates
  • Room preferences
  • Special requests
  • Loyalty membership details
  • Stay history
D. Payment Information
  • Payment card details (processed via secure payment gateways)
  • Billing address
  • Transaction records
  • Refund details
E. Account & Website Usage Data
  • Login credentials
  • IP address
  • Browser type
  • Device identifiers
  • Website behavior and navigation logs
F. Communication Data
  • Messages sent through contact forms
  • Emails and chat messages
  • Call records (where applicable)
G. Marketing Data
  • Newsletter preferences
  • Promotion participation
  • Survey responses

4. How We Collect Your Data

We collect personal data through:

  • Online booking forms
  • Contact forms
  • Newsletter signup forms
  • Account registration
  • Hotel check-in documents
  • Payment transactions
  • Customer service interactions
  • Website cookies and analytics tools
  • Third-party booking platforms
  • Travel agents and corporate partners

5. Lawful Basis for Processing (NDPR Compliance)

We process your data under one or more lawful bases:

  • Contract performance — to complete bookings and provide hotel services
  • Legal obligation — regulatory and tax compliance
  • Legitimate interest — service improvement and fraud prevention
  • Consent — newsletters, marketing, cookies
  • Vital interest — guest safety and emergency situations

6. How We Use Your Personal Data

We use your data to:

  • Process reservations and payments
  • Confirm and manage bookings
  • Provide hotel and hospitality services
  • Respond to inquiries and requests
  • Send booking confirmations and updates
  • Improve website performance
  • Conduct customer service operations
  • Send newsletters (with consent)
  • Personalize guest experience
  • Prevent fraud and abuse
  • Meet legal and regulatory obligations
  • Maintain security of guests and systems

7. Sharing of Personal Data

We may share personal data with:

Service Providers
  • Payment processors
  • IT providers
  • Cloud hosting providers
  • Email marketing platforms
  • Booking engine providers
Hospitality Operations Partners
  • Affiliated hotel branches
  • Management partners
  • Franchise operators (where applicable)
Legal & Regulatory Bodies
  • Law enforcement agencies
  • Government authorities
  • Courts and regulators when required
Business Transfers

In case of merger, acquisition, or restructuring.

We require all third parties to maintain confidentiality and data security.

8. International Data Transfers

Transfer of Personal Information Outside Nigeria

  • The Personal Information that we collect from you, may be transferred to, and processed at, a destination outside Nigeria. It may also be processed by organisation operating outside Nigeria who work with/for us. The organisation may be engaged in, amongst other things, the fulfilment of your order, the provision of support or administration services, analysis of statistical data, or other functions. By submitting your Personal Information, you agree to this transfer, storing or processing.
  • Whenever we transfer your Personal Information outside Nigeria, we ensure a similar degree of data protection safeguarding is afforded to it by ensuring at least one of the following safeguards is implemented.

Where personal data is transferred outside Nigeria, we ensure:

  • Adequate legal safeguards
  • NDPR-compliant protections
  • Contractual data protection clauses
  • Secure transfer mechanisms

9. Data Retention

The company maintains a documented Data Retention and Secure Disposal Policy which governs the retention of personal data across its properties and corporate functions.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including reservation fulfilment, guest relationship management, financial reporting, legal compliance, dispute resolution, fraud prevention, and security management.

Retention periods vary depending on the category of data and are determined based on:

  • Applicable legal, regulatory, tax, and accounting requirements
  • The nature and sensitivity of the personal data
  • Operational and contractual obligations
  • The need to establish, exercise, or defend legal claims

Categories of data subject to retention controls include guest reservation records, financial and transactional information, CCTV footage, marketing and loyalty data, employee records, and vendor information.

Where personal data is no longer required, it is securely deleted or destroyed. In some circumstances, data may be anonymised and retained for statistical or business analysis purposes where individuals are no longer identifiable.

10. Data Security Measures

We implement:

  • SSL encryption
  • Secure servers
  • Access controls
  • Payment gateway security
  • Staff confidentiality training
  • Monitoring and audit systems

11. Your NDPR Rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability
  • Lodge complaints with NDPR authority

12. Marketing Communications

We send marketing only with consent. You can unsubscribe anytime using the unsubscribe link or by contacting us.

13. Third-Party Links

Our website may link to third-party sites. We are not responsible for their privacy practices.

14. Children's Privacy

Our services are not directed at children under 16 without guardian consent.

15. Contact — Data Protection Requests

Sunflower Hospitality Limited

Data Protection Officer

248A, IKORODU CRESCENT, DOLPHIN ESTATE, IKOYI LAGOS STATE

maaadegoke@proctorhousecompany.com

+234 708 336 4687, +234 805 238 5387