Join our community
Join our community
Effective Date: 01-10-2025 | Last Updated: 03-10-2025
HotelPerHour (HPH) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, why and how we process it, how we protect it, your rights under the Nigeria Data Protection Act, 2023 (NDPA), and how to contact us regarding your data.
We are a Data Controller of personal data about our customers, staff, and others. This policy applies to all data processed in Nigeria or relating to Nigerian data subjects, whether automated or non-automated.
We collect and process the following categories of personal data:
Identity Data: Name, gender, date of birth
Contact Data: Email address, phone number, postal address
Booking Data: Hotel reservations, check-in/check-out times, room preferences, special requests
Payment Data: Payment card details, transaction information, billing address
Sensitive Data: Where lawful and necessary, this may include identification documents, health information, or biometric data
Technical and Usage Data: IP address, cookies, device information, browser type, operating system, pages visited, time spent on pages
Location Data: Geographic location information where you have consented or where necessary for service delivery
Communications Data: Records of your correspondence with us, feedback, reviews, and support requests
We process your personal data based on the following legal grounds:
Consent: Where you have given explicit consent for specific processing activities
Contract Performance: Where processing is necessary to fulfill our contractual obligations to you, such as processing your booking
Legal Obligations: Where we are required by law to process your data
Legitimate Interests: Where processing is necessary for our legitimate business interests, provided this does not override your fundamental rights and freedoms
For sensitive personal data, we will only process such information where we have obtained your explicit consent or where another lawful basis under the NDPA applies.
In accordance with the Nigeria Data Protection Act, 2023, we adhere to the following data protection principles:
Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes only
Data Minimization: We collect only the data that is adequate, relevant, and necessary for the stated purposes
Accuracy: We ensure personal data is accurate and kept up to date
Storage Limitation: Data is retained only for as long as necessary for the purposes for which it was collected
Integrity and Confidentiality: We implement appropriate security measures to protect data against unauthorized access, loss, or damage
Accountability: We are responsible for demonstrating compliance with these principles
We use your personal data for the following purposes:
Bookings and Reservations: To process, confirm, and manage your hotel bookings
Payment Processing: To process payments and prevent fraudulent transactions
Communication: To communicate with you about your bookings, send confirmations, updates, and respond to your inquiries
Customer Support: To provide assistance and resolve any issues you may encounter
Marketing: With your consent, to send you promotional offers, newsletters, and information about our services
Compliance with Law: To comply with legal and regulatory obligations, including tax and accounting requirements
Service Improvement: To analyze usage patterns, improve our platform, enhance user experience, and develop new features
We may share your personal data with the following categories of recipients:
Service Providers: Third-party service providers who assist us in operating our platform, processing payments, providing customer support, and delivering our services
Hotel Partners: Partner hotels where you have made reservations, to facilitate your booking and stay
Regulators and Authorities: Government agencies, regulatory bodies, and law enforcement when required by law or to protect our legal rights
Cross-Border Transfers: Where data is transferred outside Nigeria, we ensure appropriate safeguards are in place in accordance with the NDPA
We do not sell your personal data to third parties without your explicit consent.
Under the Nigeria Data Protection Act, 2023, you have the following rights:
Right to be Informed: You have the right to be informed about how your data is being processed
Right of Access: You can request access to your personal data that we hold
Right to Rectification: You can request correction of inaccurate or incomplete personal data
Right to Erasure: You can request deletion of your personal data in certain circumstances
Right to Restrict Processing: You can request that we limit the processing of your data in certain situations
Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time
Right to Object: You can object to processing for marketing purposes or based on legitimate interests
Right Not to be Subject to Automated Decisions: You have the right not to be subject to decisions based solely on automated processing that have legal or significant effects
To exercise any of these rights, please contact our Data Protection Officer using the contact details provided in Section 16.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission (NDPC) within seventy-two (72) hours of becoming aware of the breach, where required by law.
If the breach is likely to result in a high risk to your rights and interests, we will also notify you directly without undue delay, providing information about the nature of the breach and the measures taken to address it.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
When personal data is no longer required, we will securely delete, anonymize, or archive it in accordance with our data retention policies and applicable legal requirements.
Different retention periods apply to different types of data based on the purpose for which it was collected and relevant legal obligations.
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or damage. These measures include:
Encryption: Data transmission and storage are protected using industry-standard encryption protocols
Access Control: Access to personal data is restricted to authorized personnel only, based on the principle of least privilege
Regular Audits: We conduct regular security audits and assessments to identify and address vulnerabilities
Staff Training: Our employees receive training on data protection principles and security best practices
Incident Response: We have procedures in place to detect, respond to, and recover from security incidents
Pseudonymization: Where appropriate, we use pseudonymization techniques to minimize risks
Data Protection Impact Assessments (DPIAs): We conduct DPIAs for high-risk processing activities
Privacy and data protection are integrated into all aspects of our services from the design stage. We adopt a privacy by design and by default approach, ensuring that:
Data protection measures are built into our systems and processes from the outset
Only necessary personal data is collected and processed
Privacy settings are set to the most protective level by default
Users have control over their personal data and privacy preferences
Our services are not directed at children. Where we process personal data of children or individuals who lack legal capacity, we will obtain consent from a parent or legal guardian, unless an exemption applies under applicable law.
If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete such information promptly.
We use cookies and similar tracking technologies to enhance your experience on our platform. Cookies are small text files stored on your device that help us:
Functionality: Remember your preferences and settings
Analytics: Understand how users interact with our platform and identify areas for improvement
Marketing: Deliver personalized content and advertisements based on your interests
You can manage your cookie preferences through your browser settings or our consent management tool. Please note that disabling certain cookies may affect the functionality of our services.
Consent is required for non-essential cookies. Essential cookies that are necessary for the operation of our platform may be used without consent.
We do not make decisions based solely on automated processing that would have legal or similarly significant effects on you, unless:
It is necessary for entering into or performing a contract with you
It is authorized by law, with appropriate safeguards in place
It is based on your explicit consent
Where automated processing is used, you have the right to request human oversight, express your point of view, and contest the decision.
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer:
HotelPerHour (HPH)
Data Protection Officer: Oladunni Olayanju
Email: hotelperhour@gmail.com
Phone: +234 09154304102
You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe we have not handled your personal data in accordance with the law.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.
When we make changes to this policy, we will post the updated version on our website and update the "Last Updated" date at the top of this document.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. If we make material changes that significantly affect your rights, we will provide prominent notice or obtain your consent where required by law.
For privacy-related inquiries, please contact us at hotelperhour@gmail.com.