1. INTRODUCTION

Taja Hotels Ltd ("we," "our," or "us") is committed to protecting the privacy and personal information of our guests, website visitors, and all individuals who interact with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Nigeria Data Protection Act 2023, the Nigeria Data Protection Regulation (NDPR), and other applicable Nigerian laws.

This Privacy Policy applies to all personal information collected through our website (tajahotel.com), mobile applications, reservation systems, hotel properties, and any other digital or physical touchpoints where we interact with you. By using our services, making a reservation, or visiting our properties, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

As a hospitality company operating in Nigeria, we recognize our responsibility to protect your fundamental right to privacy as guaranteed under Section 37 of the Constitution of the Federal Republic of Nigeria. We are committed to maintaining the highest standards of data protection and ensuring that your personal information is processed lawfully, fairly, and transparently.



2. DATA CONTROLLER INFORMATION

Company Name: Taja Hotels Limited

Registration Number: 8583808

Address: 71B, Abba Johnson Road, Adeniyi Jones, Ikeja, Lagos State, Nigeria

Email: hello@tajahotel.com

Website: www.tajahotel.com



Data Protection Officer Contact:

Email: hello@tajahotel.com

Taja Hotels Ltd is registered with the Nigeria Data Protection Commission (NDPC) as a Data Controller of Major Importance under the Nigeria Data Protection Act 2023. Our registration details are available upon request.



3. TYPES OF PERSONAL INFORMATION WE COLLECT

We collect various types of personal information depending on how you interact with our services. The categories of personal information we may collect include:



3.1 Identification Information

  • Full name and title

  • Date of birth

  • Gender

  • Nationality and country of residence

  • Government-issued identification numbers (passport, driver's license, national ID)

  • Photographs for identification purposes



3.2 Contact Information

  • Postal address (home, business, billing)

  • Email addresses (personal, business)

  • Telephone numbers (mobile, home, business)

  • Emergency contact information



3.3 Reservation and Stay Information

  • Reservation details (dates, room type, number of guests)

  • Guest preferences and special requests

  • Arrival and departure information

  • Room assignments and key card access logs

  • Services utilized during your stay

  • Feedback and reviews



3.4 Financial Information

  • Credit/debit card and payment information

  • Billing address

  • Transaction history

  • Loyalty program points and rewards



3.5 Technical Information

  • IP address and device identifiers

  • Browser type and version

  • Operating system

  • Website usage data and analytics

  • Cookies and similar tracking technologies

  • Location data (with your consent)



3.6 Communication Records

  • Correspondence via email, phone, or chat

  • Customer service interactions

  • Marketing communication preferences

  • Complaint and feedback records



3.7 Health and Safety Information

  • Dietary restrictions and allergies

  • Accessibility requirements

  • Medical information relevant to your stay (when voluntarily provided)

  • Emergency contact information



3.8 Business and Corporate Information

  • Company name and position

  • Business contact details

  • Corporate account information

  • Event and meeting requirements



4. HOW WE COLLECT YOUR PERSONAL INFORMATION

We collect personal information through various methods and sources:



4.1 Direct Collection

  • When you make a reservation through our website, mobile app, or call center

  • During check-in and check-out processes

  • When you complete guest registration forms

  • Through surveys, feedback forms, and reviews

  • When you contact our customer service

  • During participation in loyalty programs

  • When you attend events or use our facilities



4.2 Automatic Collection

  • Through cookies and similar technologies on our website

  • Via security cameras and access control systems

  • Through Wi-Fi usage logs and internet access

  • From mobile applications and digital services

  • Through payment processing systems



4.3 Third-Party Sources

  • Travel agencies and booking platforms

  • Corporate travel departments

  • Credit card companies and payment processors

  • Social media platforms (when you interact with our content)

  • Marketing partners and affiliates

  • Background check services (where legally permitted)



4.4 Public Sources

  • Publicly available information from social media

  • Business directories and professional networks

  • Government databases (where legally accessible)



5. PURPOSES FOR PROCESSING PERSONAL INFORMATION

We process your personal information for the following specific, legitimate, and lawful purposes:



5.1 Service Provision

  • Processing and managing reservations

  • Providing accommodation and hospitality services

  • Facilitating check-in and check-out procedures

  • Delivering requested amenities and services

  • Managing loyalty programs and rewards

  • Processing payments and billing



5.2 Customer Service and Support

  • Responding to inquiries and requests

  • Resolving complaints and disputes

  • Providing technical support

  • Managing special requests and preferences

  • Ensuring guest satisfaction



5.3 Safety and Security

  • Ensuring the safety and security of guests and staff

  • Monitoring access to hotel premises

  • Preventing fraud and unauthorized access

  • Complying with security regulations

  • Emergency response and assistance



5.4 Legal and Regulatory Compliance

  • Meeting legal obligations under Nigerian law

  • Complying with tax and accounting requirements

  • Responding to legal requests and court orders

  • Anti-money laundering compliance

  • Immigration and customs requirements



5.5 Business Operations

  • Managing business relationships

  • Conducting market research and analysis

  • Improving our services and facilities

  • Training staff and quality assurance

  • Financial reporting and auditing



5.6 Marketing and Communications

  • Sending promotional materials and offers (with consent)

  • Personalizing marketing communications

  • Managing marketing campaigns

  • Conducting customer surveys

  • Building customer profiles for targeted marketing



6. LEGAL BASIS FOR PROCESSING

Under the Nigeria Data Protection Act 2023, we process your personal information based on the following legal grounds:



6.1 Consent

We obtain your explicit consent for:

  • Marketing communications and promotional materials

  • Use of cookies and tracking technologies

  • Processing of sensitive personal information

  • Sharing information with third parties for marketing purposes



6.2 Contract Performance

Processing is necessary for:

  • Fulfilling our contractual obligations to provide accommodation services

  • Processing reservations and payments

  • Delivering requested services and amenities

  • Managing loyalty program benefits



6.3 Legal Obligation

We process information to comply with:

  • Nigerian tax and accounting laws

  • Immigration and customs requirements

  • Anti-money laundering regulations

  • Court orders and legal requests

  • Health and safety regulations



6.4 Vital Interests

Processing may be necessary to:

  • Protect the life and safety of guests and staff

  • Respond to medical emergencies

  • Ensure security and prevent harm

  • Protect against fraud and criminal activity



6.5 Legitimate Interests

We may process information for our legitimate business interests, including:

  • Improving our services and customer experience

  • Conducting business analytics and research

  • Ensuring network and information security

  • Managing business relationships

  • Direct marketing to existing customers (subject to opt-out rights)



7. SHARING OF PERSONAL INFORMATION

We may share your personal information with the following categories of recipients:



7.1 Taja Hotels Group of Companies

We may share information within the Taja Hotels Ltd group of companies for:

  • Providing consistent service across properties

  • Managing loyalty programs

  • Coordinating reservations and transfers

  • Business administration and support



7.2 Service Providers and Business Partners

We work with trusted third parties who provide services on our behalf:

  • Payment processors and financial institutions

  • Technology service providers

  • Cleaning and maintenance contractors

  • Food and beverage suppliers

  • Transportation and tour operators

  • Marketing and advertising agencies



7.3 Government Authorities

We may disclose information to:

  • Nigerian tax authorities

  • Immigration and customs officials

  • Law enforcement agencies

  • Regulatory bodies and licensing authorities

  • Courts and legal tribunals



7.4 Emergency Services

In case of emergencies, we may share information with:

  • Medical professionals and hospitals

  • Emergency response services

  • Insurance companies

  • Next of kin or emergency contacts



7.5 Business Transactions

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the new entity, subject to the same privacy protections.



8. INTERNATIONAL TRANSFERS

When we transfer your personal information outside Nigeria, we ensure adequate protection through:



8.1 Adequacy Decisions

We only transfer to countries deemed adequate by the Nigeria Data Protection Commission.



8.2 Appropriate Safeguards

For transfers to countries without adequacy decisions, we implement:

  • Standard contractual clauses approved by the NDPC

  • Binding corporate rules

  • Certification mechanisms

  • Codes of conduct



8.3 Specific Situations

Transfers may occur without additional safeguards when:

  • You have provided explicit consent

  • Transfer is necessary for contract performance

  • Transfer is for your benefit and consent is impractical

  • Transfer is necessary for important public interest reasons

  • Transfer is necessary for legal claims

  • Transfer is necessary to protect vital interests



9. DATA RETENTION

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected:



9.1 Active Guest Records

  • Reservation and stay information: 7 years from last stay

  • Payment and billing records: 7 years for tax compliance

  • Loyalty program data: Until account closure plus 2 years



9.2 Marketing Communications

  • Email marketing lists: Until you unsubscribe plus 1 year

  • Customer preferences: 3 years from last interaction



9.3 Security and Safety Records

  • CCTV footage: 30-90 days unless incident reported

  • Access logs: 1 year

  • Incident reports: 7 years



9.4 Legal and Compliance Records

  • Tax-related information: 7 years as required by Nigerian law

  • Legal dispute records: Until resolution plus 7 years

  • Regulatory compliance records: As required by applicable law



10. YOUR RIGHTS AS A DATA SUBJECT

Under the Nigeria Data Protection Act 2023, you have the following rights:



10.1 Right of Access

You have the right to:

  • Confirm whether we process your personal information

  • Obtain a copy of your personal information

  • Receive information about how we process your data



10.2 Right to Rectification

You can request that we:

  • Correct inaccurate personal information

  • Complete incomplete personal information

  • Update outdated information



10.3 Right to Erasure

You may request deletion of your personal information when:

  • It is no longer necessary for the original purpose

  • You withdraw consent and no other legal basis exists

  • Information has been unlawfully processed

  • Deletion is required for legal compliance



10.4 Right to Restrict Processing

You can request restriction of processing when:

  • You contest the accuracy of the information

  • Processing is unlawful but you prefer restriction to deletion

  • We no longer need the data but you need it for legal claims

  • You have objected to processing pending verification



10.5 Right to Data Portability

You have the right to:

  • Receive your personal information in a structured, commonly used format

  • Transmit your information to another data controller

  • Have your information transmitted directly where technically feasible



10.6 Right to Object

You can object to processing based on:

  • Legitimate interests (including profiling)

  • Direct marketing purposes

  • Scientific or historical research purposes



10.7 Right to Withdraw Consent

Where processing is based on consent, you can:

  • Withdraw consent at any time

  • Withdraw consent as easily as it was given

  • Continue to receive services not dependent on consent



11. EXERCISING YOUR RIGHTS

To exercise any of your rights, please contact us using the following methods:

Email: hello@tajahotel.com

Phone: +234 707 3331 933

Mail: Data Protection Officer, Taja Hotels Limited, Adeniyi Jones, Ikeja, Lagos State, Nigeria



11.1 Verification Process

To protect your privacy, we may need to verify your identity before processing your request. We may ask for:

  • Government-issued identification

  • Reservation confirmation numbers

  • Answers to security questions



11.2 Response Timeframes

We will respond to your requests:

  • Acknowledgment: Within 48 hours

  • Full response: Within 30 days

  • Complex requests: Up to 60 days with explanation



11.3 Fees

Most requests are processed free of charge. We may charge a reasonable fee for:

  • Manifestly unfounded or excessive requests

  • Additional copies of information

  • Administrative costs for complex requests



12. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar technologies to enhance your browsing experience:



12.1 Types of Cookies

  • Essential Cookies: Necessary for website functionality

  • Performance Cookies: Help us understand how visitors use our site

  • Functional Cookies: Remember your preferences and settings

  • Marketing Cookies: Used to deliver relevant advertisements



12.2 Cookie Management

You can control cookies through:

  • Browser settings and preferences

  • Our cookie consent management tool

  • Third-party opt-out mechanisms

  • Industry opt-out platforms



12.3 Third-Party Cookies

We may use third-party services that place cookies:

  • Google Analytics for website analytics

  • Social media plugins

  • Advertising networks

  • Payment processors



13. SECURITY MEASURES

We implement comprehensive security measures to protect your personal information:



13.1 Technical Safeguards

  • Encryption of data in transit and at rest

  • Secure socket layer (SSL) technology

  • Firewalls and intrusion detection systems

  • Regular security updates and patches

  • Access controls and authentication systems



13.2 Organizational Measures

  • Staff training on data protection

  • Regular security audits and assessments

  • Incident response procedures

  • Vendor security requirements

  • Privacy by design principles



13.3 Physical Security

  • Secure data centers and server rooms

  • Access controls to sensitive areas

  • CCTV monitoring of facilities

  • Secure disposal of physical documents

  • Visitor access controls



14. DATA BREACH NOTIFICATION

In the event of a personal data breach:



14.1 Internal Procedures

  • Immediate containment and assessment

  • Investigation and documentation

  • Risk assessment for data subjects

  • Notification to relevant authorities



14.2 Regulatory Notification

We will notify the Nigeria Data Protection Commission within 72 hours if the breach is likely to result in a risk to your rights and freedoms.



14.3 Individual Notification

We will notify affected individuals without undue delay if the breach is likely to result in a high risk to your rights and freedoms.



14.4 Notification Content

Breach notifications will include:

  • Nature of the breach

  • Categories and approximate number of affected individuals

  • Likely consequences of the breach

  • Measures taken to address the breach

  • Contact information for further inquiries



15. CHILDREN'S PRIVACY

We are committed to protecting the privacy of children under 18 years of age:



15.1 Parental Consent

  • We require parental consent for processing children's information

  • Parents can review, modify, or delete their child's information

  • We limit collection to information necessary for services



15.2 Special Protections

  • Enhanced security measures for children's data

  • Limited retention periods

  • Restricted sharing with third parties

  • Age-appropriate privacy notices



16. MARKETING COMMUNICATIONS

16.1 Consent-Based Marketing

We will only send marketing communications with your explicit consent, including:

  • Promotional emails and newsletters

  • Special offers and discounts

  • Event invitations

  • Loyalty program communications



16.2 Opt-Out Mechanisms

You can unsubscribe from marketing communications:

  • Using the unsubscribe link in emails

  • Contacting our customer service

  • Updating your preferences online

  • Calling our reservation center



16.3 Legitimate Interest Marketing

We may send service-related communications based on legitimate interests:

  • Reservation confirmations

  • Service updates

  • Safety and security notices

  • Account information



17. THIRD-PARTY WEBSITES AND SERVICES

Our website may contain links to third-party websites and services:



17.1 External Links

  • We are not responsible for third-party privacy practices

  • We encourage you to review their privacy policies

  • Different terms and conditions may apply



17.2 Social Media Integration

  • Social media plugins may collect information

  • Your interactions are governed by the platform's privacy policy

  • We may receive information from social media platforms



17.3 Booking Platforms

  • Third-party booking sites have their own privacy policies

  • Information may be shared between platforms and us

  • Different data protection standards may apply



18. UPDATES TO THIS PRIVACY POLICY

18.1 Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our business practices

  • New legal requirements

  • Technological developments

  • Feedback from data subjects



18.2 Notification of Changes

We will notify you of material changes through:

  • Email notifications to registered users

  • Prominent notices on our website

  • In-app notifications

  • Direct communication during your stay



18.3 Effective Date

Changes become effective on the date specified in the updated policy. Your continued use of our services constitutes acceptance of the changes.



19. CONTACT INFORMATION

For questions, concerns, or requests related to this Privacy Policy, please contact:

Email: hello@tajahotel.com

Phone: +234 707 3331 933

Mailing Address: Data Protection Officer, Taja Hotels Limited, Adeniyi Jones, Ikeja, Lagos State, Nigeria



20. COMPLAINTS AND REGULATORY AUTHORITY

If you believe we have not handled your personal information in accordance with this Privacy Policy or applicable law, you have the right to lodge a complaint with:

Nigeria Data Protection Commission (NDPC)

Website: www.ndpc.gov.ng

Email: info@ndpc.gov.ng

Address: Nigeria Data Protection Commission, Abuja, Nigeria

You also have the right to seek judicial remedy through the Nigerian courts under the Fundamental Rights Enforcement Procedure Rules.

This Privacy Policy is effective as of December 1, 2025 and was last updated on December 1, 2025.

© 2025 Taja Hotels Limited. All rights reserved.




© Taja Hotels.  All rights reserved.