Legal Information

Privacy Policy

Last Updated: April 2026

This Privacy Policy describes how Ikat Villa collects, uses, discloses, and safeguards personal information provided by guests and visitors. We are committed to protecting your privacy and complying with applicable data protection regulations.

3.1 Information We Collect

We may collect the following categories of personal information:

  • Identity Information: Full name, date of birth, nationality, passport or government ID number.
  • Contact Information: Email address, phone number, mailing address.
  • Payment Information: Credit/debit card details, billing address (stored in encrypted form).
  • Reservation Information: Booking dates, room preferences, special requests, loyalty program membership.
  • Usage Data: IP address, browser type, pages visited on our website, and cookies.
  • On-Property Data: CCTV footage, access logs, and dining preferences collected during your stay.

3.2 How We Use Your Information

  • To process and manage your reservation and provide requested services.
  • To process payments and prevent fraudulent transactions.
  • To communicate with you about your stay, including pre-arrival, in-stay, and post-stay correspondence.
  • To comply with legal obligations, including anti-money laundering and government reporting requirements.
  • To improve our services through analysis of usage data and guest feedback.
  • To send marketing communications, where you have given your consent or where permitted by law.

3.3 Legal Basis for Processing (GDPR)

For guests in applicable jurisdictions, we process personal data under the following legal bases:

  • Contractual necessity: Processing required to fulfill your reservation.
  • Legal obligation: Processing required for regulatory compliance (e.g., immigration records).
  • Legitimate interests: Internal analytics and fraud prevention.
  • Consent: Marketing communications and non-essential cookies.

3.4 Data Sharing & Disclosure

  • We do not sell personal data to third parties.
  • Data may be shared with trusted service providers (e.g., payment processors, IT vendors) under confidentiality agreements.
  • Data may be disclosed to government authorities when required by applicable law (e.g., police requests, immigration compliance).
  • If the hotel is part of a group, data may be shared with affiliated properties for loyalty program purposes.

3.5 Data Retention

  • Guest records are retained for a minimum of 5 years following the date of check-out, or as required by applicable law.
  • Payment data is retained only as long as required by financial regulations.
  • CCTV footage is retained for 30 days unless required for an ongoing investigation.

3.6 Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal retention obligations).
  • Opt out of marketing communications at any time via the unsubscribe link or by contacting us directly.
  • Lodge a complaint with the relevant data protection authority.

To exercise your rights, contact our Privacy Officer at privacy@ikatvilla.com.

3.7 Cookies

  • Our website uses essential, functional, and analytical cookies.
  • Guests may manage cookie preferences through our cookie consent tool or browser settings.
  • Declining non-essential cookies will not affect your ability to make a reservation.

3.8 Security

  • We implement industry-standard technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure.
  • Payment information is encrypted using SSL/TLS technology.
  • In the event of a data breach, we will notify affected guests and relevant authorities as required by law.