This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, contact us, make a booking, or stay with us. It applies to Hotel Triangle Mbarara and our affiliated property Hotel Triangle Kampala (together, the “Hotel Triangle”).
We process personal data primarily under Uganda’s DPPA 2019 and, where applicable (e.g., for EEA/UK guests), the GDPR/UK GDPR.
Who controls your data?
Controller: Hotel Triangle Mbarara (and, for bookings/stays in Kampala, Hotel Triangle Kampala).
Contact for privacy matters: info@hoteltrianglembarara.com
We may appoint vetted service providers as processors to act on our instructions.
What data we collect
When you enquire or book Name, email, phone, address, nationality, ID/passport number (if legally required), booking channel, stay dates, room type, rate, special requests or preferences, number of guests, payment authorisation details (full card data handled by our PCI-compliant payment processor).
During your stay / at our properties Check-in records, folio/charges, minibar and outlet postings, restaurant and spa/gym bookings, incident reports, lost-and-found, CCTV in public areas for safety, key-card/access logs, Wi-Fi connection logs (device MAC address, connection times, IP), vehicle registration (if parking), and communications with our team.
Website & cookies Device/IP, pages viewed, referrers, and cookie identifiers (see Section 9).
Careers (if you apply) CV/resume, qualifications, references, interview notes.
Special categories (only with your knowledge/consent) Dietary needs, accessibility or wellness information where necessary to serve you safely (e.g., allergy-aware catering, spa treatment considerations).
Why we use your data (purposes)
Manage enquiries, reservations, check-in/out, and payment.
Provide services and amenities (rooms, dining, wellness, events).
Personalize your experience and honour preferences.
Communicate pre-arrival, during stay, and post-stay (confirmations, invoices, feedback).
Protect safety and property (CCTV, access controls, incident management).
Business operations (audits, accounting, fraud prevention, analytics, service improvement).
Comply with applicable law and lawful requests.
Marketing and loyalty communications (only as permitted—see Section 10).
Legal bases we rely on
If GDPR/UK GDPR applies: Art. 6(1)(a) consent; 6(1)(b) contract; 6(1)(c) legal obligation; 6(1)(d) vital interests; 6(1)(f) legitimate interests. Special-category data only with explicit consent or other lawful condition.
DPPA 2019: your consent, performance of a contract (booking/stay), legal obligation, vital interests, and our legitimate interests (e.g., service improvement, security) balanced against your rights.
Who we share data with
We never sell your personal data. We share it only as needed, with safeguards:
Hospitality systems & providers: PMS/booking engine/channel manager, POS, spa/gym software, email/SMS and CRM tools, website hosting and security, Wi-Fi/CCTV vendors.
Payment processors & banks: to process secure payments (PCI-DSS compliant).
Travel partners/OTAs & agents: when you book through them.
Event vendors: AV, decor, catering, transport—when required for your booking.
Our group: between Hotel Triangle Mbarara and Hotel Triangle Kampala when a booking or service involves either property.
Authorities & law enforcement: as required by law or to protect rights and safety.
Some recipients may be located outside Uganda; see Section 6.
International transfers
Where personal data is transferred outside Uganda, we use appropriate safeguards (e.g., contractual clauses) and require recipients to protect your data to an adequate standard.
Retention periods
We keep personal data only as long as necessary for the purposes above and legal requirements:
Reservation & folio records: typically 7 years (tax/audit).
CCTV: typically 30–90 days, unless required for an investigation.
Wi-Fi connection logs: up to 12 months for security and misuse prevention.
Marketing records: until you unsubscribe or after a defined inactivity period.
Job applications: 6–12 months unless hired or you consent to longer.
Actual periods may vary to meet legal or dispute-resolution needs.
Security
We implement administrative, technical, and physical safeguards: access controls, staff training, secure networks, encryption in transit where appropriate, vendor due-diligence, and incident response procedures. No system is completely secure, but we work to protect your data.
Cookies & similar tech (website)
We use:
Strictly necessary cookies (security, booking flow)
Performance/analytics (site usage, improvements)
Functionality (remember choices)
Advertising (only if enabled; requires consent in some regions)
You can manage cookies in your browser and via our on-site Cookie Settings (if available). See our separate Cookie Policy for details.
Marketing & preferences
Service communications (e.g., booking confirmations) are sent as part of your reservation. We send marketing (offers, news, post-stay surveys) only with consent where required. You can opt out anytime by using the unsubscribe link or emailing info@hoteltrianglembarara.com .
We do not conduct automated decisions that produce legal or similarly significant effects without human review.
Your rights
Subject to law, you may:
Access the personal data we hold about you.
Correct/rectify inaccurate data.
Delete/erase data where legally permitted.
Object to or restrict certain processing.
Withdraw consent (does not affect prior lawful processing).
If GDPR/UK GDPR applies, you may also have data portability and the right to object to processing based on legitimate interests and to direct marketing.
We will respond within statutory timelines.
How to exercise your rights
Email info@hoteltrianglembarara.com with:
Your full name and contact details
A clear description of your request
Proof of identity (and proof of authority if acting for someone else)
If you are unsatisfied, you may contact Uganda’s Personal Data Protection Office (PDPO) or, if applicable, your local supervisory authority.
Children
Our services are not directed to children under 18. We process minors’ data only as needed for family reservations, safety, and legal requirements. Parents/guardians may exercise rights on behalf of minors.
Third-party links & bookings
Our site and confirmations may link to third-party sites (e.g., OTAs, tour providers). Their privacy practices apply when you use their services. When you book via an OTA or agent, they are also a controller of your data—please review their policy.
CCTV notice (on-property)
We operate CCTV in public areas of Hotel Triangle Mbarara and Hotel Triangle Kampala for safety, crime prevention, and incident investigation. Footage is retained for a limited period (see Section 7) and accessed only by authorized personnel or law enforcement when lawful.
Public Wi-Fi notice (summary)
If you use our guest Wi-Fi, we log basic technical data (device MAC, timestamps, IP, bandwidth) to operate the network, secure it, and prevent misuse. Content of your browsing is not inspected, but lawful requests may require us to disclose connection logs.
Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new Effective date and, where appropriate, notify you via email or website notice.
Contact us
Questions or requests about privacy?
Email: info@hoteltrianglembarara.com
Properties covered: Hotel Triangle Mbarara and Hotel Triangle Kampala
For Privacy, We Can't Let You Reuse Our Images. Visit Our Socials For Public Content
Hotel Triangle Mbarara
Typically replies within an hour
I will be back soon
Hello 👋 Thanks for contacting us. How can we help you today
