Book Now

Privacy Policy

This version was last updated on 24.05.2018

We take privacy policy issues seriously and are committed to preserving the privacy of all visitors to the website owned or controlled by the Grand Hotel Excelsior Malta (“GHE”, “we”, “our”, “the hotel”).

This privacy policy aims to inform you on how the Grand Hotel Excelsior collects and use personal and other data through our website with regards to:

  • our obligations to process your personal data responsibly,
  • your data protection rights and
  • how the law protects you

We process your data in an appropriate and lawful manner, in accordance with the Data Protection Act (Chapter 440 of the Laws of Malta) (the “Act”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) which came into force on 25th May 2018.

Use of Website

When visiting our Website we will not ask for your personal data. The provision of data by you is voluntary except where otherwise stated. Your personal information will be requested in order to provide a particular product or service such as making an online reservation, subscribing to our newsletter and using our Contact Form. Should you choose not to provide certain information, you may not be able to take advantage of some of our features. This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Personal Data

Personal data is information about an individual from which that person can be identified. In order to offer you the online reservations service and the online subscription service, we need to collect and use personal data about you. This customer information is all the information requested on the online reservations forms and the online subscriptions forms, and is required by us to be able to fulfil your requests.

Examples of customer information that you may be asked to provide include:

Title, First name, Last name, E-mail Address, Address, Country, City, Phone number, Credit card details and Room Preferences.

In order to be able to provide you with a more tailored visit upon you return to our hotels, we shall retain a record of your preferences so that we can improve your experience with us.

We may also request certain personal data to ensure compliance with our legal obligations. This may include requesting copies of your passport whenever you check into our hotel in order to verify your identity and to be able to collect the Eco-Contribution Tax as we are required to do under the Eco-Contribution Act (Chapter 473 of the Laws of Malta) and regulations promulgated thereunder. We shall keep your customer information secure and confidential. We shall not disclose, sell, rent or share your customer information to, or with, any person outside of our company without your consent.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

In order to improve your online experience when visiting our website we might gather other additional information such as your IP address; browser type and version; clickstream to, through and from our Site including date and time; page response times; download errors; length of visits to certain pages; page interaction information; and methods used to browse away from the page. We may receive information about your location. We may determine your location through your IP address and, when accessing the Website through a mobile device, by using the data that we collect from this device. This includes precise location information from GPS or information about the wireless networks or cell towers near your mobile device at the time of access.

Other information we might gather includes statistical or demographic data. However this is not personal data as it does not reveal your identity.

Data Protection

Excelsior Hotels International Ltd (C12837) having its registered office at Great Siege Road Floriana, is the data controller in relation to your personal data.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Please contact the hotel’s Data Privacy Officer if you have any concerns or queries relating to the use and storage of your personal data. You have the right to access such data and to require a correction to any data which is incorrect.

Our Data Privacy Officer can be contacted at 00356 21250520 or on

Third party links

This website may include links to third-party websites and applications. We are not responsible for the privacy policies of such other sites. When you leave our website, we encourage you to read the privacy notice of every website you visit, especially when submitting any personal information.

Contact Us Form

Our website allows you to submit an enquiry and get in touch with us in order to be able to request assistance. In order to be able to reply to your query accurately we require certain basic contact information (your name, surname and email address) as well as information relating to your query. Based upon the information which you provide, one of our team will contact you and provide assistance as per your request.

Marketing and Disclosure of Information to Third Parties

You will receive marketing communications from us if you have subscribed to our newsletter or if you have an ongoing relationship with us. If you have provided your consent to receive marketing material and would like to withdraw your consent you can do so at any time by following the ‘unsubscribe’ link on any marketing message sent to you or by contacting us directly via email.

However if you opt out of receiving these marketing messages, this will not affect the processing of personal data provided to us as a result of the Services which we provide to you or any personal data which we are obliged to retain as a result of our legal obligations.

GHE uses the services of third parties, such as strategic marketing companies and email service providers to act as agents on its behalf. We may transfer your personal data to these external service providers which are necessary for us to be able to provide the Services we offer. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may transfer your personal data to the RocketGroup LLC which operates MailChimp which is a marketing service. This service provider is subscribed to the EU-U.S Privacy Shield.

Data Retention

By law we are obliged to keep basic information about our customers (including contact details and details regarding any contracts which you may have entered into as a result of our Services) for six years after the conclusion of the contract, taking into account the applicable prescriptive period at law. We may also retain certain personal data to ensure compliance with our legal obligations. In particular, we shall retain certain transactional and financial information for a period not exceeding ten years, in compliance with tax and accounting reporting legal obligations.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights

You have the right to:

  • request access to your personal data,
  • request correction of the personal data that we hold about you,
  • request erasure of your personal data. (we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request).

We may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Changes to this Privacy Policy

Any changes that we may make in the future to this Notice will be visibly posted on the Site. It is therefore in your own interest to check the “Privacy Policy” page any time you access our website so as to be aware of any changes which may occur from time to time. Your continued use of this website and its services constitute your agreement to any such changes.

For further information on how our website may collect information about your visit to our website, please refer to our Cookie Policy.