PRIVACY POLICY
This privacy notice sets out how we use your personal information when you visit the 
Grotto Bay Beach Resort and Spa Website (Website) or when using our hotel and hotel services.
Please read this document carefully and contact us if you have any questions. By using.
this Website you are agreeing that you have both read the document and understood its contents. 
Grotto Bay acknowledges the importance of protecting personal information. The Personal Information Protection Act 2016 (PIPA), provides individuals in Bermuda with the right of informational privacy protection. The PIPA will not come into force in full until January 1, 2025, however this privacy notice has been drafted with Grotto Bay’s compliance in mind. 

1. Who we are and contact details 
Grotto Bay Beach Resort and Spa is a limited liability company. 
The registered Office is located at:
11 Blue Hole Hill
Hamilton Parish, CR04
Bermuda
1 (441) 293-8333
Our Privacy Officer can be contacted at:
privacy@grottobay.com 
11 Blue Hole Hill
Hamilton Parish, CR04
Bermuda
1 (441) 293-8333

2. What are your rights? 
We will do all we reasonably can to assist you with any issue arising from our use of your 
personal information. 
When the PIPA comes into force on January 1, 2025, your full legal rights will consist of the following. The right:
• to information about the use of personal information
• of access to personal information
• to the rectification, blocking, erasure, and destruction of personal information
• to prevent or stop the use of personal information for advertising, marketing, and public relations.
• to prevent or stop the use of personal information that is causing or likely to cause substantial damage or distress.
In the meantime, you may contact our Privacy Officer for assistance at privacy@grottobay.com

Please note that not all privacy rights are absolute rights. They may be subject to specific conditions and exemptions. You will also be required to provide proof of identity to access these rights.

We encourage you to come to us in the first instance but, to the extent that these rights apply to you  from January 1, 2025, you are entitled to complain directly to the Privacy Commissioner for Bermuda at  PrivCom@privacy.bm or  call 1-441-543-PRIV [-7748]

3. What personal information do we use? 
We do not require the use of sensitive personal information unless you provide it to us for a specific service you request. Exceptions include cases of emergency and the medical form for certain spa services, which you would consent to before completing.
Depending on the purpose, we may collect: 
• Title 
• Full Name
• Address
• Email address
• Phone number
• Postal code
• Names of adult guests
• Number of children and ages
• Credit card details (name, card number, expiry date and CVV)
• Currency
• Date
• Time
• Date of arrival
• Date of departure
• Room number
• Activities
• Food and beverages
• Consumption habits
• Dietary requirements
• Preferences
• Special requests
• Consent to receive offers, promotional messages and/ or join a mailing list
• Gift certificate recipient
• Type of gift certificate
• Amount of gift certificate
• Emails to guest services
• Amenities requested and ordered
• Emails to catering
• Event requests
• Testimonials-directly through the hotel or obtained through social media platforms
• Health information for spa visits
• Satisfaction surveys
• Information obtained through social media or online reviews concerning our Hospitality.
• IP Address 

4. Why do we need your personal information? 
We may use your personal information for the following purposes: 
• to enable certain functions of our Website
• to improve your Website experience 
• to book a hotel room Note: When booking, the number of children and ages may be asked as that will influence the price if an all-inclusive supplement is requested.
• to communicate with you in preparation for your arrival
• to register your arrival and departure
• to fulfill any special requests including preferences, dietary requirements, etc.
• to assist with any activities during your stay including spa services 
• to manage payment of your stay
• to assist with reservations
• to provide catering
• to facilitate event planning
• to receive a credit limit report and manage payment and cancellations
• to protect or defend the organisation in any legal proceeding
• to promote the property through testimonials obtained through social media platforms, or online reviews, for the purposes of addressing your questions or complaints, monitoring our online reputation, and improving our services and identifying opportunities on which we can focus
• to provide specials, discounts, and news to you through our mailing list with your consent
• to provide the option for purchasing gift certificates
• to gather Website analytics to promote our business and improve user experience
• to authenticate users (passwords)
• to follow up with you if you haven’t completed a booking?
• to send you customer satisfaction surveys based on your consent
• to enable staff to respond to guest requirements
• to send emails to those who have consented to receive e-mails from Grotto Bay
• to pay a commission to your travel agent, wholesalers, or online travel applications, if applicable
• to address questions or complaints
• to monitor our online reputation

5. What information is collected from or about Children?
This Website is not intended for children, and we do not knowingly collect or use personal information from or about children in the services we provide. We do request the number and ages of children (no names) during the booking process if the booking includes an all-inclusive supplement, so we may correctly provide the meal portion cost which varies depending on the age of the guest. 

In the event we learn that we have collected personal information from a child under the age of 18 without verification of parental consent, steps will be taken promptly to remove that information. If you believe that we have or may have information from or about a child under 18 years of age, please contact us at privacy@grottobay.com.

6. How do we collect your personal information?
We collect your personal information in the following ways:
• Directly from you by email, telephone, in person, or through the Website
• Through third party booking operators
• From online reviews through publicly accessible social media pages

7. The legal conditions for our use 
The PIPA (when in force) requires us to identify the legal basis for our use of your 
personal information.
Our legal basis for use will be:
• your consent 
• inferred consent though your accessing our Website; and/or
• that you would not reasonably request us to “not begin or cease” using your 
personal information 
• that you have entered into a contract or have taken steps with a view to enter a contract 
• publicly available information (online reviews)

8. Who has access to your personal information?
a) Our Hotel Staff 
All Grotto Bay personnel and staff understand their obligation to maintain customer personal 
information subject to conditions of confidence. Only relevant staff are allowed access to customer personal information. We disclose only the personal information that is necessary to deliver the services you require to those staff members pertinent to the task.

b)  Third parties in Bermuda
We may transfer your personal information to third parties in Bermuda for the purposes of completing tasks relating to the delivery of our services, such as our IT network, or as a result of your request for transportation, activity reservations, etc. When we use third party service providers in Bermuda, we disclose only the personal information that is necessary to those organisations and individuals relevant to the task. We do not sell or rent your personal information. 
c) International Transfers of Personal Information 
We may transfer your personal information to third parties outside Bermuda for the purposes of completing tasks relating to the hotel booking process and/or the delivery of our services. When we use third party service providers overseas, we disclose only the personal information that is necessary to those organisations and individuals relevant to the task. When your personal information is transferred to third parties overseas, we do so with security in mind and the systems that these providers have in place to protect and secure the personal information that has been sent. We do not sell or rent your personal information. International transfers include:
• IT systems software and support, including Point of Sale services. 
 We use overseas vendors of software such as for booking, hospitality, guest management, hotel management and spa management and other systems.  

• Hotel Bookings
  We use overseas booking operators, including travel agents, wholesalers, travel companies, tour operators, online travel sites, as relevant. Event planners may be local or from overseas.
• Guest Satisfaction surveys
 These are managed by an overseas provider. Your consent is required and there is an opt-out which will ensure that guests do not receive subsequent emails.

9. How long do we keep your personal information for? 
We are legally required to hold some types of personal information to fulfil our statutory 
obligations. We will hold your personal information only for so long as it is necessary for 
the relevant activity, or for internal audit and quality control purposes. We review our retention periods for personal information on a regular basis. 

10. Security 
We seek to use reasonable organizational, technical, and administrative measures to protect personal information. We monitor the security of our systems and premises, and we review our policies and 
procedures on a regular basis. 

Information transmitted normally over the internet can never be guaranteed as 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us. Once we receive your personal information, we make all reasonable (and appropriate) efforts to ensure its security on our systems. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. 

CCTV cameras are used on the property for guest security purposes. Images are retained for 21 days and afterwards automatically deleted. 

Hotel Wi-Fi is provided by an external party, and the network is a public network. The hotel does not take responsibility for communications over the Wi-Fi network.

11.Website
a) Hosting
The Website is maintained and hosted securely in the USA: Privacy Center | Newfold Digital
b) Chat function 
The chat function application does not collect personal information unless the user inputs personal information to communicate with the hotel. The information is secured and protected.
c) Links 
On our Website, there may be links to other Websites or social media.  If you click on these links, please note that you are leaving the Grotto Bay Resort and Spa Website. As such, our privacy notice will no longer apply.  Your interaction on these Websites or social media is subject to their terms of use, privacy and other policies, not Grotto Bay Resort and Spa’s. 

12. Social Media
To enhance your use of our Website, we include a limited number of social media plug-ins that you may use. These plug-ins allow you to directly post links on the relevant network. When you open a Website on which a social media plug-in is embedded (e.g., our Website), the respective social network provider will use personal information regarding your visit for its own business purposes. This use is not initiated or controlled by us (neither do we have access to it or store it), but is a built-in feature of the respective social media plug-in. 
 In the case of Facebook (Meta), we do use a Facebook pixel on our Website to track our media campaign performance on that platform. Using the pixel, Facebook itself collects information about the users and use of our Website. To find out more about the Facebook pixel and about Facebook’s use of personal data generally, see the Facebook cookie policy at
https://www.facebook.com/policies/cookies/ and the Facebook privacy policy
at https://www.facebook.com/about/privacy. 
The Facebook cookie policy includes information about controlling Facebook’s use of cookies.

Some of our social media pages allow users to submit their own content. Please remember that any content submitted to one of our social media pages can be viewed by the public, and you should be cautious about providing certain personal information (e.g., financial information or address details) via these platforms. We are not responsible for any actions taken by other individuals if you post personal information on one of our social media platforms (e.g., Facebook). Please also refer to the respective privacy and cookie policies of the social media platforms you are using.

13. Cookies / Tracking Technologies
We use essential cookies to make our Website work. We may also use non-essential cookies to improve user experience and analyze Website traffic through our social media, advertising, and analytics partners. 
When you visit our Website, we provide a cookie settings banner to manage your cookie consent. You may at any time withdraw your consent to the use of cookies by deactivating the cookies. If you do so, some functions of the Website may not work.

We use the following cookies:
• Strictly Necessary Cookies: These cookies are necessary for the Website to function. They are usually only set in response to actions made by visitors which amount to a request for services, such as setting privacy preferences or booking a stay. 

• Functional Cookies: These cookies allow our Website to remember your site preferences and choices you make on the site. We also use functional cookies to facilitate navigation, track user count, session validation, identify and track users for personalization, to display content more effectively, and/ or to personalize your experience. These also include information on device type, browser, IP address.

• Advertising Cookies: Advertising cookies allow us to track responses to online advertisements and marketing. We may implement cookies and pixels on our Website which include Google site tags, pixels, floodlight tag, meta pixel, Facebook pixel. Other pixels, from marketing partners include web beacons and tags that track activity on the site and user conversion and remarketing.

• Analytics Cookies: Analytics cookies help us improve our Website by collecting and reporting information on how you use it. We may have pixels and tags that power Google Analytics and other third-party analytics. They track user content, viewing length, regional user information, what sites visitors are coming from and data that can be used in assessing user acquisition and conversion.

14. Cookie Deactivation
 You may withdraw your consent to the use of cookies at any time by deactivating the cookies.  You can delete cookies on the browsers below. These links provide information on how to do so:
• Microsoft Edge : 
https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
• Chrome: https://support.google.com/accounts/answer/32050
• Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac
• Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-Websites-stored&redirectlocale=en-US

You can find out more about cookies on www.allaboutcookies.org.

15.  Do you have any questions about privacy, exercising your rights or this Privacy Notice? 
If so, please contact our Privacy Officer whose contact details are:
privacy@grottobay.com
11 Blue Hole Hill
Hamilton Parish, CR04
Bermuda
1 (441) 293-8333
16. Privacy Notice

Privacy notice (Administrative details) 
Effective Date: October 1, 2024
On occasion we will update this privacy notice. Any amended privacy notice becomes effective once published.





To Top