This Privacy Policy describes how Wescott Hotels (‘we’, ‘us’, ‘our’) collects, uses, stores, shares, and protects personal data obtained through our website (wescotthotels.com) and during the course of providing our hotel services. This policy also includes our Cookie Policy and explains your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our website or staying at any of our properties, you acknowledge that you have read and understood this policy.

1. Who We Are

Wescott Hotels is a hospitality group operating three premium properties in Dubai, United Arab Emirates:

• Wescott Hotel Dubai – Al Souq Al Kabeer, Bur Dubai, P.O. Box 32795, UAE. Tel: +971-43293200. Email: reservations@wescotthotels.com
• Wescott Plaza Hotel Apartments LLC – Kuwait Street, Al Mankhool Area, Bur Dubai, P.O. Box 32795, UAE. Tel: +971-43543444. Email: info.plaza@westzone.com
• Wescott Pearl Hotel Apartments LLC – Bank Street, Building Khalid Bin Al Waleed Rd, Al Mankhool, Dubai, UAE. Tel: +971 4 325 2233. Email: info.pearl@westzone.com

For GDPR purposes, Wescott Hotels Group acts as the Data Controller for personal data processed through our website and during hotel operations. If you have any questions regarding your personal data, please contact us at reservations@wescotthotels.com.

2. Data We Collect

2.1 Information You Provide Directly

When you make a reservation, contact us, or interact with our services, we may collect:

• Full name and title
• Email address and telephone number
• Postal address and country of residence
• Date of birth (where required for age verification)
• Passport or national ID number (required for check-in under UAE law)
• Payment card details (processed securely; we do not store full card numbers)
• Dietary preferences and special requests
• Guest preferences and stay history
• Communications and correspondence with our team
• Feedback, reviews, and survey responses

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

• IP address and approximate location
• Browser type, version, and operating system
• Pages viewed, time spent, and navigation paths
• Referring URLs and search terms used
• Device identifiers and screen resolution
• Cookie and tracking data (see Section 9 – Cookie Policy)

2.3 Information from Third Parties

We may receive information about you from:

• Online travel agencies (OTAs) such as Booking.com, Expedia, or Agoda
• Corporate travel partners and booking platforms
• Review platforms such as Google Reviews or TripAdvisor
• Social media platforms if you interact with our profiles
• Payment processors and fraud prevention services

3. Legal Basis for Processing

Under GDPR, we only process your personal data where we have a lawful legal basis. The bases we rely on are:

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 Reservation & Stay Management

• Processing, confirming, and managing hotel reservations
• Checking guests in and out of the property
• Fulfilling special requests and room preferences
• Processing payments and issuing invoices
• Communicating reservation updates or changes

4.2 Guest Experience & Service

• Personalising your stay based on preferences and previous visits
• Responding to enquiries, complaints, and feedback
• Sending pre-arrival and post-stay communications
• Managing loyalty or guest recognition programmes

4.3 Legal & Compliance

• Complying with UAE Federal Law requirements for guest registration
• Maintaining financial records as required by law
• Cooperating with law enforcement or regulatory authorities when required
• Defending or exercising legal claims

4.4 Marketing & Communications

• Sending promotional offers, special packages, and newsletters (with consent)
• Conducting guest satisfaction surveys
• Retargeting website visitors through digital advertising (with consent)

You may withdraw your consent to marketing communications at any time by clicking the ‘unsubscribe’ link in any email or by contacting us directly.

4.5 Website Operations

• Analysing website traffic and user behaviour to improve performance
• Preventing fraudulent activity and ensuring security
• Testing and developing new website features

5. Data Sharing & Disclosure

We do not sell your personal data. We may share your data with trusted third parties only where necessary:

5.1 Service Providers

• Payment processors (e.g., credit card networks, payment gateways)
• Online booking platforms and channel managers
• IT service providers and cloud hosting services
• Email marketing and CRM platforms
• Analytics and website management providers

5.2 Legal & Governmental Authorities

We are required by UAE law to share guest passport and identification information with relevant authorities, including immigration and tourism regulators. We will also disclose data if required by a valid legal order or court judgment.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5.4 International Transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where we transfer data internationally, we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or equivalent protections.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy. Our standard retention periods are:

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data without undue delay.

Right to Erasure / ‘Right to Be Forgotten’ (Article 17)

You may request deletion of your personal data where there is no compelling reason for its continued processing, subject to our legal obligations.

Right to Restrict Processing (Article 18)

You can ask us to pause the processing of your data in certain circumstances, such as while we verify its accuracy.

Right to Data Portability (Article 20)

You may request that we provide your personal data in a structured, machine-readable format so you can transfer it to another organisation.

Right to Object (Article 21)

You can object to processing of your data for direct marketing at any time, or where processing is based on our legitimate interests.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Rights Related to Automated Decision-Making (Article 22)

We do not use solely automated decision-making processes that have legal or similarly significant effects on you.

To exercise any of these rights, please contact us at reservations@wescotthotels.com. We will respond to all verifiable requests within 30 days. You also have the right to lodge a complaint with your local Data Protection Authority (DPA) at any time.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

• SSL/TLS encryption for all data transmitted via our website
• Access controls and role-based permissions for staff
• Regular security audits and vulnerability assessments
• Staff training on data protection and privacy best practices
• Secure data storage with reputable cloud providers
• Incident response procedures in case of a data breach

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34.

9. Cookie Policy

9.1 Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be disabled. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms. You can block these cookies in your browser, but parts of the site will not then work.

Performance & Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use this data to improve our website performance.

Functionality Cookies

These cookies enable enhanced features and personalisation, such as remembering your language preference or previously viewed hotels.

Marketing & Targeting Cookies

These cookies may be set by our advertising partners to build a profile of your interests and show you relevant adverts on other sites. They do not directly store personal information but are based on uniquely identifying your browser and device.

9.2 Managing Your Cookie Preferences

When you first visit our website, a cookie consent banner will appear. You may:

• Accept all cookies (including analytics and marketing)
• Reject non-essential cookies (only strictly necessary cookies will be set)
• Customise your preferences by category

You can change your preferences at any time by clicking the ‘Cookie Preferences’ link in our website footer. Please note that blocking certain cookies may impact your experience on our website.

You may also control cookies directly in your browser settings:

• Google Chrome: Settings > Privacy & Security > Cookies and other site data
• Mozilla Firefox: Options > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Manage Website Data
• Microsoft Edge: Settings > Cookies and Site Permissions

For more information about cookies and how to manage them, visit www.allaboutcookies.org or www.youronlinechoices.eu.

9.3 Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages. We do not control these cookies. Third parties include Google Analytics, Facebook, Google Ads, and our booking engine providers. Please refer to each provider’s privacy policy for more information.

9.4 Do Not Track

Some browsers include a ‘Do Not Track’ (DNT) feature. We currently do not respond to DNT signals, but you may opt out of analytics tracking via our cookie consent tool.

10. Children’s Privacy

Our website is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at reservations@wescotthotels.com and we will delete it without delay.

11. Links to Third-Party Websites

Our website may contain links to third-party websites (e.g., online travel agencies, local attraction pages). We are not responsible for the privacy practices of these websites and encourage you to read their privacy policies before providing any personal data.

12. Changes to This Policy

We reserve the right to update this Privacy & Cookie Policy at any time. When we make material changes, we will update the ‘Last Updated’ date at the top of this document and, where appropriate, notify you by email or a prominent notice on our website.

Your continued use of our website or services after any changes take effect constitutes acceptance of the updated policy.

13. Contact & Complaints

If you have any questions about this policy, wish to exercise your rights, or have a complaint about how we handle your personal data, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant Data Protection Authority in your country of residence. Within the EU/EEA, you may contact your national DPA. For UK residents, this is the Information Commissioner’s Office (ICO) at ico.org.uk.

© 2026 Wescott Hotels | All Rights Reserved

This document is effective as of 24 April 2026 and supersedes all previous versions.