1. Data protection: We are committed to protect our guests’ privacy and we will not collect any personal information unless you provide it voluntarily. Any personal information you communicate to us is in accordance with the General Data Protection Regulation and our data protection policy. Click here to view our full data protection policy.

2. General Data Protection Regulation (EU regulation 2016/679): The general data protection regulation (GDPR) came into effect in May 2018. You may view the full regulation via this link.

3. Contact Us form: When you fill in the ‘Contact Us’ form, the personal information submitted will only be used to respond to your message. This personal information will not be kept longer than necessary and will be deleted once the requirement is met.

4. Cookies: A ‘cookie’ is a small piece of data sent from a website and stored in the user’s web browser while the user is browsing. Cookies used in our website may record the user browser’s activity. They may be used as a tool to analyse how users make use of our website. Cookies may also be used to improve functionality by recording registration and logging details as well as setting preferences. These cookies do not identify individuals and are only used for statistical purposes. Most browsers are initially set to accept cookies, however, you may set your browser to refuse them. Given that we may sometimes use cookies, should you set your browser to refuse them you may not be able to exploit our website to the full.

5. Links to other websites: In order to provide you with the best experience of our island, our site may contain a number of links to other local and international sites. It is important for you to note that upon clicking on the link to another site, you are no longer on our website and you will become subject to the privacy policy of the third party’s site.

6. Changes to this privacy policy: If there are any changes to this privacy policy we will replace it with an updated version. It is therefore in your own interest to check the privacy policy page anytime you access our website so as to be aware of any updates that may take place from time to time.


1. Introduction: This data protection policy explains when and why ‘The Hidden Gem – Boutique Hotel’ (referred to as ‘us’ or ‘we’), may collect personal data and information, how we use it, the conditions under which we may disclose it to others and how we keep it secure. ‘Service/s’ refers to your stay with us and any other service that we may provide.

2. Who we are: ‘The Hidden Gem’ is licensed to conduct hospitality and related services by the Malta Tourism Authority (MTA). Our address is: The Hidden Gem, 2, Sqaq Nru 1, Triq Ir-Rebha, Rabat RBT1510, Malta. Telephone Number: +356 21456556. E-mail: thehiddengem.malta@gmail.com. Website: www.thehiddengemmalta.com

3. Information that we may collect about our guests: We may collect personal data about our guests for the purpose of providing the service/s and for any other reason that may be required. The term ‘personal data’ refers to all personally identifiable information about you. Your personal information will be used for the purpose for which you have provided it and in accordance with the GDPR.

4. Purpose of collecting personal data: The purpose of collecting personal data is necessary for: a. the conduct of the required services and; b. may be used to improve your stay with us; c. to ensure safety and security, including but not limited to safety on our premises and may include CCTV footage, telephone calls and in the case of exercise or defence of claims. Our legitimate interests shall be exercised in a proportionate manner taking into account your legitimate expectations to privacy, to monitor, intercept, review and access any communications and activities carried through our equipment or premises in accordance with the law which you have acknowledged to have read. Communications and activities carried through our equipment or premises cannot be presumed to be private.

5. Access to information: Access to your personal information is restricted to: a. our employees, b. our affiliates, c. our third party service providers, agents, delegates, sub-contractors and / or any other party which may be engaged or used by us. Any selected individuals with access to your personal data shall be subject to the same restrictions under this data protection policy. In order to provide you with a better service, we may require to share your personal data with organisations which are located outside the European Union. We will however transfer personal information to a country or territory outside the European Union if that country provides an adequate level of protection for personal information in accordance with the applicable privacy laws and / or any other applicable legislation.

6. Duration of retention of personal data: The length of time we hold your personal data may vary and depends on a number of factors such as but not limited to: a. the length of time between your booking and your stay; b. your length of stay with us; c. any legality that may arise. Should your personal information be no longer required, this will be deleted. This means that all your possible identifying characteristics will be erased. We also ensure that your personal information is not retained longer than is necessary.

7. Security: We do our utmost to adhere to sufficient technical and organisational security measures to protect your personal data against unauthorised, accidental or unlawful destruction or loss, damage, alteration, unauthorised disclosure or access or otherwise processed personal data. The security measures in this clause are intended to protect your personal data in accordance with any privacy and data protection laws.

8. Marketing: We will conduct marketing to your goodself unless otherwise advised, whereby we may contact you (through various media) to keep you informed about the latest events are / or offers related to our services. We may also inform you about other services supplied by our affiliates, agents and other third parties. You may cancel your consent to the processing of your personal information as specified above at any time by completing the ‘Contact Us’ form.

9. Complaints: If you have a complaint about the use of your personal information, please let us know immediately. We kindly ask you to give us the opportunity to put things right as quickly as possible. Should you wish to lodge a complaint, you may do so in person, by telephone, in writing, by email or by completing the ‘Contact Us’ form. We recommend that you provide us with as much detail as possible so as to enable us to deal with your query promptly and efficiently. Should you still be unsatisfied by our reply, you are entitled to contact the Office of the Information and Data Protection Commissioner which is located at: Level 2, Airways House, High Street, Sliema SLM1549, Malta. Telephone: +356 23287100. E-mail: idpc.info@idpc.org.mt

10. Changes to our data protection policy: From time to time, we may make changes to this data protection policy. You can find the most recent version on our website www.thehiddengemmalta.com