GDPR Compliance

GDPR Compliance

Our commitment to data protection and privacy

Last updated: March 2026

Our Commitment to GDPR

Bliss Blessings Hotels is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This page outlines how we comply with GDPR requirements when processing data of European Economic Area (EEA) residents.

Data Controller

Bliss Blessings Hotels acts as the data controller for personal information collected through our website and services. For data protection enquiries, contact us at info@blissblessingshotels.com.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: Processing necessary to fulfil booking reservations and provide our hospitality services.
  • Legitimate Interest: Improving our services, website analytics, and fraud prevention.
  • Consent: Marketing communications, newsletters, and non-essential cookies.
  • Legal Obligation: Compliance with tax, accounting, and regulatory requirements.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Right to Restrict Processing: Request limitation of how we process your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Data Transfers

As our operations are based in Sri Lanka, personal data of EEA residents may be transferred outside the EEA. We ensure appropriate safeguards are in place, including contractual clauses and security measures, to protect your data during such transfers.

Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected. Booking data is retained for a minimum of 5 years for legal and accounting purposes. Marketing consent records are retained until consent is withdrawn.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and communicate the breach to affected individuals without undue delay.

Cookies & Tracking

We use cookies in accordance with GDPR requirements. Non-essential cookies are only placed with your explicit consent. You may manage your cookie preferences at any time through your browser settings.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at info@blissblessingshotels.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

WhatsApp