We would like to thank you for visiting the website of Ramla Bay Resort at https://www.ramlabayresort.com (the “Website”), to which this Privacy Notice applies.

At Ramla Bay Resort we take the protection of personal data seriously and are committed to ensuring that your information is handled responsibly and transparently. This Privacy Notice outlines our practices regarding the collection, use, disclosure, storage, and transfer of personal information that you may provide when using our Website, interacting with our digital services, or staying at our property.

Ramla Bay Resort forms part of Holden Development Co. Ltd, which acts as the Data Controller for the purposes of applicable data protection legislation. Personal data may therefore be collected through our Website, through our digital platforms and concierge tools, including our automated guest assistant, or directly during your interaction with our property and services.

The use of the internet pages of Ramla Bay Resort may require the processing of certain personal data. In many cases it is possible to access the Website without providing personal information. However, if you wish to make use of certain services via our Website, related software applications, or guest communication platforms, the processing of personal data may become necessary. Where the processing of personal data is required and there is no statutory basis for such processing, we will obtain your consent where required by law.

In this Privacy Notice, the terms “You”, “Your”, “User”, and “Data Subject” refer to an identified or identifiable natural person who uses our Website or who receives, or may receive, services from Ramla Bay Resort.

This Privacy Notice provides general information on how and why we process your personal data through our Website, digital tools, and resort operations. If you have any questions regarding your privacy rights or how to exercise them, you may contact our Data Protection Officer using the contact details provided at the end of this Notice.

All personal data processing carried out by Ramla Bay Resort is conducted in accordance with applicable data protection laws, including:

The Data Protection Act (Chapter 586 of the Laws of Malta) and related subsidiary legislation; and
Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

These laws are collectively referred to in this Privacy Notice as the “Data Protection Laws.”

As these laws and our operational practices may evolve from time to time, this Privacy Notice may be updated accordingly. Users are therefore encouraged to review this Notice periodically before using our Website or submitting personal information.

Ramla Bay Resort
Last updated: March 2026

Personal information refers to any information that identifies or can identify an individual either directly or indirectly.

Examples include:

Name and surname
Email address
Telephone number
Postal address
Reservation information
Payment details
Passport or identification details where required by law
Guest preferences and service requests
IP address and device information
Website usage data

Personal data may be collected directly from you, through our website, through booking platforms, or during interactions with the resort.

Ramla Bay Resort processes personal data in order to provide hospitality services and operate the resort efficiently.

Personal data may be used for the following purposes:

Managing reservations and guest stays
Communicating with guests before, during, and after their stay
Processing payments and billing
Responding to enquiries and service requests
Improving services and guest experience
Ensuring safety and security within the resort
Complying with legal and regulatory obligations

We may also store guest preferences and past stay information in order to personalise services and improve the quality of future visits.

Ramla Bay Resort may use digital concierge tools and automated assistants, to assist with guest enquiries, provide information about the resort, and support guest services. Information provided during such interactions may be processed automatically to generate responses and improve service delivery.

Certain internal systems may analyse guest preferences or operational data to assist staff in delivering personalised hospitality services. Final decisions regarding guest service remain under the control of resort personnel.

Personal data is processed under the lawful bases defined by the GDPR.

Contractual necessity
To fulfil reservations and provide accommodation and hospitality services.

Legal obligation
To comply with Maltese legal obligations including financial, tourism, and public security requirements.

Legitimate interest
To operate the resort efficiently, maintain security, and improve guest experience.

Consent
Where guests have given permission, for example for marketing communications.

Guests may withdraw marketing consent at any time.

Our website uses cookies and similar technologies to improve functionality and analyse how visitors interact with the website.

Cookies may help us:

Understand website traffic
Improve website performance
Remember user preferences
Support marketing analytics

The use of cookies and similar technologies is governed by the Processing of Personal Data (Electronic Communications Sector) Regulations – Subsidiary Legislation 586.01 of the Laws of Malta.

Further information can be found in our Cookie Policy.

• Click here to view our Cookie Policy – to find out more about how our website works and how we can put you in control.

Ramla Bay Resort implements appropriate technical and organisational measures to protect personal data.

These measures include:

Secure IT infrastructure
Restricted system access
Encryption and secure communication protocols
Staff training in data protection
Secure payment processing systems

Personal data is stored within secure systems used for hotel operations and is accessible only to authorised personnel who require the information to perform their duties.

We will retain your information for no longer than is required by Data Protection Regulation and as the law permits; and intend to keep your data accurate and up to- date. At such time we will delete your data from our data base.

We may need in certain circumstances, to process your data or disclose your personal information in connection with the purposes held within this Privacy Notice, or as otherwise permitted by law. We have a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.

This may include us to disclose your information to our agents, consultants and sub-contractors who may assist us in our booking and reservation systems; and whom are subject to the appropriate technical, security and confidential measures to meet with our obligation as the Data Controller.

Some disclosures may involve transferring your personal data to a country outside of the European Union or the wider European Economic Area (EEA). The EEA is comprised of member states of the EU, and Norway, Iceland and Liechtenstein. In some cases, International transfers may be made to countries which do not have similar data protection laws to those of the EU. In those circumstances, we will only disclose your personal information:

• Where the recipient of the personal data has been accessed by the European Commission as ensuring an adequate level of protection of personal information
• With your explicit consent
• On the basis of an agreement, in the appropriate form approved by the European Commission ( or equivalent body)
• Where we remain in control of the information; or
• Where otherwise permitted under applicable law

We will make the appropriate steps to ensure safeguards are in place to protect your personal information, where disclosure of information requires an international transfer.

This Privacy Notice applies to our website and the personal information we collate when you visit our website. Our website has a number of links or references to other websites, other agencies and local organisations.

Therefore, it is important for you to be aware that upon linking to or visiting another website, you are no longer on our website. We do not control such websites and we are not responsible for their data practices. This Privacy Notice does not apply to such third party websites.

Should you provide us with personal information about members of your family, friends, dependants or other third parties i.e., for the purpose of making a reservation, it is your responsibility to inform them of their rights in connection with this notice with respect to such information.

It is not in our interests to collect personal data relating to a minor under the age of 16 years. Should it come to our attention that such data has been forwarded to us without the prior consent of the legal guardian/parent, the data will be immediately deleted. We are thereby reliant on the legal guardian/parent to provide us with the appropriate information.

We are led by our client-first principles and want to inform you of your personal data rights.

In relation to the General Data Protection Regulation (GDPR), you have the following rights to:

1) Right to be informed – you have the right to know what we are collecting and how we are collecting it.
2) Right of access – you have the right to know whether we are processing your personal data, and what we are processing. We will respond within one month of receiving your request.
3) Right to rectification – you have the right to have any incorrect personal data corrected or completed if it is incomplete.
4) Right to erasure – this right, often is referred to the right to be forgotten, allows us to erase personal data where there is no valid reason for us to keep it.
5) Right to restrict processing – you have a right to request us to restrict the processing of your personal data.
6) Right to object – you have the right to object to our processing your personal data based on legitimate interests, or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing including profiling; and for statistical purposes.

We are not legally bound to comply with an erasure request if your personal data is necessary:

• For us to comply with a legal obligation to which we are subject (including but not limited to our duty to retain an accurate database of our company records and our data retention periods in line with local laws and data retention regulations).
• For the company to exercise our rights in defence of legal claims

We will ask for your consent before we intend to use your data for marketing purposes and/or if we intend to disclose your information to any third party for marketing purposes.

Should you require further information or to exercise your rights, please contact our Data Protection Officer. Before we address any request you make with us, we will require you to verify your identity. Data Subject Access Requests will be dealt within one month from the receipt of request, in line with the GDPR.

Should you have a complaint please contact our Data Protection Officer who will on hand to deal with your query/complaint. We will reply to all legitimate requests as soon as possible, at the latest within one month of receipt of the request. With that said, for more complex requests it may take longer than one month. In such cases, we will notify you accordingly along with regular updates.

However, you can also raise any concerns or complaints about our processing of your data with the relevant Data Protection Regulatory body within your country. Should you wish to contact the Data Protection Commissioner in Malta, the details are available at: https://idpc.gov.mt/en/pages/home.aspx

We would appreciate the opportunity to resolve any issues you may have in the first instance; though your right to file a complaint remains unaffected.

Ramla Bay Resort is part of the Holden Development Company Ltd. Our address is Triq Ir-Ramla, Marfa, Mellieha. MLH 7100, Malta. Holden Development Company Ltd is the Data Controller responsible for processing

Your Personal Data on this site or in the manner, as explained in detail in this notice. Should you have any queries about privacy or would like to exercise any of your individual rights, please contact us on:

Data Protection Officer Telephone Number: +356 2281 2281
Email Address: dpo@ramlabayresort.com

This Privacy Notice is regularly reviewed and will be updated when necessary.

Any changes will be published on our Privacy Notice a https://www.ramlabayresort.com

This notice was last updated March 2026.