0 Book Now

Privacy Policy

Last updated: 16 April 2026

Number Nine Hotel Limited ("Number Nine", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, share and protect your information when you book or stay with us, visit our website, or contact us, and describes the rights you have under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

1. Who we are

Number Nine Hotel Limited is the data controller for the personal data we collect. You can contact us at:

2. Personal data we collect

We collect the following categories of personal data:

  • Identity and contact data — name, date of birth, nationality, passport or identification document type and number, email address, phone number and postal address.
  • Booking data — dates of stay, property booked, number of guests, special requests, guest roster and signed rental agreements.
  • Payment data — the last four digits of the card used, the card brand, and a secure payment token. We never store full card numbers or CVV codes; these are handled by our payment processors.
  • Identification documents — a scan or photograph of the primary guest's passport or ID, required under Irish accommodation legislation.
  • Signature and verification data — an electronic signature image together with the date, time and IP address at which the rental agreement was accepted.
  • Communications data — emails, chat messages and any other correspondence you send us through the guest portal or directly.
  • Technical data — IP address, browser type, device information, cookie identifiers and pages visited, as described in the Cookies section below.

3. How we use your data and our legal basis

We only process personal data where we have a lawful basis under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)) — to take a reservation, check you in, manage your stay, take payment and respond to requests relating to your booking.
  • Legal obligation (Art. 6(1)(c)) — to collect and retain guest identification records under Irish accommodation law, and to keep financial records required by tax and accounting legislation.
  • Legitimate interests (Art. 6(1)(f)) — to secure our website and premises, prevent fraud, improve our services, and keep records of correspondence. Where we rely on legitimate interests we balance them against your rights and you may object at any time.
  • Consent (Art. 6(1)(a)) — for optional communications such as marketing emails. Consent can be withdrawn at any time without affecting the lawfulness of prior processing.

4. Who we share your data with

We share personal data only with trusted service providers who process data on our behalf under a written agreement, and only to the extent necessary. These include:

  • Our website and booking platform providers (WordPress hosting and VikBooking).
  • Our payment processors (for example Revolut and Stripe) — these providers are separate controllers in respect of your payment data.
  • Our email delivery provider, for transactional emails relating to your booking.
  • Our accountants and tax advisors, where necessary to meet statutory obligations.
  • Public authorities where we are legally required to disclose information (for example An Garda Síochána, the Revenue Commissioners, or the courts).

We do not sell your personal data. We do not share it with third parties for their own marketing purposes.

5. International transfers

Some of our service providers are based outside the European Economic Area (EEA). When personal data is transferred outside the EEA we rely on appropriate safeguards recognised under GDPR, such as the European Commission's Standard Contractual Clauses or an adequacy decision, to ensure your data receives an equivalent level of protection.

6. How long we keep your data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting or reporting requirements.

  • Booking and guest identification records: retained for the period required by Irish accommodation and tax legislation (typically up to seven years after the end of the stay).
  • Signed rental agreements and signature verification data: retained for the duration of any potential limitation period for contractual claims (six years in Ireland).
  • Marketing preferences: retained until you withdraw consent or request erasure.
  • Website analytics and cookie data: retained for no longer than 13 months.

When personal data is no longer needed we either delete it or anonymise it.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you and request a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") where there is no overriding legal basis for us to keep it.
  • Restrict or object to processing in certain circumstances.
  • Data portability — receive the data you provided in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) if you believe your rights have been breached.

To exercise any of these rights please contact us at [email protected]. We will respond within one month.

8. Is providing personal data a requirement?

Providing your identity, contact and payment information is a contractual and, in the case of identification documents, a legal requirement in order to complete a booking and lawfully accommodate you. If you do not provide this information we will not be able to confirm your reservation or check you in.

9. Automated decision-making

We do not carry out automated decision-making, including profiling, that produces legal or similarly significant effects on you.

10. Security

We use technical and organisational measures appropriate to the risk, including encrypted connections (HTTPS), access controls, pseudonymisation of payment data, and regular backups. No system can be guaranteed 100% secure; if a personal data breach occurs we will notify the Data Protection Commission and, where required, affected individuals within the timeframes set by GDPR.

11. Cookies

Our website uses a small number of cookies that are strictly necessary for the site to function (for example session cookies used to keep you signed in or to hold a booking in progress). These do not require consent. Any non-essential cookies (such as analytics) are set only where you have given consent through our cookie banner. You can change your cookie preferences at any time in your browser settings.

12. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children under that age without parental consent. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Where changes are material we will notify you by email or through a prominent notice on the website before the changes take effect.

14. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected].

New message
NUMBER NINE