LIME HOTELS & RESORTS INC.
MASTER PRIVACY NOTICE
Effective Date: June 2026
Last Updated: June 2026
Version: 1.0
INTRODUCTION
Lime Hotels & Resorts Inc. (“Lime”, “the Company”, “we”, “our”, or “us”) respects and protects your right to privacy. We are committed to safeguarding personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, its Implementing Rules and Regulations, National Privacy Commission (NPC) Circulars, Advisory Opinions, and other applicable laws and regulations.
This Privacy Notice explains how Lime Hotels & Resorts collects, uses, stores, shares, retains, protects, and disposes of personal data.
PERSONAL DATA WE COLLECT
We may collect and process personal data relating to:
Guests
• Full Name
• Contact Information
• Address
• Email Address
• Reservation Information
• Billing Information
• Payment Information
• Government-Issued Identification
• Guest Preferences
Employees and Applicants
• Personal Information
• Employment Information
• Payroll Information
• Government Identification Numbers
• Benefits Information
• Timekeeping Information
• Recruitment Information
Suppliers, Contractors, and Business Partners
• Contact Information
• Company Information
• Financial Information
• Tax Information
Visitors
• Visitor Log Information
• CCTV Footage
Patients and Medical Assistance Records
• Name
• Contact Information
• Medical Findings
• Medication Information
• Treatment Records
• Incident Reports
MANNER OF COLLECTION OF PERSONAL DATA
Personal data may be collected through:
• Reservation forms
• Guest registration cards
• Front Office transactions
• Online booking systems
• Hotel websites
• Email communications
• Employment applications
• Recruitment processes
• Payroll transactions
• Timekeeping systems
• Vendor accreditation forms
• Procurement transactions
• Visitor logbooks
• CCTV systems
• Google Forms
• Google Sheets
• QR Code forms
• Medical consultation records
• Customer service interactions
PURPOSE OF PROCESSING
Personal data is processed for legitimate business purposes including:
Guest Services
• Reservations
• Registration
• Accommodation services
• Billing and payment processing
• Customer support
Human Resources
• Recruitment
• Employment administration
• Payroll processing
• Benefits administration
• Timekeeping administration
Procurement and Finance
• Vendor management
• Contract administration
• Financial transactions
• Accounting and audit requirements
Security and Safety
• Visitor management
• CCTV monitoring
• Incident investigations
• Emergency response
Marketing and Communications
• Promotions
• Customer engagement
• Service improvement initiatives
Legal and Regulatory Compliance
• Government reporting
• Tax compliance
• Regulatory requirements
• Law enforcement requests
LEGAL BASIS FOR PROCESSING
Personal data may be processed based on one or more of the following lawful bases:
• Consent
• Contract
• Legal Obligation
• Vital Interests
• Legitimate Interests
STORAGE OF PERSONAL DATA
Personal data may be stored in:
• Company information systems
• Hotel management systems
• Payroll systems
• Accounting systems
• Human resource systems
• Email systems
• Physical filing systems
• Warehouse archives
• Cloud-based services approved by the Company
Personal data is protected through appropriate organizational, physical, and technical security measures.
AUTHORIZED ACCESS TO PERSONAL DATA
Access to personal data is restricted to authorized personnel with a legitimate business need.
Security controls may include:
• User account management
• Password controls
• Multi-factor authentication
• Access restrictions
• Audit logs
• CCTV monitoring
• Physical access controls
• Confidentiality agreements
• Security awareness training
DATA SHARING
Personal data may be shared with:
• Government agencies
• Regulatory authorities
• Law enforcement agencies
• Insurance providers
• Auditors
• Legal advisors
• Technology providers
• Service providers
• Business partners
Data sharing shall only occur when supported by a lawful basis and appropriate safeguards.
CROSS-BORDER PROCESSING
Certain cloud-based systems and technology providers used by the Company may process or store personal data outside the Philippines.
The Company shall implement appropriate contractual, organizational, physical, technical, and legal safeguards before any cross-border transfer of personal data.
RETENTION OF PERSONAL DATA
Employee Records
Employee 201 files and other hardcopy employment records shall be retained during employment and for five (5) years following separation from employment.
Operational Hardcopy Records
Guest records, procurement records, contracts, vendor records, and other operational hardcopy records shall be retained:
- Five (5) years onsite
• Archived thereafter
• Up to ten (10) years total retention unless otherwise required by law
Electronic Records
Electronic records maintained in Company systems may be retained in archived status beyond hardcopy retention periods for legal, regulatory, audit, business continuity, historical reference, and operational purposes.
CCTV Recordings
CCTV recordings shall be retained in accordance with the Company’s CCTV Policy.
SECURE DISPOSAL OF PERSONAL DATA
Upon expiration of the applicable retention period, personal data shall be securely disposed of.
Physical Records
• Cross-cut shredding
• Pulping
• Secure destruction
Electronic Records
• Secure deletion
• Media wiping
• Cryptographic erasure
• Physical destruction of storage media
All disposal activities shall be documented where applicable.
RISKS INVOLVED IN PROCESSING
While the Company implements appropriate safeguards, risks associated with personal data processing may include:
• Unauthorized access
• Unauthorized disclosure
• Data breaches
• Human error
• Cybersecurity threats
• Malware attacks
• System failures
• Data loss
The Company continuously reviews and improves its security controls to minimize these risks.
RIGHTS OF DATA SUBJECTS
Under the Data Privacy Act of 2012, you have the right to:
• Right to Information
• Right to Access
• Right to Object
• Right to Rectification
• Right to Erasure or Blocking
• Right to Data Portability
• Right to Damages
• Right to File a Complaint with the National Privacy Commission
CONTACT INFORMATION
Data Protection Officer
Email:
dpo@lime.ph / dpo@limehotelsandresorts.com
Telephone:
(02) 824-752-34 Local 7801 / +63 992 819 5828
Office Address: Lime Resort Manila, Atang Dela Rama Street, Seascape Village, CCP Complex, Pasay City
CHANGES TO THIS PRIVACY NOTICE
Lime Hotels & Resorts reserves the right to update or amend this Privacy Notice as necessary to reflect changes in laws, regulations, business operations, technologies, or privacy practices.
The most current version shall be made available through the Company’s official channels.
EFFECTIVITY
This Privacy Notice shall take effect immediately upon publication and shall remain in force until amended or replaced.
Lime Resort Manila
Atang Dela Rama St, Seascape Village, Pasay City
(63) 970 111 1117 / (63) 970 111 1119
Lime Resort El Nido
Sitio Lugadia, Brgy, Barangay Corong Corong, El Nido, Palawan
(63) 9686885364 / (63) 9674092462
Lime Hotel Boracay
Main Road, Station 2 Boracay Island Malay, Aklan
(036) 288-1050 / (63) 917 125 6144
Copyright © 2026 Lime Hotels & Resorts. All Rights Reserved
Wonderful Theme