Who we are?
Throughout this privacy statement, references to “we”, “us”, “our” and “ours” refer to Club Vitae and Dalata Hotel Group plc.
Club Vitae refers to the fitness group comprising 11 clubs located within Clayton Hotels and Maldron Hotels across Ireland.
Dalata Hotel Group plc is the hotel operator of Clayton Hotels, Maldron Hotels, Club Vitae, and several other brands. Further information is available on our website. Dalata Hotel Group plc is registered in Ireland with company number 534888 and has its registered office at Termini, 3 Arkle Road, Sandyford Business Park, 4th Floor, Burton Court, Burton Hall Drive, Sandyford, Dublin 18, Ireland.
General Statement
We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identifiable as such.
This Privacy Notice outlines how we protect and manage your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Data Protection Acts 2018 (Ireland).
Please also read our Cookie Policy, which explains how we use cookies, and our Terms and Conditions, which provide further details about our products and services.
By using any of our products or services and/or by agreeing to this Privacy Notice (for example, when registering for a service), you acknowledge and understand that we will collect and use personal information as described in this notice.
Where legitimate interest is relied upon as the legal basis, a Legitimate Interests Assessment (LIA) is carried out and maintained on file to ensure that the processing is necessary, proportionate, and that individuals’ rights and freedoms are fully respected.
If you have any questions about how your information is gathered, stored, shared, or used, please contact us at dataprotection@dalatahotelgroup.com
You have a number of rights in relation to your personal data, including the right to object to processing for direct marketing purposes or where our legal basis is legitimate interests.
To help us keep your personal information accurate and up to date, please notify us of any changes to your contact details.
As this Privacy Notice may be updated from time to time, we encourage you to review this page regularly.
What Information Do We Collect?
We collect and process the following categories of personal data, depending on your relationship with us:
- Contact & Booking Details: name, address, email, phone, reservation details.
- Payment Data: card details, billing records, non-present payment information (processed securely under PSD2/SCA).
- Facilities & Services Data: spa, leisure and gym bookings (including relevant health information).
- Communications Data: enquiries, guest messages, pre-stay upsell offers, feedback and surveys.
- Security Data: CCTV footage in public areas.
- Claims & Incident Data: accident, insurance or emergency response information.
Sensitive Personal Information/Health Information
Under the General Data Protection Regulation (GDPR), certain types of personal data are classified as special categories of personal data due to their sensitive nature. These include information relating to your physical or mental health, racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, genetic or biometric data (used for identification), and trade union membership.
In general, we do not collect special category data through our website unless you voluntarily provide it. However, health information may be collected by a member of our team. This is used solely to assess your fitness to exercise and to ensure safe use of our facilities.
We process this data with your explicit consent, and it is handled in accordance with our data protection policies and procedures. If you have any questions about how this information is used, please contact our Data Protection Team at dataprotection@dalatahotelgroup.com.
Children’s Personal Information
We may collect personal information relating to children solely for the purpose of facilitating activities within our Club Vitae facilities. In accordance with the General Data Protection Regulation (GDPR), we do not knowingly collect children’s personal data without the explicit consent of a parent or legal guardian.
Any personal data collected from or about children is handled with the highest standards of care and confidentiality, and only used for the specific purposes for which it was provided. We ensure that appropriate safeguards are in place to protect children’s data, and we do not use it for marketing, profiling, or any unrelated purposes.
If you have any questions about how children’s data is processed, please contact our Data Protection Team at dataprotection@dalatahotelgroup.com.
Personal Data You Provide About Others
If you provide personal information about another individual—for example, when purchasing a Club Vitae membership on their behalf—you must ensure that you have their permission to do so.
It is your responsibility to confirm that the individual is aware their personal data has been shared with us and that they have accepted the terms of this Privacy Statement. This includes understanding how their personal data will be used, stored, and protected in accordance with applicable data protection laws.
We process such data on the basis that you have obtained the necessary consent or have another lawful basis to share the information. If you have any questions about this, please contact our Data Protection Team at dataprotection@dalatahotelgroup.com.
How We Use Your Information
We process your information for a range of purposes that enable us to provide our services, comply with legal obligations, and improve your experience. These purposes fall into the categories set out below.
| Purpose Category |
Examples |
Legal Basis |
Retention |
| Gym Membership, Facilities & Services |
Spa and gym bookings, leisure services (including health data) |
Performance of contract / explicit consent (health) |
Booking/membership + up to 2 years |
| Payments & Financial Administration |
Collecting guest payments (including non-present payments), agent commissions, gift voucher sales |
Performance of contract / legal obligation |
Transaction + up to 7 years |
| Guest Communication & Marketing |
Handling enquiries, in-stay messaging, pre-stay upsell emails, customer feedback surveys |
Legitimate interest / consent (where required) |
Enquiry resolved + up to 3 years (marketing data) |
| CCTV Monitoring |
Operating CCTV in hotel premises to protect guests, staff, and property (with signage displayed in monitored areas) |
Legitimate interest / legal obligation |
Typically 30 days, unless extended for investigation, legal, or insurance purposes |
| Security & Compliance |
Fraud prevention, insurance claims, legal and regulatory obligations, emergency incident response |
Legitimate interest / legal obligation / vital interests |
7 years (claims/audit) / longer if required |
| Membership Administration |
Creating and managing member accounts, processing class and facility bookings, managing renewals and cancellations |
Performance of Contract |
Membership + 2 years |
| Health Screening |
Collecting and reviewing fitness/medical data to ensure safe participation in activities |
Explicit Consent |
Membership + 2 years |
| Guest Facility Use |
Temporary access for hotel guests, health declarations |
Legitimate Interest |
60 days |
| Direct Debit Management |
Managing membership payments and refund claims |
Performance of Contract / Legal Obligation |
13 months after leaving |
| CCTV Monitoring |
Protecting guests, staff, and property |
Legitimate Interest / Legal Obligation |
Typically 30 days |
Direct Marketing
We may use your contact details to send you marketing communications about our services, in accordance with applicable law, including the Privacy and Electronic Communications Regulations. This may include regular email newsletters and, where appropriate, occasional contact by phone or SMS, based on the information you have provided. We will only send you marketing communications if you have opted in when completing the membership form on our digital system.
Please note: We may also send you important service updates, such as temporary gym closures or changes to opening hours. These are operational notices, not marketing communications, and do not require your consent.
Newsletter Subscription
If you choose to sign up for our newsletter using the subscription form, we will add your email address to our mailing list. You will then receive regular newsletters containing updates and offers by email.
Promotional Activities
When you take part in promotional activities (such as competitions at trade shows or on our social media channels), we will collect your contact details to administer these promotions. If you provide your consent (opt-in), we will also use your details to send you news and offers related to our products and services. You will only be added to our marketing database if you have given explicit permission via the relevant opt-in form.
Your Rights
You can withdraw your consent and opt out of marketing communications at any time by:
- Clicking the unsubscribe link in any email
- Texting STOP as instructed in an SMS
Contacting our marketing team at dataprotection@dalatahotelgroup.com
Sharing Your Information
We may share your information with:
- Booking partners, payment processors, and voucher providers.
- Service providers supporting IT systems, customer data platforms, CRM (such as Salesforce), and guest messaging tools.
- Insurers, auditors, regulators, or authorities where legally required.
- Third-party contractors providing spa, gym, or other leisure services.
International Transfers
Some of our service providers are located outside the European Economic Area (EEA), including technology and CRM partners. Where personal data is transferred internationally, we ensure it is protected by appropriate safeguards such as:
- European Commission adequacy decisions (where applicable).
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Other recognised safeguards required by law.
You may request further details of the safeguards in place by contacting us.
Automated Decision-Making & Profiling
We may use limited automated processing to analyse booking patterns, optimise room rates, and provide pre-stay offers tailored to your interests. These activities help us deliver relevant services and improve your experience but do not produce legal or similarly significant effects.
Use of Artificial Intelligence (AI)
We may use artificial intelligence (AI) tools to support certain activities, such as analysing booking trends, assisting customer service, or improving operational efficiency. If AI is used, we will ensure that it is applied responsibly, with appropriate human oversight, and in full compliance with all applicable data protection legislation, We will not use AI in a way that produces legal or similarly significant effects without informing you and ensuring that your rights are respected.
Cookies
We use cookies and similar technologies on our websites to improve functionality, enhance your browsing experience, and tailor services to your preferences. Some cookies are essential for the site to operate, while others support analytics and marketing. For full details and to manage your preferences, please see our separate Cookie Policy.
Data Security & Retention
We apply technical and organisational measures to safeguard your personal information, including encryption, access restrictions, staff training, and monitoring. Retention periods are defined in accordance with the Leisure Centre Record Retention Policy and are aligned with statutory and operational requirements.
Your Rights
Under data protection law, including the General Data Protection Regulation (GDPR), the Data Protection Act 2018 you have the following rights:
- Access: to request a copy of the personal data we hold about you.
- Rectification: to have inaccurate or incomplete information corrected.
- Erasure: to request deletion of your information, subject to legal or contractual requirements.
- Restriction: to limit the way we process your information in certain circumstances.
- Objection: to object to certain types of processing, including direct marketing, profiling, and automated decision-making.
- Not to be subject to automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. Where automated decisions are made, you may request human review, express your views, and contest the decision.
- Portability: to request transfer of your data to another service provider, where technically feasible.
- Withdraw Consent: to withdraw consent at any time where processing is based on consent.
Contact Us
For any questions or to exercise your rights, please contact:
Data Protection Team – Dalata Hotel Group plc
3 Arkle Road, Sandyford Business Park, Dublin 18, D18 C9C5, Ireland
Email: dataprotection@dalatahotelgroup.com
We are committed to maintaining the highest standards of privacy and data protection. If you have any questions, concerns, or requests regarding your personal data or this privacy notice, please contact our Data Protection Team at dataprotection@dalatahotelgroup.com.
In the unlikely event that you wish to lodge a complaint about our handling of your data or request you can complain to The Data Protection Commissioner in Ireland or to the Supervisory Authority in your country of residence.
We regularly review and update our privacy practices to ensure ongoing compliance with applicable laws and to reflect changes in our business operations. Thank you for trusting Dalata Hotel Group with your personal information.
