Privacy Policy

Last updated: April 7, 2026

This Privacy Policy describes how Excelsior Hospitality (“we,” “us,” or “our”) collects, uses, and shares information when you visit our website at https://excelsiorhospitality.com/. It also explains your privacy rights and how applicable law protects you.

By using the site, you agree to the practices described in this policy. If you do not agree, please discontinue use of the site.

1. Who We Are

Excelsior Hospitality is a restaurant consulting and operational management firm.

• Registered address: [ADDRESS — TO BE CONFIRMED]
• Contact form: https://excelsiorhospitality.com/#contact
• Privacy enquiries: privacy@excelsiorhospitality.com

2. What Data We Collect

a. Information You Provide

When you submit the contact form on our website, we collect:

• Full name
• Email address
• Phone number (optional)
• Message content

We do not operate user accounts, logins, or any member area. No account data is collected.

b. Data Collected Automatically

When you visit the site, the following technical data is collected automatically:

• IP address (anonymised — see Section 4)
• Browser type and version
• Device type and operating system
• Pages visited and time spent on each page
• Referring URL
• Date and time of visit

This data is collected via cookies and tracking scripts described in Section 4.

3. How We Use Your Data

We use the information we collect for the following purposes:

• To respond to enquiries submitted via our contact form
• To understand how our website is used and improve its performance
• To monitor website security and diagnose technical issues
• To comply with legal obligations

We do not use your data for automated decision-making or profiling.

4. Cookies & Tracking Technologies

What Are Cookies

Cookies are small text files placed on your device by a website. We use cookies and similar technologies to operate the site and understand how it is used.

Google Analytics

We use Google Analytics to collect anonymised data about how visitors use our website. Google Analytics sets the following cookies:

• _ga — distinguishes unique users. Expires after 2 years.
• _gid — distinguishes unique users. Expires after 24 hours.
• _gat — throttles request rate. Expires after 1 minute.

The data collected includes pages visited, session duration, approximate location (country/city level), browser and device type. We do not enable advertising features, remarketing, or user ID tracking in Google Analytics.

IP anonymisation is enabled — your full IP address is never stored by Google Analytics. For more information, see Google’s Privacy Policy. You can opt out using the Google Analytics Opt-out Browser Add-on.

Google Tag Manager

We use Google Tag Manager (GTM) to manage and deploy tracking scripts on our website. GTM itself does not collect personal data — it acts as a container that loads other tags (such as Google Analytics).

For more information, see Google Tag Manager’s Privacy Information.

Cookie Categories

• Strictly Necessary: Required for the site to function. No consent required.
• Analytics (Non-Essential): Google Analytics cookies (_ga, _gid, _gat). Used to understand visitor behaviour. Where required by law, these are only set with your consent.

We do not use advertising, retargeting, or social media cookies.

Managing Cookies

You can control or disable cookies at any time through your browser settings. Disabling analytics cookies will not affect your ability to use the site. Browser guidance:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

5. Legal Basis for Processing

Where applicable (e.g. for visitors from the European Economic Area or UK), we process personal data under the following legal bases:

• Legitimate interests: Website analytics and security monitoring.
• Consent: Non-essential cookies (e.g. Google Analytics) where required by applicable law.
• Contract performance: Processing contact form submissions to respond to your enquiry.
• Legal obligation: Retaining records where required by law.

6. Data Sharing & Third-Party Processors

We do not sell your personal data. We share data only with the following trusted service providers who process data on our behalf:

• Google LLC (Google Analytics & Tag Manager): Website analytics and tag management. Data may be processed in the United States. Google is certified under the EU-U.S. Data Privacy Framework.
• DigitalOcean LLC: Website hosting and infrastructure. See DigitalOcean’s Privacy Policy.
• WPForms / Awesome Motive: Contact form processing on our WordPress installation.

All third-party processors are required to maintain appropriate security standards and to process data only in accordance with our instructions.

7. International Data Transfers

Some of our service providers (including Google and DigitalOcean) are based in the United States. Where personal data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, including reliance on Standard Contractual Clauses or participation in approved data transfer frameworks.

8. Data Retention

• Contact form submissions: Up to 24 months from the date of your enquiry, or longer if a business relationship develops.
• Google Analytics data: Up to 26 months (Google’s default retention, applied to aggregated/anonymised data).
• Server logs: Up to 30 days for security and troubleshooting purposes.

When retention periods expire, data is securely deleted or anonymised.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data where there is no lawful reason to retain it.
• Restriction: Request that we limit how we use your data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is consent-based (e.g. analytics cookies), you may withdraw at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@excelsiorhospitality.com. We will respond within 30 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information.

10. Children’s Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

11. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our website is served over HTTPS/TLS encryption. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

12. Links to Third-Party Websites

Our website contains links to third-party websites (such as our partner restaurant sites). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before submitting any personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy, please contact us:

• Email: privacy@excelsiorhospitality.com
• Contact form: https://excelsiorhospitality.com/#contact
• Postal address: [ADDRESS — TO BE CONFIRMED]