Privacy Policy

1. General Information

1.1 Objective and Responsibility

  1. This privacy policy informs you about the nature, scope and purpose of the processing of personal data in relation to our online offer https://www.lumimalta.com/ and the associated websites, functions and content (hereinafter collectively referred to as ‘online offer’ or ‘website’). Details on these processing activities can be found in section 2.
  2. Details of data processing for the purpose of carrying out our business processes are described in section 3.
  3. Eden Hospitality Ltd. (St. George’s Bay, St. Julian’s, STJ 3310, Malta) - hereinafter referred to as ‘we’ or ‘us’ - is the provider of the online offer and responsible for data protection.
  4. Questions regarding this privacy policy and questions regarding data protection can be directed to, among others, malta.marketing@ihg.com.
  5. The term ‘user’ encompasses all customers, interested people, employees and visitors of our online service.

1.2 Legal Bases

In general, we collect and process personal data based on the following legal grounds:

  1. Consent in accordance with article 6 paragraph 1 lit. a General Data Protection Regulation (GDPR). Consent meaning any freely given, specific, informed and unambiguous indication of agreement, which could be in the form of a statement or any other unambiguous confirmatory act, given by the data’s subject consenting to the processing of personal data relating to him or her.
  2. Necessity for the performance of a contract or in order to take steps prior to entering into a contract according to article 6 paragraph 1 lit. b GDPR, meaning the data is required in order for us to fulfil our contractual obligations towards you or to prepare the conclusion of a contract with you.
  3. Processing to fulfil a legal obligation in accordance with article 6 paragraph 1 lit. c GDPR, meaning that e.g. the processing of data is required by law or other provisions.
  4. Processing for the purposes of legitimate interests in accordance with article 6 paragraph 1 lit. f GDPR, meaning that the processing is necessary to protect legitimate interests pursued by us or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

The specific legal bases for the individual processing operations are listed in the following sections.

1.3 Data Subject Rights

You have the following rights with regards to the processing of your data through us:

  1. The right to lodge a complaint with a supervisory authority in accordance with article 13 paragraph 2 lit. d GDPR and article 14 paragraph 2 lit. e GDPR.
  2. Right of access in accordance with article 15 GDPR
  3. Right to rectification in accordance with article 16 GDPR
  4. Right to erasure (‘right to be forgotten’) in accordance with article 17 GDPR
  5. Right to restriction of processing in accordance with article 18 GDPR
  6. Right to data portability in accordance with article 20 GDPR
  7. Right to objection in accordance with article 21 GDPR

    Notice: Users may object to the processing of their personal data in accordance with legal allowances at any time with effect for the future. The objection may in particular be made against processing for the purposes of direct marketing.

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

1.4 Data Erasure and Duration of Storage

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of data beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of data also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of data is required for the conclusion of a contract or the fulfilment of contractual obligations.

1.5 Security of Processing

  1. We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.
  2. These security measures include in particular the encrypted transfer of data between your browser and our server.

1.6 Transfer of Data to Third Parties, Subcontractors and Third Party Providers

  1. A transfer of personal data to third parties only occurs within the framework of legal requirements. We only disclose personal data of users to third parties, if this is required e.g. for billing purposes or other purposes, if the disclosure is necessary to ensure the fulfilment of contractual obligations towards the users.
  2. If we engage subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.
  3. If we use content, tools or other means from other companies (hereinafter collectively referred to as ‘third party providers’) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs. The transfer of personal data to third countries takes place exclusively only, if an adequate level of data protection, the user’s consent or another legal permission is present.

2. Concrete Data Processing

2.1 Collection of information for the use of the online offer

  1. When using the online offer, information is automatically transmitted to us by the user's browser; this includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
  2. The processing of this information is based on legitimate interests pursuant to Article 6 (1) (f) GDPR (e.g. optimization of the online offer) and to ensure the security of the processing pursuant to Article 5 (1) (f) GDPR (e.g. for the defense and reconnaissance of cyberattacks).
  3. The information is automatically deleted latest 4 weeks after the end of the connection - i.e. use of the online offer - unless otherwise required by retention periods.
  4. The collection of data and the storage of data in log files is absolutely necessary for the provision of the online offer. Therefore, there is no deletion, objection or correction option on the part of the user.

2.2 Adobe Fonts

  1. We integrate the fonts ("Typekit fonts") of the provider Adobe, whereby the users' data is used solely for the purpose of displaying the fonts in the users' browser.
  2. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform display and taking into account possible licensing restrictions for their integration
  3. Service provider: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland
  4. Legal basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR)
  5. Privacy policy: https://www.adobe.com/de/privacy.html
  6. Data Privacy Framework (DPF): https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNo9AAG&status=Active.tbd

2.3 Webflow

  1. We host our website with Webflow. The provider is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as Webflow). When you visit our website, Webflow collects various log files including your IP addresses.
  2. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the presentation of the page, for the provision of certain website functions and for ensuring security (necessary cookies).
  3. For details, please refer to Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy.
  4. The use of Webflow is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TDDDG. The consent can be revoked at any time.
  5. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy.
  6. We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

2.4 Amazon CloudFront CDN

  1. We use the Cloudfront content delivery network (CDN). The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon"). Amazon will act as a subcontractor of Webflow.
  2. Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed via the Content Delivery Network. This allows us to increase the global accessibility and performance of our website.
  3. The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 (1) f GDPR).
  4. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
  5. Further information on Amazon CloudFront CDN can be found here:
  6. https://docs.aws.amazon.com/pdfs/AmazonCloudFront/latest/DeveloperGuide/AmazonCloudFront_DevGuide.pdf#data-protection-summary

2.5 Cloudflare

  1. Our online offer uses services from "Cloudflare" (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare operates a content delivery network (CDN) and provides protection functions for the website (web application firewall).
  2. The data transfer between your browser and our servers flows through Cloudflare's infrastructure and is analysed there to prevent attacks. Cloudflare uses cookies to enable you to access our website.
  3. The use of Cloudflare is in the interest of a secure use of our online offer and the defence against harmful attacks from the outside. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
  4. For further information, please refer to the Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

2.6 Consent management

  1. Our website uses the cookie consent technology “CookieYes” / “Cookie Law Info” from WebToffee to obtain your consent to store certain cookies in your browser and to document this in accordance with data protection regulations. This technology is provided by WebToffee (Mozilor Limited 3 Warren Yard, Wolverton Mill, England).
  2. When you visit our website, a cookie from WebToffee is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of WebToffee.
  3. The data collected is stored until you request us to delete it, delete the WebToffee cookies yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
  4. Details on data processing by WebToffee can be found at https://www.webtoffee.com/privacy-policy/
  5. Consent technology is used to obtain the legally required consent for the use of cookies (Art. 6 (1) (c) GDPR).

2.7 Links to other websites

  1. While using some of our services, you will be automatically redirected to other websites.
  2. Please note that this privacy policy does not apply there. The privacy policy of the linked website may differ considerably from this one.

2.8 Information about Google Services

  1. We use various services of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
    For more information on the individual concrete services of Google that we use on this website, please refer to the further privacy policy.
  2. Through the integration of Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country.

    The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use.

    Google is registered in the data privacy framework. Furthermore, Google has committed to comply with the standard contractual clauses for the transfer of personal data to third countries (Standard Contractual Clauses - SCC).

    More information about the Standard Contractual Clauses is available at

    https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de

    and at

    https://policies.google.com/privacy/frameworks?hl=de
  3. We ourselves cannot influence which data Google actually collects and processes. However, Google states that, in principle, the following information (including personal data) may be processed, among others:
    • Log data (in particular the IP address)
    • Location-related information
    • Unique application numbers
    • Cookies and similar technologies
      Information on the types of cookies used by Google can be found at https://policies.google.com/technologies/types.
  4. If you are logged into your Google account, Google may add the processed information to your account depending on your account settings and treat it as personal data.
  5. Google states the following about this, among other things:

    "If you are not signed into a Google Account, we store the data we collect with unique identifiers associated with the browser, app, or device you are using. This allows us to ensure, for example, that your language settings are maintained across all browser sessions.

    If you are logged into a Google account, we also collect data that we store in your Google account and consider to be personal data." (https://privacy.google.com/take-control.html)
  6. You can prevent this data from being added directly by logging out of your Google account or also by making the appropriate account settings in your Google account. Furthermore, you can change your cookie settings (e.g. delete cookies, block cookies, etc.).
  7. You can find more detailed information in the privacy notices of Google, which you can access here: https://www.google.com/policies/privacy/
  8. You can find notes on Google's privacy settings at https://privacy.google.com/take-control.html.

2.9 Google Ads Conversion-Tracking

  1. We use "Google Ads" (formerly Google AdWords Conversion) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertisements are delivered by Google via so-called "AdServers". We use so-called AdServer cookies for this purpose, through which certain parameters for measuring success, such as display of the ads or clicks by the users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognise that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on one of our ads. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will obtain and store your IP address.
  2. We use Google Ads for marketing and optimisation purposes, in particular to serve relevant and interesting ads to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR.
  3. You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted when you delete your cookies.
  4. Information of the third party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
  5. Further information on data use by Google, on setting and objection options and on data protection can be found on the following Google web pages:

    Privacy policy: https://policies.google.com/privacy?hl=de&gl=en
    Google website statistics: https://services.google.com/sitestats/en.html

2.10 Google Adsense

  1. This website uses Google Adsense, a web advertising service of Google Inc, USA (''Google'').
  2. Google Adsense uses so-called ''cookies'' (text files), which are stored on your computer and enable your use of the website to be analysed.
  3. Google Adsense also uses so-called ''web beacons'' (small invisible graphics) to collect information. By using the web beacon, simple actions such as visitor traffic on the website can be recorded and collected.
  4. The information generated by the cookie and/or web beacon about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
  5. Google will use this information to analyse your use of the website with regard to the advertisements, to compile reports on the website activities and advertisements for the website operators and to provide further services associated with the use of the website and the Internet.
  6. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

2.11 Google Analytics

  1. We use "Google Analytics" on our website, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google uses cookies, i.e. small text files that are stored on your terminal device and enable an analysis of your use of our website. The information generated by the cookie about the use of our website is usually transmitted to a Google server and stored there. If anonymisation of the IP address to be transmitted by the cookie is activated on the website ("IP anonymisation"), your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server outside the EU and shortened there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles can be created from the processed data. The IP address transmitted when using Google Analytics will not be merged with other Google data.
  2. We only use Google Analytics with the activated IP anonymisation described above. This means that your IP address is only processed by Google in a shortened form. This excludes the possibility of personal references.
  3. We use Google Analytics to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR (consent).
  4. You can also prevent the storage of cookies generated by Google Analytics by making the appropriate settings in your web browser. Please note that in this case you may not be able to use all the functions of our website. If you wish to prevent the collection of the data generated by the cookie and related to your user behaviour (including your IP address) as well as the processing of this data by Google, you can also download and install the web browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
  5. In order to oblige Google to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with Google.
  6. Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
  7. For further information on the use of data by Google, on setting and objection options and on data protection, please refer to the following Google web pages:

    Terms of use: https://marketingplatform.google.com/about/analytics/terms/en/

    Overview of data protection: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631

    Privacy policy: https://policies.google.com/privacy?hl=de&gl=en

    Data use by Google when you use websites or apps of our partners: https://policies.google.com/technologies/partner-sites?hl=en

    Data use for advertising purposes: https://policies.google.com/technologies/ads?hl=en

    Settings for personalised advertising by Google: https://adssettings.google.com
  8. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
  9. deletion of user and event level data linked to cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) will take place no later than 50 weeks after collection.

2.12 Google Tag Manager

  1. We use the Google Tag Manager on our website. The Google Tag Manager is a service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
  2. Through the Google Tag Manager, we can integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it. In doing so, it cannot be ruled out that Google also transmits the information to a server in a third country.
  3. Information on the standard contractual clauses and the transfer to the USA from us to Google and other relevant data on data processing by Google in the context of the use of Google services can be found in this data protection declaration under section 2.5 ‘Information about Google Services’.
  4. In particular, the following personal data is processed by the Google Tag Manager:
    • Online identifiers (including cookie identifiers).
    • IP address
  5. In addition, you can find more detailed information about the Google Tag Manager on the websites https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

    as well as at

    https://www.google.com/intl/de/policies/privacy/index.html (section "Data we receive based on your use of our services").
  6. Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager (Art. 28 GDPR). Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.
  7. If you have deactivated individual tracking services (e.g. by setting an opt-out cookie), the deactivation remains for all affected tracking tags that are integrated by the Google Tag Manager.
  8. By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. In addition, the integration of the Google Tag Manager optimizes the loading times of the various services.
  9. The legal basis for the processing of personal data described here as part of the measurement process is consent expressly granted by you in accordance with Art. 6 Para. 1 lit. a GDPR.
  10. The legal basis for the processing of those data that are processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7 (1) GDPR).

3. Processing for the purpose of carrying out our business processes

3.1 Video surveillance

Below you will find our data protection notice within the meaning of Article 13 GDPR regarding the processing of personal data within the scope of our video surveillance.l

  1. The processing of video recordings is based on Article 6 (1) (f) GDPR; the so-called legitimate interest.
  2. Our legitimate interests are:
    • Protection of house rules
    • Protection against theft, protection of property
    • Investigation of burglary and theft
    • Protection of guests and employees
  3. The video recordings are processed exclusively for the purposes stated.
  4. Any further use or disclosure of the video recordings will only occur if necessary for potential criminal prosecution. In this case, the recipients will be the relevant law enforcement authorities.
  5. We use external service providers to maintain the video surveillance system, although access to the video surveillance system or stored video recordings cannot be ruled out.
  6. Video recordings will be deleted no later than 3 days after recording, unless special incidents have occurred that justify or require further storage.

3.2 Table reservation

  1. If you reserve a table at our restaurant via the “OpenTable” booking portal, your personal data will be provided to us.
  2. The legal basis for processing is your consent in accordance with Article 6 (1) (a) GDPR in conjunction with Article 6 (1) (b) GDPR (necessity for the initiation and execution of the contract).
  3. The contact details of the booking portal provider are: Open Table International Limited (Alphabeta Building, 14-18 Finsbury Square, London, EC2A 1AH, United Kingdom).
  4. Details: https://www.opentable.ie/c/legal/corporate-contact-information/

3.3 Newsletter

  1. Our email newsletters are sent using "MailChimp", a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
  2. The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf.
  3. Furthermore, MailChimp may, according to its own information, use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties. The privacy policy of MailChimp can be found here:https://mailchimp.com/legal/privacy
  4. Statistical survey and analyses
    The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and your reading behavior based on the retrieval locations (which can be determined with the help of the IP address) or the access times.
  5. Statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.


4. Cookies

4.1 General information

  1. Cookies are information transmitted by our web server or third-party web servers to the users' devices where they are stored for later retrieval. Cookies can be in the form of small files or any other types of information storage.
  2. In the case that users do not want that cookies are stored on their device, they will be asked to disable the corresponding option in their browser's system settings. Saved cookies may be deleted in the system settings of the browser. The exclusion of cookies can lead to functional impairments of this online service.

4.2 Cookie overview, objection

  1. An up-to-date overview of the cookies and similar technologies used on this website can be found in the Consent Management Platform (see section 2.6).
  2. There you can also manage your individual consents and preferences.

5. Changes to the Data Privacy Policy

  1. We reserve the right to change this Data Privacy Policy with regards to the data processing, in order to adapt it to changed legal situations, to changes of the online service or of the data processing.
  2. If users' consents are required or if elements of the Data Privacy Policy contain provisions in regards to the contractual relationship with the users, the changes will only be made with the consent of the users.
  3. Users are requested to keep themselves informed about the content of this Data Privacy Policy on a regular basis.

Version: December 2025

VOCO MALTA

St. George’s Bay
Malta STJ 3311
+356 7999 5864
reservations@lumimalta.com

Join us!

Recruitment
Privacy Policy
Recipes

Lumi’s Newsletter

News, recipes & more
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.