Web Analytics



We are committed to ensuring that your privacy is protected and understand the need for appropriate protection of all personal information provided by you to us. This Privacy Policy has been created in order that you understand the importance that we attach to this issue and our commitment to ensure that we comply with legislation in this area.

Although this policy specifically references UK legislation and Surya Hotels and Dragonfly Hotels, we are part of a wider group – Flying Trade Limited – with which this policy guidance is aligned.

By providing us with your personal data, whether through the Group websites or otherwise, you consent, agree and accept that we, as well as our respective representatives and/or agents may collect, use, disclose and share among ourselves your personal data as described in this policy.


Surya Hotels Limited trading as Surya Hotels and Dragonfly Hotels

Surya Hotels Limited is registered as a Data Controller with the Information Commissioner’s Office.  Our brand hotels are also covered by an ICO registration.  The current registration details are:

Data Controller Name: SURYA HOTELS LIMITED

Registration Number: ZA197815

Date Registered: 2 August 2016


We collect information about you when you register with us on our website, login to our website or applications (directly or by using social media logins), download any of our mobile applications, or commence or complete an online transaction to use our products and services.  We collect information about you when you contact our reservations team to make a booking or use the facilities at any of our hotels and restaurants.  Facilities include, but are not limited to, Spa, bar and restaurant, function rooms, and guest Wi-Fi.  We have CCTV installed in all of our premises in public areas and particularly around entrances and exits; this is for the purposes of prevention and detection of crime and employee monitoring.

We also collect information from you when you sign up to any of our loyalty programmes, subscribe to any of our marketing communications, complete our voluntary customer surveys, enter our competitions or provide feedback.  These may be carried out online, by telephone or in person.

Some of the information we collect may be classed as personal data, that is, it is information about an individual who can be identified from it.  It may be collected any time you submit it to us, whatever the reason may be.

In doing business with you, typically we will collect:

If you provide us with any personal data relating to any third party (e.g. information about your spouse, children, employees or colleagues) for particular purposes, by submitting such information to us, you warrant and represent to us that you have obtained the consent of such third party to provide us with their personal data for the respective purposes.


We use the information we collect about you to process your bookings, answer your queries, process your gift card and voucher purchases, provide our hotel and restaurant facilities and services, enable you to manage your website user account and provide loyalty or membership programmes.  With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about: –

We may use your information collected from the website, via cookies or direct input, to personalise your repeat visits to our website and send triggered messaging emails to you.

We may use your information to meet and comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory body which are binding on us; and for purposes which are reasonably related to the aforesaid.

We operate a centralised reservation system use of which is shared by all hotels in our group, both Surya Hotels and Dragonfly Hotels.  This means that any personal data you have shared with us for booking purposes is available in that system to all our group hotels for reservations and marketing purposes.

We sometimes engage the services of trusted third parties to process the information collected by generating anonymised statistics to assist us with our marketing campaigns and business analysis.  We do not disclose this anonymised data outside of our business group.  It is not possible for the business to identify an individual from such anonymised data presented in our internal reports.


We share your data with businesses in the Surya Hotels and Dragonfly Hotels through our reservation systems.  Your information may also be shared with our parent company, Flying Trade Group PLC (together with their wholly owned subsidiary Flying Trade Limited and Flying Leisure Limited) for advertising or marketing and business management purposes.

Where we use contracted and trusted third parties to facilitate our provision of services and offers, we will also share your data with those parties for that purpose.  This includes the processing and delivery of marketing communications to you, processing review and upgrade services and any other third-party services engaged to perform a business support, operational or administrative function.

In some instances, it is necessary to transfer your personal data overseas.  Any transfers will be made in full compliance with all aspects of the Data Protection Act.

Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes.

We do not share your data with any third parties outside of the above processing arrangements and we do not share your data with any business external to our group for their own marketing purposes.  From the data we collect, you should only ever receive marketing communications from our own brands and hotels.  The exception to this is if you have additionally agreed to receive communications from external third parties, via take up of our special third-party promotions, competitions and club memberships.  These are third parties with whom we have agreed commercial relationships.  For example, other retail, leisure and hospitality businesses.

We may also disclose personal data as permitted or required by law.  For instance, if asked by the authorities, such as the police or HMRC, we may share your personal data with them for the purposes of prevention and detection of crime.  Information is not shared with them outside of this purpose.


We understand how important it is to securely store any information that you provide.  Surya Hotels and Dragonfly Hotels take the privacy and security of your payment and personal details very seriously.  Although we take reasonable care to keep your personal data secure, we cannot be held liable for any loss you may suffer from unauthorised access or loss of any data provided to group websites.  As part of our security measures, we use encryption technologies for online transactions via our websites.

To protect your data and ensure it is secure we use ‘https’ on our booking engines on all Surya Hotels and Dragonfly Hotels.

Should you choose to store your credit card details with us via your website user account, for the purpose of making future booking transactions, we will store this information with our secure third party payment gateway which is accredited for PCI DSS (Payment Card Industry Data Security Standards).

Our guest Wi-Fi service is provided either by a contracted trusted third party or ourselves, depending upon which hotel site you are visiting.  If you choose to use the service to access web sites or content provided by third parties or purchase products from third parties, then your personal information may be available to the third-party provider. The way third parties handle and use your personal information related to the use of their services is governed by their policies.  Surya Hotels and Dragonfly Hotels have no responsibility for their policies, or third parties’ compliance with them. Our guest wireless/wired systems use radio channels or local area networks to transmit voice and data communication information; privacy therefore cannot be guaranteed, and Surya Hotels/Dragonfly Hotels shall not be liable to you for any lack of privacy you experience while using the service.

Whilst we take reasonable, appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the internet can ever be totally guaranteed secure.  Consequently, please be aware that we cannot guarantee the complete security of any personal data that you transfer over the internet to us whilst in transit.  Sending such information is entirely at your own risk.

We advise that you follow general internet security guidelines:


To provide you with confidence in paying for your rooms and buying gift vouchers online with us, we have introduced Verified by Visa®™ [and Mastercard®] [SecureCode™.

This is the electronic version of chip and pin technology and is sometimes referred to as 3D Secure.  These services enhance your existing card account against unauthorised use when you book online with us and pay in advance.

To use this service, you must first register with the bank or other organisation that issued your card.  You can find out more about these services by visiting the relevant Visa and Mastercard websites:

Visit the Verified by Visa®™ website


Visit the Mastercard® SecureCode™ website


Once you’ve registered and created your own private password with your card issuer, you’ll be prompted automatically at checkout to provide this password each time you use your card on our site.

For our flexible rate bookings, where you use your card to guarantee the reservation, we do not process payment until you check-in with us, so Verified by Visa®™and Mastercard® SecureCode™ do not apply in this instance.  Instead your encrypted card details are transmitted to our reservation system.  You will need to present a payment card at check-in.

It is important that you take note of our cancellation terms and conditions for these flexible rates however, otherwise we reserve the right to charge your card for a no-show should you not turn up for your stay and have not let us know by the agreed cut-off time in advance of arrival.  Where asked you are required to be able to produce the same card, used for any booking paid in advance online, at check-in.

Please note:

Neither Malmaison nor Hotel du Vin has access to your Verified by Visa®™ or Mastercard® SecureCode™ password.  This is entirely separate from any website user account you may create with us.


We would like to send you information about other Surya Hotels and Dragonfly Hotels products and services, including offers from our parent owner Flying Trade Group PLC, and its subsidiaries Flying Trade Limited and Flying Leisure Limited, which we believe may be of interest to you.  If you have consented to receive our marketing, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes.  If you no longer wish to be contacted, you can unsubscribe by any of the following methods:



In the event that our business is transferred, sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s advisers and may be passed to the new owners of the business.


You have a right to access a copy of the information which we hold about you.  If you would like to do this, please email us on marketing@suryahotels.co.uk or write to us at the following address.  We reserve the right to make a small charge for these requests as per the terms of the Data Protection Act.

You have a right to access a copy of the information which we hold about you.  If you would like to do this, please email us on marketing@suryahotels.co.uk or write to us at the following address.  We reserve the right to make a small charge for these requests as per the terms of the Data Protection Act.

Information Governance Manager

Surya Hotels and Dragonfly Hotels

Old Ipswich Road



We want to make sure that your personal information is accurate and up to date. You are able to make amendments, or withdraw your consent for use, by telling our reception staff when you check in at any of our hotels or by contacting our Information Governance Manager.

If you withdraw your consent to any or all use of your personal data, depending upon the nature of your request, we may not be able to provide or continue providing our products and services to you, or administer any contractual relationship already in place. You understand and agree that in such instances where we require your personal data to fulfil a contractual obligation to you and you withdraw your consent to collect, use or disclose the relevant personal data for those purposes, we cannot be held liable for breach of that agreement. Our legal rights and remedies in such event are expressly reserved.


Your personal data will be retained for as long as it is necessary to fulfil the purpose for which it is collected or for business or legal purposes, or in accordance with applicable laws.

Should you choose to unsubscribe from our mailing list or if your membership expires, please note that your personal data may still be retained on our database to the extent permitted by law.


We use cookies on our website to enhance your experience with our brand. A cookie is filled with data files that are placed on your computer or portable device each time you visit a website. They are stored on your web browser and enable us to personalise your experience when you visit our website. You are welcome to change your browser settings to not accept our cookies; should you choose to do this you may find that the functionality of our websites is reduced.

We may use cookies on Group websites for the following purposes:


Phishing is the practice of tricking someone into giving confidential information.  Examples include falsely claiming to be a legitimate company when sending an e-mail to a user, in an attempt to get the user to send private information that will be used for identity theft and fraud.

We will never ask you to confirm any account or credit card details via email.  If you receive an email claiming to be from Surya Hotels or Dragonfly Hotels asking you to do so, please ignore it and do not respond.  You can contact our hotels directly or Information Governance Manager to report it or if you are unsure.


This privacy policy applies solely to information collected by Surya Hotels/Dragonfly Hotels and is aligned to our parent policies of the Frasers wider Group business. Our websites may contain links to external sites, operated by other owners and third parties, over which we have no control.  For this reason, we encourage our visitors to be aware when they leave our website and to read the privacy statements applicable on other sites they may visit.  Any access to such other sites or pages is therefore entirely at your own risk.  We are not responsible for the data protection policies (including personal data protection and cookies), content or security of any third-party websites linked to or from group websites.


Our privacy policy is regularly reviewed.  Following any changes, the new version of the policy will be uploaded to the websites and the old versions removed.  Please check back frequently to see any updates.


All other questions on our use of your personal data should be directed as follows:

Data Protection Enquiries & Concerns: customerrelations@suryahotels.co.uk