1. Privacy roles and involved parties
Depending on the service configuration and the workflow involved, privacy roles may be split between the platform owner, the customer tenant and integrated third-party providers. In many cases the tenant acts as controller with respect to the personal data of its guests, staff users and business contacts, while the platform provider supplies the SaaS infrastructure and the functionality required to deliver the service.
For central billing, governance, support, monitoring and security activities, the platform owner may process additional data for administrative, contractual, continuity, abuse-prevention and platform-protection purposes.
Where the service connects to payment gateways, OTA channels, messaging providers, OCR services or other external systems, those providers may process part of the data independently or jointly, according to their own roles, legal bases and privacy documentation.
2. Categories of personal data processed
The platform may process identifying and contact data relating to administrative users, operators, customer representatives, guests, prospects and other persons lawfully entered into the workflows of the service. Such data may include name, surname, email address, phone number, company, role, language preference and internal account or tenant identifiers.
Within hospitality operations, the platform may also process booking data, stay data, room data, folio items, payment references, city tax information, commercial documents, operational requests, stay preferences, guest profile notes, support tickets and activity logs.
Within self check-in and guest journey workflows, the platform may additionally process identity documents, images, selfies, signatures, form data, OCR or review outcomes and technical metadata required to protect the link, the session or the check-in flow.
3. Sources of data and collection methods
Personal data may be provided directly by the data subject, entered by customer staff, imported from OTA channels or third-party providers, generated by operational use of the platform or derived from application workflows such as direct booking, quote sharing, payment links, self check-in, guest portal, maintenance desk or reporting.
Additional technical data may be collected automatically for security, audit, monitoring, diagnostics, error prevention and continuity purposes, including timestamps, session identifiers, IP addresses, user agents, validation results, webhook logs, response summaries and other system events.
Where third-party integrations are active, some data may be received or transmitted automatically to the extent required by the configured workflow and the relevant provider connection.
4. Processing purposes and legal bases
Data is processed to provide the platform and active modules, execute customer operational workflows, manage bookings and stays, collect payments, deliver guest-facing services, administer accounts and permissions, provide technical support and ensure continuity and security of the service.
Applicable legal bases may include the performance of pre-contractual or contractual measures, compliance with legal obligations applicable to hospitality businesses, legitimate interests in service security and integrity and, where required by law or by the type of communication, the consent of the data subject.
It remains the customer responsibility to verify the appropriateness of the legal basis relied upon for any processing carried out through the platform in relation to its own guests, users, contacts and partners.
5. Direct booking, quotes, communications and operational marketing
When the customer uses the booking engine, saved quotes, promo codes, payment links, public forms or commercial follow-up workflows, the platform processes the data strictly necessary to calculate availability, generate offers, deliver links, convert a quote into a booking and preserve the related operating trail.
Communications sent by email or WhatsApp in relation to quotes, payment links, reminders, service messages or pre-stay and post-stay workflows may involve contact data, message content, delivery outcomes, opens, interactions or technical tracking metadata.
The customer is responsible for ensuring that such communications are lawful, proportionate and consistent with applicable law, the privacy notice made available to data subjects and any preferences or objections expressed by recipients.
6. Self check-in, identity documents and stay data
Within self check-in workflows the platform may process booking data, guest-declared data, identity documents, images, selfies, signatures and other elements needed to complete pre-arrival or internal stay validation procedures.
Features such as document upload, assisted OCR, operational review, mobile check-in and expired-session recovery are designed to reduce front desk workload, but the customer remains responsible for final verification of the data required for guest admission and legal obligations.
When analysis services or third-party components are enabled in support of this workflow, relevant data may be transmitted or processed to the extent technically required by those services. The customer must assess the lawfulness and proportionality of those flows within its own legal and operational context.
7. Payments, gateways and commercial documentation
The use of payment gateways, payment links, desk collection, refund workflows and reconciliation boards involves the processing of data needed to identify the reservation, the amount, the payment channel, the transaction outcome, the refund status and the technical references required for settlement or control.
As a rule, sensitive payment credentials are not intended to be handled directly by the customer through the platform but are processed through specialized providers operating under their own security and compliance frameworks. The platform may retain transactional metadata, technical tokens, operational references and logs required for reconciliation and support.
Receipt, invoice, PDF archive, email delivery and document recovery features process the data necessary to issue, deliver, download or track documents related to the reservation. The customer remains responsible for fiscal and documentary obligations under applicable law.
8. OTA channels, integrations and transfers to third-party providers
The platform may synchronize data with OTA channels, gateways, messaging services, OCR providers or other external systems in order to import reservations, sync availability, push rates and restrictions, deliver communications, collect payments or perform other service-related functions.
Such integrations may involve transfers of, or access to, personal data by third-party providers selected by the customer or technically necessary to the workflow. The categories of data involved depend on the connector, the active configuration and the requested operation.
The customer is responsible for assessing the suitability of the providers used, the lawfulness of any transfer, the existence of appropriate contractual safeguards and the privacy impact of the activated flows, including where the integration is made technically available by the platform provider.
9. Data retention and retention criteria
Retention periods vary depending on the type of data, the module in use, tenant settings, continuity requirements, legal obligations and any technical need linked to backup, restore, audit or service offboarding.
Some information may be retained only for the period strictly necessary to provide the service, while other data may need to be kept longer for legal, administrative, fiscal, security, abuse-prevention, evidentiary or dispute-management purposes, including chargebacks and audits.
Upon termination of the service or expiry of the relevant retention period, data may be deleted, anonymized, exported or archived in a form no longer directly accessible, according to applicable contracts, technical policies and mandatory law.
10. Security measures and organizational safeguards
The platform implements technical and organizational safeguards consistent with the SaaS nature of the service, including authentication, audit logs, rate limiting, signed URLs, tenant segregation, backup, monitoring, alerting, application recovery and other controls designed to reduce the risk of unauthorized access, data loss or improper system use.
Those measures complement, but do not replace, the customer responsibilities regarding account management, endpoint security, workstation protection, access revocation procedures, proper browser use, corporate email protection and periodic review of internal privileges.
In the event of anomalies, breaches or incidents affecting the platform, the provider may activate containment measures, enhanced logging, selective account suspension, recovery actions or other technical responses reasonably necessary to protect the service and the data being processed.
11. Data subject rights and privacy requests
Data subjects may exercise, to the extent provided by applicable law, rights of access, rectification, updating, erasure, restriction, objection and portability, together with any other rights available under the relevant legal framework.
Where the tenant acts as controller for guest, user or contact data, requests should primarily be addressed to the relevant customer organization that governs that processing. The platform provider may support the customer technically and contractually where appropriate.
For requests concerning data processed directly by the platform owner, for security reports or for clarifications regarding this notice, data subjects may use the official contact and support channels indicated on the website or in the relevant contractual documents.