Privacy Policy

This privacy policy describes how ConnectFlow Technologies ("we", "us", or "our") collects, uses, and protects your personal data when you visit or use our site or this service. We are committed to protecting your privacy and handling your data in a transparent and lawful manner, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Data Controller

The data controller responsible for your personal data is:

ConnectFlow Technologies
45 Graslei, Floor 3, 9000 Ghent, East Flanders, Belgium

Collection of Your Personal Data

We collect various types of personal data depending on how you interact with our site or service. This may include:

• Information you provide directly: When you contact us, request information about our services, sign up for a trial, create an account, or use certain features of our service, you may provide personal data such as your name, company name, job title, business contact details (business address, business phone number), and any other information you choose to provide in your communications.
• Data related to your use of our services: This includes information about the services you use, how you use them, and your interactions with our team regarding those services.
• Technical Data: We automatically collect certain information when you visit our site, such as your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our site.
• Usage Data: We collect information about how you use our site and services, including the pages you visit, the features you use, the time spent on certain pages, and other usage statistics.
• Marketing and Communications Data: We collect your preferences in receiving marketing from us and your communication preferences.

Use of Your Personal Data

We use your personal data for various purposes based on lawful grounds:

• To provide and manage our services: To deliver the hotel technology services you request or subscribe to, manage your account, process transactions, and provide customer support. This is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• To improve our site and services: To understand how our site and services are used, analyse trends, and enhance user experience, functionality, and performance. This is based on our legitimate interests in improving and developing our offerings.
• To communicate with you: To respond to your inquiries, provide information about our services, updates, and important notices. This is based on legitimate interests in communicating with our users or performing contractual obligations.
• For marketing purposes: To send you information about our services, offers, and news that may be of interest to you, where we have your consent or a legitimate interest and are permitted by law. You can opt-out of receiving marketing communications at any time.
• To ensure the security of our site and services: To protect against fraud, unauthorized access, and other security threats. This is based on our legitimate interests in protecting our business and users.
• To comply with legal obligations: To meet our legal, regulatory, and compliance requirements.

Lawful Basis for Processing

We will only process your personal data when we have a lawful basis to do so. The primary lawful bases we rely on are:

• Performance of a contract: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
• Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided that your fundamental rights and freedoms do not override those interests. Examples include improving our services, marketing (under certain conditions), and ensuring security.
• Consent: Where you have given your explicit consent to the processing for a specific purpose. You have the right to withdraw consent at any time.
• Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

Sharing and Disclosure of Your Personal Data

We may share your personal data with third parties under certain circumstances:

• Service Providers: We may share data with trusted third-party service providers who perform services on our behalf, such as hosting, data storage, analytics, customer support, and marketing assistance. These service providers are contractually bound to process data only according to our instructions and to maintain appropriate security measures.
• Affiliates: We may share data with our affiliated companies for operational purposes, such as providing integrated services or internal administration.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.
• Legal Requirements: We may disclose your personal data if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or the rights, property, or safety of others.

We do not sell your personal data to third parties.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Data Security

We have implemented appropriate technical and organisational security measures to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. However, please note that no method of transmission over the internet or electronic storage is 100% secure.

Your Data Protection Rights

Under GDPR and other applicable data protection laws, you have certain rights regarding your personal data. These rights may include:

• The right to access: You have the right to request a copy of the personal data we hold about you.
• The right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• The right to erasure (right to be forgotten): You have the right to request that we delete your personal data under certain conditions.
• The right to restriction of processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• The right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
• The right to object: You have the right to object to our processing of your personal data under certain conditions, particularly where we are processing based on legitimate interests or for direct marketing.
• The right to withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
• The right to complain to a supervisory authority: You have the right to lodge a complaint with a competent data protection supervisory authority if you believe our processing of your personal data infringes applicable law.

To exercise any of these rights, please contact us in writing at the address provided in the "Data Controller" section above. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

International Data Transfers

Your personal data may be transferred to, and stored at, a destination outside the European Economic Area (EEA) by us or by our service providers. Where your personal data is transferred outside the EEA, we will take steps to ensure that your data is treated securely and in accordance with this privacy policy and applicable data protection laws. This may involve relying on EU Commission approved standard contractual clauses, or other lawful transfer mechanisms.

Children's Privacy

Our site and services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us in writing at:

ConnectFlow Technologies
45 Graslei, Floor 3, 9000 Ghent, East Flanders, Belgium