Privacy Policy

Introduction

HotelKey, Inc., and its affiliated entities (“HotelKey”) is committed to protecting the privacy of individuals and achieving and maintaining the trust of our clients (“HotelKey Clients” or “Clients”) and other users of and visitors to HotelKey websites (collectively, “Visitors”). Central to this mission is providing a robust security and privacy program that carefully considers data protection matters across the suite of products and services offered by HotelKey (“HotelKey Services” or “Services”), including data stored by HotelKey on behalf of its Clients and their customers in connection with our Services (“Client Data”), and with respect to “personal data,” as defined by the European General Data Protection Regulation (“GDPR”), and “personal information,” as defined by the California Consumer Privacy Act of 2018 (“CCPA”) (collectively, “personal information”).

Web Sites Covered

This Privacy Statement describes our privacy practices regarding information we collect from individuals (“you” or “your”):

• Who visit www.hotelkeyapp.com and associated HotelKey micro sites (collectively, the “HotelKey Sites”).
• Who visit the HotelKey Sites and/or attend HotelKey conferences and events, or interact with us in other ways offline, such as by visiting our offices (“HotelKey Events”).

When we collect personal information on the HotelKey Sites and at the HotelKey Events, certain additional disclosures that are specific to the context of our collection and use of the information being collected (e.g. an event or seminar registration page), may be provided to you. For the avoidance of any doubt, we will adhere to those commitments and any such additional privacy policy statements are hereby incorporated into this Privacy Statement.

IMPORTANT: THIS PRIVACY NOTICE DOES NOT APPLY TO CLIENT DATA.

HotelKey's confidentiality/privacy and other obligations with respect to its Services, and Client Data (which is data collected and controlled by HotelKey Clients as part of HotelKey’s hosting services), are governed solely by the agreements under which the Services are provided to our Clients. The traditional licensees of HotelKey Services are owners and operators of hotels and other lodging facilities, including national and international brands, franchisees, and management companies (again, collectively, as used in this Privacy Notice, “HotelKey Clients” or “Clients”). HotelKey has no direct relationship with the individuals to whom our Clients’ Client Data may pertain; HotelKey merely hosts or processes such data on behalf of our Clients.

If you have any questions about the data privacy practices of a HotelKey Client that uses HotelKey Services to process your personal information, please contact the HotelKey Client directly.

Web Sites Not Covered

This Privacy Statement does not apply to personal information collected by HotelKey Clients using HotelKey Services. If you submitted personal information to a HotelKey Client-controlled website or application and you wish to exercise any rights you may have to access, correct, amend, port, delete, or restrict/object to the processing of such data, please inquire with the HotelKey Client directly.

The HotelKey Sites may contain links to other third-party websites. The information practices or content of such other websites is governed by the privacy statements or notices of such other websites. HotelKey encourages you to review the privacy statements or notices of such other websites to understand their information practices.

General Data Protection Regulation (“GDPR”)

Some countries, including countries in the European Economic Area (“EEA”), impose certain responsibilities on data controllers and data processors. A company is a data controller when it has the responsibility of determining why and how personal information is processed, whereas a company is a data processor when it processes personal information on behalf of a data controller. HotelKey is a data processor and not a data controller under GDPR with respect to Client Data. HotelKey Clients are data controllers because they make all decisions about how or why Client Data containing personal information or not, is to be processed, including any disclosure or transmission to third parties. If personal information pertaining to you as an individual has been submitted or entered into a HotelKey Service by or on behalf of a HotelKey Client, or was otherwise collected by a HotelKey Service on behalf of a HotelKey Client, and you wish to exercise any rights you may have to access, correct, port, amend, delete, or restrict/object to the processing of such Client Data, please inquire with the HotelKey Client directly. If an authorized HotelKey Client requests that we update or remove the data in question and the Client has no ability to do so via use of the Services, we will acknowledge their request within 30 days.

UK Data Protection Act 2018 (“UK GDPR”)

Since January 31 2020, the UK is no longer part of the EEA. If you are a UK resident, the processing of your data is governed by the UK Data Protection Act 2018 (“UK GDPR”) which updates and amends the provisions of the EU GDPR as they apply to the UK following Brexit.

California Consumer Privacy Act (“CCPA”)

If you are a California resident, you may have certain rights with respect to personal information, as set forth in Cal. Civ. Code 1798.100 et seq. This “Rights of Individuals” section of this Privacy Statement addresses those California-specific rights as applied to the CCPA-covered information, including the right to request information about the personal information we collect and share and to request access to and deletion of such information consistent with the provisions of the law. Please note that most of the personal information HotelKey collects and maintains, it does so on behalf of HotelKey Clients, as a service provider to such HotelKey Clients. As a result, HotelKey Clients’ privacy policies, not this Privacy Statement, cover that information. As a result, if you make a request to us with respect to such data, we will refer you to the HotelKey Client (for instance, property management companies) on whose behalf we may maintain the information to assist you with your request.

Canada Personal Information Protection and Electronic Documents Act (“PIPEDA”)

To the extent it is applicable, this Privacy Statement is made under the Personal Information Protection and Electronic Documents Act. There are some rare exceptions to the commitments set out in this Privacy Statement.

Privacy Laws of Other Territories

This Privacy Statement is made under the privacy laws of other territories not described above, to the extent they are applicable.

Rights of Individuals

Rectifying Personal Information Submitted on HotelKey Sites

If we have collected and processed your personal information based on your consent, you can withdraw your consent at any time by contacting us at privacy@hotelkeyapp.com. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Request Disclosure of Information We Collect And Share About You

HotelKey is committed to ensuring that you know what information we collect about you. You can request the following information from us, with respect to personal information we have collected:

• The categories of personal information we have collected about you.
• For each category:
  • The categories of sources from which we collected the personal information.
  • The business or commercial purposes for which we collected the personal information.
  • The categories of third parties with which we shared the information.
• The specific pieces of information we collected about you.

HotelKey will respond to such requests if required by law, in which case the response will cover the 12-month period preceding our receipt of the request.

Request the Deletion of Personal Information We Have Collected

Upon receiving a deletion request covered by the GDPR, the CCPA, or other applicable privacy law with respect to HotelKey Sites, HotelKey will delete the personal information we have collected about you, except for where we have a legitimate business purpose to retain such information, or situations where specific information is necessary for us to: provide you with a good or service that you requested, perform a contract we entered into with you, maintain the functionality or security of our systems, or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.

We Do Not Sell Personal Information

HotelKey does not and will not sell personal information to third parties and has not sold personal information within the last 12 months.

We Are Committed To Honoring Your Rights

If you exercise any of the rights explained in this Privacy Statement, HotelKey will continue to treat you fairly. In particular, this means that if you exercise any rights under this Statement, you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.

Respond to a Request to Exercise Your Rights

For individual rights requests covered by the CCPA, HotelKey will provide a substantive response to your request generally within 45 days from when we receive it, although it may take longer under certain circumstances. For individual rights requests covered by the GDPR, HotelKey will provide a substantive response to your request generally within 30 days from when we receive it, although it may take longer under certain circumstances. For individual rights requests covered by other applicable laws, HotelKey will provide a substantive response within the timeframe set forth in such law. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

We may ask you for additional information to verify your identity for purposes of responding to a request you have made. If HotelKey is unable to verify your identity with the degree of certainty required, we will not be able to respond to the request.

You may designate an agent to submit requests on your behalf. For requests covered by the CCPA, the agent can be a natural person or a business entity that is registered with the California Secretary of State. If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with the applicable law pertaining to powers of attorney.

How to Make a Request to Exercise Your Rights

To exercise any of the rights above, or to ask a question, contact us at privacy@hotelkeyapp.com.

Your California Privacy Rights Regarding Direct Marketing

As stated elsewhere in this Privacy Statement, and in accordance with California Civil Code section 1798.83, HotelKey does not disclose personal information collected on the HotelKey Sites to third parties for their direct marketing purposes. (California Civil Code section 1798.83 permits users of a website that are California residents to request certain information regarding the disclosure of personal information to third parties for their direct marketing purposes).

Your UK/EU Right To Data Portability

You have the right to data portability in circumstances where we rely on contractual necessity or consent as our legal basis. This means that you have the right to receive your information in a structured, commonly used, and machine-readable format and to share it with a third party.

Your UK/EU Right To Restrict / Object to Processing of Your Information

You can ask us to restrict processing of your personal data where:

• You are challenging the accuracy of the information,
• The information has been unlawfully processed, but you are opposing the deletion of that information,
• Where you need the information to be retained for the pursuit or defense of a legal claim,
• You have objected to processing and you are awaiting the outcome of that objection request.

You also have the right to object to the processing of your information in certain circumstances. This right applies when we are pursuing our legitimate interests or those of a third party. In submitting an objection request, please provide all relevant information, including the processing activity you are objecting to, why you want to object and how the processing activity affects you, and any additional information that you think will help us review your request. We will stop the particular processing if we don’t have compelling legitimate grounds to continue that processing or don’t need it for legal claims.

Information We Collect

Information that you provide voluntarily: HotelKey Sites and Events offer various ways that individuals may contact us, such as through form submissions or phone, in order to inquire about our company and services. For example, when expressing an interest in obtaining additional information about HotelKey or our Services, subscribing to marketing or otherwise contacting us, HotelKey collects certain personal information from you. We may also collect information from you in person at a tradeshow or event or via a phone call with one of our sales representatives.

The personal information we collect may include:

• Contact information (such as your name, address, telephone number and email address) as well as the nature of your communication;
• Professional information (such as your company name, job title, company address);
• Marketing information (such as your contact preferences, source/campaign); and
• Recordings of telephone calls, or other communications with you, to the extent these are permitted by applicable law.

Providing your data is optional. In such cases, if you do not provide your information, we may not be able to provide you with requested information.

Information we collect automatically: When using a HotelKey Site, certain information is automatically collected by most browsers or through your device (such as your IP address, your operating system, your browser, device information, unique device identifiers, mobile network information, request information). Some of this information is collected using cookies and similar tracking technology, as explained in the “Cookies” section below.

Information we collect from other sources: In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, data providers, social media platforms, as well as from other third parties. This information may include:

• mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering more relevant email content, event promotion and profiling; and
• updated delivery or payment information used to correct our records; purchase or redemption information; and customer support and enrollment information.

Cookies

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. As is common to many online services, our Services may make use of the following third party cookies to collect certain data directly from end-user browsers for the purposes described in this Privacy Statement (see the Section “Information we collect automatically” above for further information).

When you visit our website, we and our service providers may use cookies, pixels, and similar technologies to collect information about your interactions with the site. These technologies may associate your website activity with other information held by our service providers, including information that may be linked to you or your organization, such as an email address or company domain. This information is used for analytics, marketing, and business intelligence purposes, including to better understand website usage and to deliver relevant communications. You may opt out of certain uses of this data, including targeted advertising.

Google Analytics: This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

How We Use Information We Collect

We use the information we collect or receive (alone or in combination) to:

• To respond to your inquiries and fulfill your requests, such as to send you requested materials and newsletters, as well as information and materials regarding our products and services.
• To send administrative information to you, for example, information regarding the HotelKey Sites and changes to our terms, conditions, and policies.
• To send you marketing communications, including via email and SMS in compliance with applicable laws and in accordance with your preferences, that we believe may be of interest to you.
• For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying the HotelKey Sites and our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
• As we believe to be necessary or appropriate:
  • Under applicable law, including laws outside your country of residence;
  • To comply with legal process;
  • To respond to requests from public and government authorities including public and government authorities outside your country of residence;
  • To enforce our terms and conditions;
  • To protect our operations or those of any of our affiliates;
  • To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and
  • To allow us to pursue available remedies or limit the damages that we may sustain.

Legal bases for processing personal information

Certain data protection laws, including European and UK data protection laws, require that we inform you of the legal bases (or legal grounds) on which we process your personal information.

There are various grounds on which we can rely when processing your personal information. In some contexts, more than one ground applies. In the table below, we have summarized the grounds most relevant in the context of HotelKey Services and what those terms mean.

Additional Information About How HotelKey Shares Your Personal Information

We do not rent or sell personal information.

We may disclose personal information to third parties to assist us in performing the Services, including payment processing for any applicable fees associated with an event or transaction. These third parties have access to the information you submit only to perform these tasks on our behalf.

Employment/Job Applicant Personal Information

HotelKey, like all organizations, is a data controller of its employees’ personal information that is processed as part of its human resources operations.

Customer Testimonials

HotelKey may provide bulletin boards, blogs or client testimonials on HotelKey Sites. Due to the nature of the Internet, any information or personal information you choose to submit in such a forum may be read, collected or used by others who visit these forums, and may be used to send you unsolicited messages. HotelKey is not responsible for any information or personal information you choose to submit in these public forums.

HotelKey may post a list of clients and testimonials on HotelKey Sites that contain information such as client names and titles. In such cases, HotelKey obtains the consent of each such person prior to posting any information on such a list or posting testimonials.

Information We Share

HotelKey Affiliates

HotelKey may share your personal information with affiliates of HotelKey for the purpose of any necessary collaboration. For example, HotelKey may need to share your information with an affiliate for job application and employment purposes.

HotelKey Successor

HotelKey may share your personal information with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of HotelKey's assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by HotelKey about our Visitors is among the assets transferred.

Compelled Disclosure

HotelKey reserves the right to use or disclose information and personal information provided on the HotelKey Sites if required by law or if HotelKey reasonably believes that such use or disclosure is necessary to protect HotelKey's rights and/or to comply with a judicial proceeding, court order or legal process.

International Transfer of Information

To facilitate HotelKey's global operations, HotelKey may store, transfer and access the information and personal information you submit on the HotelKey Sites around the world, in which HotelKey or its third party service providers have operations.

If you are using the HotelKey Sites or Service from outside the United States, please be aware that your information may be transferred to, stored, and processed by HotelKey in our facilities and by those third parties with whom we may share your personal information, in the United States and other locations where we have offices. These countries may have data protection laws that are different to the laws of your country. This Privacy Statement shall apply even if HotelKey transfers such information or personal information to other countries.

If you are located in the UK or EEA, we will comply with applicable legal requirements and have taken appropriate safeguards to require that your personal information remains protected in accordance with this Notice in relation to the transfer of personal information outside of the UK or EEA. In all such cases, we will only transfer your personal information if:

• The country to which the personal information will be transferred has been recognized as offering an ‘adequate’ level of protection by the European Commission;
• The recipient of the personal information is located in the U.S. and has certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and the Swiss–U.S. DPF; or
• We have put in place appropriate safeguards with respect to the transfer of data, for example by implementing the European Commission’s Standard Contractual Clauses for transfers of personal information (the “EU Model Clauses”).

In relation to transfers of information between our group companies, we have implemented the EU Model Clauses (and accompanying UK Addendum), which require all group companies to protect personal information they process from the UK or EEA in accordance with UK and European Union data protection law.

You may request a copy of the safeguards that we have put in place in respect of transfers of personal information by contacting us.

Communications Preferences

HotelKey offers Visitors who provide contact information a means to choose how HotelKey uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of HotelKey's marketing emails. Additionally, you may specify your communications preferences. HotelKey Clients cannot opt out of receiving transactional emails related to their account with HotelKey or the Services.

Children Under the Age of 16

HotelKey Sites are not intended for children under 16 years of age. No one under age 16 may provide any information to, or on, any HotelKey Sites. We do not knowingly collect personal information from children under 16, nor do we sell the personal information of children under 16. If you are under 16, do not use any HotelKey Sites, and do not provide any information via any HotelKey Sites. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that data. If you believe any HotelKey Sites may have collected personal information from or about a child under 16, please contact us at privacy@hotelkeyapp.com.

Data Retention

HotelKey retains the personal information we receive on the HotelKey Sites for the duration of your relationship with HotelKey, and where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations). Retention periods may be extended if we are required to preserve your personal information because of litigation, investigations and other similar proceedings, or if a longer retention period is required or permitted by applicable law.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such data. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Security

HotelKey is committed to protecting the security of any personal information you provide to us. HotelKey uses appropriate technical and organizational measures to safeguard your information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

Despite these protections, no electronic transmission over the Internet or information storage technology can be guaranteed to be completely secure, so you should take appropriate precautions before deciding what information you send us in this way.

Changes to this Privacy Statement

HotelKey reserves the right to change this policy from time to time to reflect changes in legal, technical, or business developments. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data.

Contact Us

If you have any questions about this Privacy Statement, or you would like to exercise any of your rights, please let us know by contacting us using any of the methods below: