PRIVACY POLICY

Beta Version – Belgium / European Union

Last updated: February 1, 2026

This Privacy Policy (the “Policy”) describes how Innexo, having its registered office in Belgium (the “Controller”, “we”, “us”, “our”), processes personal data in connection with the website, platform, tools, interfaces, and related services (collectively, the “Service”).

This Policy is drafted in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation – “GDPR”) and applicable Belgian data protection laws. By accessing or using the Service, the user acknowledges having read and understood this Policy.

1. Nature of the Service and Scope of Processing

The Service is provided as a beta version for testing and evaluation purposes only. Personal data processing is limited to what is strictly necessary for operating, securing, evaluating, and improving the Service. The Controller does not process personal data for marketing, profiling, or automated decision-making purposes during the beta phase.

2. Categories of Data Subjects

The Service may process personal data relating to:

  • users accessing the Service;
  • hotel operators or their authorized representatives;
  • guests submitting feedback through the Service;
  • technical or administrative contacts.

3. Categories of Personal Data

Depending on use of the Service, the following categories of personal data may be processed:

  • identification data such as name, email address, or similar contact details where voluntarily provided;
  • content data, including feedback or messages submitted by users;
  • technical data, including IP address, device identifiers, browser type, operating system, timestamps, and usage logs;
  • authentication and access data where applicable.

The Controller does not intentionally collect special categories of personal data as defined under Article 9 GDPR.

4. Legal Bases for Processing

Personal data is processed on one or more of the following legal bases:

  • the necessity of processing for the performance of the Service as requested by the user (Article 6(1)(b) GDPR);
  • the legitimate interests of the Controller in operating, securing, maintaining, and improving the Service (Article 6(1)(f) GDPR);
  • the user’s consent, where explicitly requested and provided (Article 6(1)(a) GDPR).

Where processing is based on legitimate interest, such interest consists in ensuring the proper functioning, security, and evaluation of a beta-stage service, and does not override the fundamental rights and freedoms of data subjects.

5. Purposes of Processing

Personal data is processed exclusively for the following purposes:

  • providing and operating the Service;
  • enabling submission and transmission of feedback;
  • ensuring security, integrity, and technical functionality;
  • monitoring, diagnosing, and preventing misuse or abuse;
  • evaluating and improving the Service during the beta phase;
  • complying with legal obligations.

Personal data is not used for advertising, commercial prospecting, or behavioral analysis during the beta phase.

6. Data Minimization and Accuracy

The Controller limits the collection of personal data to what is strictly necessary for the stated purposes and takes reasonable measures to ensure that processed data is accurate and up to date where relevant.

Users remain responsible for the accuracy of personal data they voluntarily provide through the Service.

7. Data Retention

Personal data is retained only for the duration necessary to fulfill the purposes described in this Policy or as required by applicable law.

During the beta phase, personal data may be stored temporarily for evaluation and debugging purposes and may be deleted, anonymized, or aggregated at any time without prior notice.

The Controller does not guarantee long-term retention of personal data during the beta phase.

8. Data Recipients and Processors

Personal data may be processed by the Controller and, where strictly necessary, by technical service providers acting as data processors (e.g. hosting, cloud infrastructure, authentication services).

Such processors act solely on the instructions of the Controller and are subject to appropriate contractual and technical safeguards in accordance with GDPR requirements.

Personal data is not sold or shared with third parties for commercial purposes.

9. International Data Transfers

Where technical infrastructure involves processing outside the European Economic Area, such transfers are conducted in compliance with GDPR requirements, including the use of adequacy decisions, standard contractual clauses, or equivalent safeguards.

10. Security Measures

The Controller implements reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.

However, given the experimental nature of the Service, absolute security cannot be guaranteed, and users acknowledge the inherent risks associated with electronic data transmission and storage.

11. Data Subject Rights

In accordance with the GDPR, data subjects have the right to request:

  • access to their personal data;
  • rectification of inaccurate or incomplete data;
  • erasure of personal data, subject to legal limitations;
  • restriction of processing;
  • objection to processing based on legitimate interests;
  • data portability where applicable.

Requests may be submitted to the contact details provided below. The Controller reserves the right to verify the identity of the requester before acting upon such requests.

12. Withdrawal of Consent

Where processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

13. Complaints

Data subjects have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of their habitual residence or place of alleged infringement. In Belgium, this is the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).

14. Changes to this Policy

The Controller reserves the right to modify this Privacy Policy at any time. Updated versions will be published on the Service. Continued use of the Service after publication constitutes acknowledgment of the revised Policy.

15. Contact

For questions or requests relating to this Privacy Policy or personal data processing:

Email: support@innexo.com