← Back to Home

Privacy Policy & GDPR Compliance

GDPR Compliance Notice: Octorate is fully compliant with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to protecting your privacy and ensuring the security of your personal data.

1. Introduction

Octorate Cloud Hospitality Solutions ("Octorate", "we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our cloud-based hospitality management software and related services.

This policy complies with the General Data Protection Regulation (GDPR), the Danish Data Protection Act, and other applicable privacy laws.

2. Data Controller Information

Company: Octorate Cloud Hospitality Solutions

Address: Nyhavn 17, 1051 Copenhagen, Denmark

Phone: +45 32 72 44 11

Email: privacy@octorate.com

Data Protection Officer: dpo@octorate.com

3. Types of Data We Collect

3.1 Personal Data

Account Information

Name, email address, phone number, company details, billing information

Guest Data

Guest names, contact information, booking details, preferences (as provided by you)

Property Data

Hotel/property information, room details, pricing, availability

Usage Data

Login information, feature usage, system logs, performance metrics

3.2 Technical Data

  • IP addresses and device information
  • Browser type and version
  • Operating system information
  • Cookies and similar tracking technologies
  • Server logs and error reports

3.3 Communication Data

  • Support requests and communications
  • Email correspondence
  • Survey responses and feedback
  • Training session recordings (with consent)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

4.1 Contract Performance (Article 6(1)(b))

Processing necessary for the performance of our service agreement with you.

4.2 Legitimate Interests (Article 6(1)(f))

Processing for our legitimate business interests, including service improvement, security, and fraud prevention.

4.3 Consent (Article 6(1)(a))

Processing based on your explicit consent for marketing communications and optional features.

4.4 Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations, such as tax and accounting requirements.

5. How We Use Your Data

5.1 Service Provision

  • Provide and maintain our hospitality management software
  • Process bookings and manage reservations
  • Enable channel management and booking synchronization
  • Provide customer support and technical assistance

5.2 Business Operations

  • Account management and billing
  • Service improvement and feature development
  • Security monitoring and fraud prevention
  • Analytics and performance optimization

5.3 Communications

  • Send service-related notifications
  • Provide updates and maintenance notices
  • Respond to support requests
  • Send marketing communications (with consent)

6. Data Sharing and Third Parties

6.1 Service Providers

We may share data with trusted third-party service providers who assist us in:

  • Cloud hosting and infrastructure (AWS, Google Cloud)
  • Payment processing (Stripe, PayPal)
  • Customer support tools
  • Analytics and monitoring services

6.2 Business Partners

We may share data with:

  • Channel partners (Booking.com, Expedia, etc.) for booking synchronization
  • Payment gateways for transaction processing
  • Marketing partners (with your consent)

6.3 Legal Requirements

We may disclose data when required by law or to protect our rights and interests.

7. Data Security

7.1 Security Measures

  • Encryption in transit and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication systems
  • Employee training on data protection
  • Incident response procedures

7.2 Data Breach Response

In the event of a data breach, we will:

  • Notify relevant authorities within 72 hours
  • Inform affected individuals without undue delay
  • Implement remediation measures
  • Document the incident and response

8. Your Rights Under GDPR

8.1 Right of Access (Article 15)

You have the right to request copies of your personal data and information about how we process it.

8.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances.

8.4 Right to Restrict Processing (Article 18)

You can request limitation of how we process your personal data.

8.5 Right to Data Portability (Article 20)

You can request transfer of your data to another service provider in a structured format.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for marketing purposes.

8.7 Rights Related to Automated Decision Making

You have rights regarding automated processing and profiling.

9. Data Retention

9.1 Retention Periods

  • Account Data: Retained while your account is active and for 7 years after closure for legal compliance
  • Guest Data: Retained as specified in your data retention policies or deleted upon request
  • Usage Data: Retained for 2 years for analytics and service improvement
  • Communication Data: Retained for 3 years for customer service purposes

9.2 Data Deletion

We will securely delete your data at the end of retention periods or upon valid request, unless legal obligations require longer retention.

10. International Data Transfers

We may transfer your data to countries outside the EEA. When we do, we ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes and codes of conduct

11. Cookies and Tracking

11.1 Types of Cookies

  • Essential Cookies: Required for basic website functionality
  • Analytics Cookies: Help us understand website usage
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used for targeted advertising (with consent)

11.2 Cookie Management

You can manage cookies through your browser settings or our cookie preference center.

12. Children's Privacy

Our Services are not intended for children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our Services. Your continued use of our Services after changes constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related questions or to exercise your rights, contact us:

14.1 Data Protection Officer

Email: dpo@octorate.com
Phone: +45 32 72 44 11
Address: Nyhavn 17, 1051 Copenhagen, Denmark

14.2 Supervisory Authority

You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Denmark
Website: www.datatilsynet.dk

Last updated: December 2024