Data Policy
Treebū Hotels Data Policy
This Data Policy explains how Treebū Hotels handles, processes, stores, and protects data throughout its lifecycle when guests use the Treebū Hotels mobile app and related services.
1. Overview
Treebū Hotels is committed to responsible data stewardship. This Data Policy outlines our data governance framework, including how we collect, process, store, transfer, and protect data across our platform. This policy complements our Privacy Policy and should be read together with it.
2. Data Collection Principles
We follow these core principles when collecting data:
- Purpose limitation: We collect data only for specified, explicit, and legitimate purposes related to providing hotel guest services.
- Data minimization: We collect only the data that is adequate, relevant, and limited to what is necessary for the intended purposes.
- Transparency: We inform guests about what data we collect and why, through this policy and our Privacy Policy.
- Accuracy: We take reasonable steps to ensure data is accurate and kept up to date where necessary.
3. Categories of Data Processed
Our platform processes the following categories of data:
- Guest data: Identity, contact, reservation, check-in, service requests, and profile information.
- Operational data: Hotel configuration, room assignments, service workflows, and staff access controls.
- Technical data: Device information, app performance metrics, crash reports, security logs, and access events.
- Communication data: Messages, notifications, and support interactions between guests and hotel staff.
- Transaction data: Service requests, restaurant bookings, discount applications, and amenity reservations.
4. Data Processing and Usage
We process data for the following purposes:
- Providing and maintaining the Treebū Hotels app and digital guest services.
- Facilitating hotel operations, including check-in, room assignments, and service delivery.
- Authenticating users and managing access controls for guests and hotel staff.
- Delivering digital key functionality where supported by participating hotels.
- Monitoring app performance, diagnosing technical issues, and improving platform reliability.
- Complying with legal obligations, resolving disputes, and enforcing our terms.
5. Data Storage and Retention
We store data on secure cloud infrastructure with industry-standard protections. Our data retention practices are guided by the following:
- Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.
- Operational data is retained based on hotel requirements and applicable legal obligations.
- Technical logs and security records are retained for a limited period necessary for security analysis and incident response.
- Marketing consent records are retained until consent is withdrawn, plus a reasonable period for compliance documentation.
- Upon account deletion, personal data is removed or anonymized within a reasonable timeframe, subject to legal retention requirements.
Retention periods may vary by jurisdiction and data category. We review our retention practices periodically to ensure they remain appropriate.
6. Data Security Measures
We implement appropriate technical and organizational measures to protect data:
- Encryption of data in transit using TLS and encryption at rest for stored data.
- Role-based access controls to limit data access to authorized personnel and systems.
- Multi-factor authentication for administrative access to data processing systems.
- Regular security assessments, vulnerability scanning, and penetration testing.
- Logging and monitoring of data access and system events for security incident detection.
- Incident response procedures to address and mitigate data breaches promptly.
7. Data Sharing and Transfers
Data may be shared with the following categories of recipients:
- Participating hotels: Hotels where guests have reservations or are staying receive relevant guest data to provide services.
- Service providers: Third-party vendors that support our infrastructure, hosting, authentication, analytics, and communications, under contractual data processing agreements.
- Technology partners: Partners that enable specific features such as digital keys, restaurant bookings, or payment processing.
- Legal and regulatory authorities: When required by law, court order, or to protect rights and safety.
When data is transferred internationally, we implement appropriate safeguards in accordance with applicable data protection laws, including standard contractual clauses and security assessments where required.
8. Data Subject Rights
Depending on your jurisdiction, you may have the following rights regarding your data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data under certain circumstances.
- Restriction: Request limitation of how we process your data.
- Portability: Request transfer of your data to another service provider.
- Objection: Object to certain processing activities, including direct marketing.
To exercise any of these rights, contact us at the details provided below. We may need to verify your identity and may coordinate with the hotel associated with your reservation.
9. Data Breach Response
In the event of a data breach involving personal data, we maintain an incident response plan that includes:
- Immediate containment and investigation to determine the scope and impact of the breach.
- Notification to affected individuals and relevant authorities as required by applicable law.
- Remediation measures to prevent recurrence and strengthen security controls.
- Documentation of the incident and response actions for compliance and review.
10. Policy Updates and Review
We review and update this Data Policy periodically to reflect changes in our data practices, technology, legal requirements, and operational needs. When we make material changes, we update the effective date and notify users as required by applicable law.
11. Contact Us
If you have questions about this Data Policy, wish to exercise a data right, or need to report a data concern, contact us at privacy@treebuhotels.com. For app support, contact support@treebuhotels.com.