fbpx
& Group 10 Created with Sketch. Group 13 Created with Sketch. Group 11 Created with Sketch. Group 8 Created with Sketch.
Fill 33 Copy Created with Sketch. Klaar om
te boeken?

I. SCOPE OF THE POLICY

This privacy policy (hereinafter the “Privacy Policy”) describes how BESIX STAY NV, a Belgian corporation with its administrative seat at Berkenlaan 8C, 1831 Diegem (Belgium), registered in the Crossroads Bank for Enterprises under the number 0667.752.552 (hereinafter “BESIX STAY”) and its affiliates collect, use, consult, retain or otherwise process your Personal Data when you are using our website or when you are checking in and staying at one of our hospitality centers (hereinafter the “Hospitality Center”) which is an affiliate of BESIX STAY.

For the purpose of the Privacy Policy, an “affiliate” is any corporation, firm, partnership or other entity which directly or indirectly controls, is controlled by, or is under common control by BESIX STAY or wherein BESIX STAY has a significant shareholding which allows it to affect policy of an affiliate.

Our Hospitality Centers and other entities are affiliates in which we offer our guests various services linked to hospitality:

  • A-STAY BVBA, Berkenlaan 8C, 1831 Diegem, the company is registered in the crossroads bank for enterprises under the number 0680.695.124
  • Apitri NV, Berkenlaan 8C, 1831 Diegem, the company is registered in the crossroads bank for enterprises under the number 0469.889.873.
  • Pelikaanstraat BVBA, Berkenlaan 8C, 1831 Diegem, the company is registered in the crossroads bank for enterprises under the number 0659.758.465.
  • Apitri NV, Berkenlaan 8C, 1831 Diegem, the company is registered in the crossroads bank for enterprisesunder the number 0469.889.873.
  • Park D NV, Berkenlaan 8C, 1831 Diegem, the company is registered in the crossroads bank for enterprises under the number 0469.975.490.
  • A-STAY Pelikaanstraat NV, Berkenlaan 8C, 1831 Diegem, the company is registered in the crossroads bank for enterprises under the number 0727.908.190.

Contact details:

Email: privacy@besixstay.com

Telephone: +32 2 828 20 20

PLEASE READ THIS PRIVACY POLICY CAREFULLY!

This Privacy Policy applies globally on the basis of EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (the ”GDPR“), as well as any legislation and/or regulation implementing or enacted pursuant to the GDPR and current and future privacy legislation.

Terms used in this Privacy Policy which are defined in article 4 of the GDPR shall have the meaning as defined therein (for example Personal Data, Controller, Processor,).

You will always be afforded the rights based on the GDPR irrespective of your nationality and irrespective of whether the GDPR applies to you as matter of EU law.

These rights are set out below.

Local law applicable in the country where the Hospitality Center of your choice is located, may impose additional safeguards or legal requirements which may in turn be reflected in the privacy policy you will be presented with upon check-in.

BESIX STAY may be operating as a sole or joint Controller together with the local affiliate where you are staying or intend to stay. If BESIX STAY is operating jointly as a Controller with its local affiliate, this means that you can exercise your rights against BESIX STAY or its local affiliate where you are staying.

As a rule, your Personal Data are only retained for as long as is required to fulfil the activities set out in this Privacy Policy, for as long as otherwise communicated to you in this Privacy Policy or for as long as is permitted by applicable law. By way of example, we may have to retain some of your Personal Data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation or as otherwise needed to enforce this Privacy Policy and prevent fraud and abuse.

To determine the appropriate retention period of your Personal Data, due account is taken of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the purposes for which your Personal Data are processed (if processing is at all required for the purposes) and the applicable legal requirements including those imposed by local law. BESIX STAY (and if necessary, its local affiliate) enters into a data processing agreement with third parties that process your Personal Data on our behalf to ensure the same level of security and confidentiality of your Personal Data. BESIX STAY (or its local affiliate) remains responsible for these processing operations.

In order to process your Personal Data, BESIX STAY (and/or its local affiliate) grants access to your Personal Data to its employees, persons working for it and agents, as well as to subcontractors. BESIX STAY (and/or its local affiliate) guarantees a similar level of protection by imposing contractual obligations on its employees, persons working for it and agents, as well as on its subcontractors.

II. YOUR RIGHTS

EU privacy regulation (most notably the GDPR) grants specific rights, summarized below, which you can in principle exercise free of charge. You can invoke these rights as contractual rights even if EU privacy regulations do not apply to you by operation of EU law.

In some cases, these rights may be limited e.g. if your Personal Data must be retained on the basis of local applicable law or if you request the deletion of Personal Data which is required to complete the contract with you.Your Personal Data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the Controller(s) legitimate interests in compliance with applicable laws.

In addition, your Personal Data may be shared with a successor to all or part of our business (including that of an affiliate), where this is in our legitimate interests in facilitating a business sale and in this context our business interests prevail

To exercise any of your rights set out below, you can file a request via email at: privacy@besixstay.com

 Please note that if you have unresolved concerns, we would appreciate it if you would inform us of any such unresolved concerns using the same e-mail address.

You do however have the right to file a complaint with the competent Supervisory Authority.

Reference missing: https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint

II.1. Right to withdraw your consent

If your consent is the basis for processing of your Personal Data, you will be able to withdraw that consent at any time you want.

You can withdraw your consent by unsubscribing to certain services by clicking on a hyperlink in an e-mail addressed to you, or by expressing your intent to withdraw consent by e-mail to privacy@besixstay.com

Please note that the withdrawal of your consent will not affect the lawfulness of the collection and processing of your Personal Data based on your consent up until the moment where you withdraw your consent. Withdrawing your consent is only effective to the extent that the processing of your Personal Data is happening only based on your consent and is not based on another ground such as a legal requirement.

II.2. Right to access and rectify your Personal Data

You have the right to access, review and rectify your Personal Data. You therefore have the right to obtain the rectification of inaccurate Personal Data or to complete incomplete Personal Data.

You are entitled to request a copy of your Personal Data, to review or correct it if you wish to rectify any Personal Data like your name, email address, passwords and/or any other preferences.

For obvious reasons, we cannot grant you access to Personal Data of somebody else unless you can demonstrate that you are the legal guardian of said person and local law implementing the GDPR (if any) does not preclude you from having access to Personal Data of this third party even if you are the legal guardian.

II.3 Right to erasure of your Personal Data (“right to be forgotten“)

You have the right to request deletion and erasure of your Personal Data which is processed as described in this Privacy Policy in case this Personal Data is no longer needed for the purposes for which it was initially collected or processed or in the event you have withdrawn your consent or objected to processing as described in this Privacy Policy and no other legal ground for processing applies (such as the performance of the contract concluded with you or legal requirements imposed by applicable law).

II.4 Right to restriction of processing of your Personal Data

Under certain circumstances, you may ask us to restrict the processing of your Personal Data.

You can do so when you wish to rectify your Personal Data pending the verification of the accuracy of your Personal Data by the Controller.

You can also do so when you want to prevent erasure of your Personal Data because you need this Personal Data for the establishment, exercise or defense of a legal claim.

You can also do so when you object to the processing of your Personal Data pending the verification of whether the legitimate interests of the Controller override your right to object.

II.5 Right to object to processing of your Personal Data

Under certain circumstances, you may object to the processing of your Personal Data, most notably when your Personal Data is processed solely for direct marketing purposes.

II.6 Right to Personal Data portability

Where you have provided Personal Data and where the processing is carried out by automated means and based on your consent or the performance of the contract concluded, you have the right to receive the Personal Data processed about you in a structured, commonly used and machine-readable format and to transmit this Personal Data to another “service provider”.

III.1 Online Booking Process

Purposes:

  • To enable you to make and complete a reservation;
  • For you to receive a booking confirmation by e-mail;
  • For sending you pre-arrival e-mails;
  • For compliance with local applicable law requiring Personal Data to be collected which has to be at the disposal of local government authorities and law enforcement agencies.

Processed Personal Data categories:

  • Title (e.g. Mr. or Ms.)
  • Address (including country of residence)
  • Date of arrival and departure
  • Email address
  • First name / last name, first name / last name of any co-guest(s)
  • Payment card type, number and expiration date
  • Mobile phone number

Source of personal Data

  • Directly from you using our website for booking.
  • From third party booking sites like Booking.com, Expedia, …

Ground for processing:

Processing is required to enter into and perform a contract.

Recipients (to the extend required):

  • BESIX STAY and the Hospitality Centers
  • IT service providers involved in the (online) booking process
  • Payment processing service providers
  • Email communications service providers

Retention Period

Your Personal Data will be retained until 24 hours after the end of your stay unless you opted to create an online account on our website which allows you to facilitate repeated bookings by preserving certain Personal Data including personal preferences. In that case, you can manage your privacy settings using our website, or your Personal Data will be deleted automatically upon cancelling the membership.

If you are a “no show”, your Personal Data will be erased 24 hours after your indicated date of arrival unless you opted to create an online account on our website which allows you to facilitate repeated bookings. In that case, you can manage your privacy settings using our website.

Retention of some Personal Data may also be required for compliance with local law requiring Personal Data to be collected which has to be at the disposal of local government authorities and law enforcement agencies.

III.2 Physical Check-in and Check-out of Guests

When staying at the Hospitality Center of your choice, your Personal Data will be collected and processed as follows:

Purposes:

  • Registering your arrival and departure date;
  • Upon selection by the guest asecure biometric template is generated by using Palm vein technology or a RFID registration card to grant you access to your quarters and other areas of the Hospitality Center.
  • Establishing and confirming your identity for invoicing purposes and for compliance with local law requirements;
  • Obtaining a credit card guarantee or deposit to ensure payment of your stay;
  • Managing payment of your stay;
  • Establishing, generating and sending an electronic invoice for your stay by e-mail upon check-out.

Processed Personal Data categories:

  • Title (e.g. Mr. or Ms.)
  • Address (including country of residence)
  • Date of arrival and departure
  • Email address
  • First name / last name, first name / last name of any co-guest(s)
  • Payment card type, number and expiration date
  • (Mobile) phone number
  • Birthday
  • Nationality
  • Card / Document number
  • When chosen by the guest a Secure biometric template generated using Palm vein technology by recording the veins in one of your hands

Source of Personal Data

  • Directly from you on site i.e. in the Hospitality Center;
  • Directly from you using our website for booking;
  • Directly from you through sampling of biometric data (i.e. the vein pattern of one of your hands)

Ground for processing:

The processing is necessary to create the contract relating to your stay.

The processing (specifically the retention) of some of the Personal Data collected is also required by law in many countries.

The processing of Personal Data to create a secure biometric template solely to verify your identity prior to granting access to your quarters and to certain areas of the Hospitality Center where you are staying, is based on your explicit consent and serves as a security measure to protect your interests by preventing unauthorized access by third parties.

Recipients:

  • BESIX STAY
  • Local affiliate
  • IT Service Providers

Retention Period

Your Personal Data will be retained until 24 hours after the end of your stay unless you opted to create an online account on our website which allows you to facilitate repeated bookings by preserving certain Personal Data including personal preferences. In that case, you can manage your privacy settings using our website.

The biometric template based on the veins in one of your hands generated by the Palmvein technology will ALWAYS be erased no later than 24 hours after the end of your stay.

Retention of some Personal Data may also be required for compliance with local law requiring Personal Data to be collected which has to be at the disposal of local government authorities and law enforcement agencies which is 7 years.

III.3 Processing of Personal Data during stay

When you stay in one of the Hospitality Centers, your stay should be as pleasant as possible.

Therefore, your Personal Data will be collected and processed as follows:

Purposes:

  • Verifying your identity by using the biometric template generated by the Palm vein technology during check-in before granting you access to your quarters and/or to certain areas of the Hospitality Center where you are staying;
  • Housekeeping, maintenance and any other service which may be offered on site (for example  laundry services or parking);
  • Obtaining a credit card guarantee or deposit to ensure payment of your stay;
  • Returning lost or forgotten items to you;
  • Managing your preferences in order to provide you with a better service during your stay if requested by you.

Processed Personal Data categories:

  • Date of arrival and departure
  • Email address
  • First name / last name, first name / last name of any co-guest(s)
  • Mobile phone number
  • Biometric Template of the veins of one of your hands

Source of Personal Data

  • Through our website when you used it in order to make the booking;
  • Directly from you during your stay at one of our Hospitality Centers;
  • Directly from you through sampling of biometric data (i.e. the vein pattern of one of your hands) during actual check-in.

Ground for processing:

BESIX STAY and its affiliates have a legitimate interest as a business to organize their day-to-day maintenance activities, to personalize the services provided (if so, requested by you), and/or to be able to identify the owner of a lost or forgotten item.

The processing of Personal Data to create a secure biometric template solely to verify your identity prior to granting access to your quarters and to (certain areas of) the Hospitality Center where you are staying, this is based on your explicit choice and serves as a security measure to protect and prevent unauthorized access by third parties.

Recipients:

  • BESIX STAY and/or its affiliate
  • IT Service Providers

PLEASE NOTE that your biometric template will ONLY be made available to local staff who deal with the administration of the local IT infrastructure of your Hospitality Center.

III.4 Subscription to newsletters and marketing

If you have consented to receive newsletters and/or marketing communications, your Personal Data will be collected for the next six months and processed as follows:

Purposes:

  • To receive our newsletters;
  • To receive marketing communications;
  • To receive information emails in regards of services and latest offers.

Processed Personal Data categories:

  • Email address
  • First name / last name
  • Address
  • Date of birth
  • Gender
  • Mobile phone number
  • Country of residence

Source of Personal Data

Directly from you when subscribing to the newsletter or later when completing your account online.

Grounds for processing

Ad hoc consent obtained during the subscription to our newsletter.

Recipients of Personal Data

  • Besix Stay
  • Local affiliate
  • IT service providers
  • Email communications service provider

III.5 Website forms

Should you have a query or provide feedback, including the exercise of one of your rights under the GDPR or this Privacy Policy, you can contact us through the contact forms available on our website. The retention period of this data is one Month starting from the moment the form has been sent with the exception of reservation data where the month starts from the reservation date.

This may require processing of your personal data, which will be processed as follows:

Purposes:

  • Handle general inquiry’s;
  • Handle sales inquiry’s;
  • Handle questions in regards of reservation.

Processed Personal Data categories:

  • Email address
  • First name / last name
  • Address
  • Data provided in the open text field.
  • Mobile phone number

Source of Personal Data

Directly from you through input in the website form.

Grounds for processing

 Ad hoc consent obtained through the website form.

Recipients of Personal Data

  • Besix Stay
  • Local affiliate
  • IT service providers

IV. Security Measures: How we Protect your Personal Data

Appropriate technical and organizational measures are implemented in order to ensure an appropriate level of cybersecurity of your Personal Data, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing.

These technical and organizational measures include pervasive encryption techniques, secure off-site backups, state of the art biometric identity verification, regular penetration testing, physical and IT system access controls on a “need to know” basis, activity logging and confidentiality obligations imposed contractually on both staff and third parties.

Appropriate technical and organizational measures are taken to ensure that, by default, only Personal Data which are necessary for each specific purpose of the processing are processed.

In the event Personal Data is compromised as a result of a personal data breach, the required notifications will be made pursuant to applicable law.

In no event may BESIX STAY or its local affiliate be held responsible for any direct or indirect damage caused by the erroneous or illicit use of Personal Data by a third party.

V. Transfers of Personal Data

V.1. Processing by third parties

Personal Data collected by BESIX STAY and/or its affiliates may be transferred to and may be processed by third parties (e.g. IT supplier, accountant, auditor), as well as by any administrative and/or public authority.

As these third parties shall process your Personal Data on behalf of BESIX STAY and/or its affiliates and therefore shall act as Processors, BESIX STAY and/or its affiliates shall enter into a data processing agreement with these third parties to ensure the same level of security and confidentiality of your Personal Data. BESIX STAY and/or its affiliates remain(s) responsible for these processing operations.  

The employees, managers and/or representatives of the aforementioned service providers or institutions as well as the specialized service providers designated by them, are required to respect the confidential nature of your Personal Data and may use these Personal Data  solely for the purposes for which they were provided. 

V.2. Transfer outside the EEA

Transfers of Personal Data outside the European Economic Area (“EEA”) (e.g. transfer to servers, third parties, …) will be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR. This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for Personal Data applicable in the receiving country and this may change over time. Intra-group international data transfers will be subject to legally binding agreements referred to as Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR) which provide enforceable rights for Data Subjects.

VI. Changes to this Privacy Policy

BESIX STAY and its affiliates reserve the right to modify and update this Privacy Policy from time to time. Any relevant changes will be brought to your attention (either by e-mail or via our website).

VII. Disputes

Except in case of contrary provisions of imperative law, Belgian law applies to this Privacy Policy.  In case of a dispute, only the courts of Brussels will be competent.