& Group 10 Created with Sketch. Group 13 Created with Sketch. Group 11 Created with Sketch. Group 8 Created with Sketch.
Fill 33 Copy Created with Sketch. Ready
to book?

I. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy describes how BESIX STAY and its affiliates collect, use, consult, retain or otherwise processes your personal data when you are using our website or when you are checking in and staying at one of our hospitality centers which is an affiliate of BESIX STAY.

For the purpose of the Privacy Policy, an “affiliate” is any corporation, firm, partnership or other entity which directly or indirectly controls, is controlled by, or is under common control by BESIX STAY or wherein BESIX stay has a significant shareholding which allows it to affect policy of an affiliate.

PLEASE READ THIS PRIVACY POLICY CAREFULLY!

This Privacy Policy applies globally on the basis of EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (the ” GDPR“), as well as any legislation and/or regulation implementing or enacted pursuant to the GDPR and current and future e-Privacy legislation.

Terms defined in article 4 of the GDPR shall have the meaning as defined therein.

You will always be afforded the rights based on the GDPR irrespective of your nationality and irrespective of whether or not the GDPR applies to you as matter of EU law.

These rights are set out below.

Local law applicable in the country where the hospitality center of your choice is located, may impose additional safeguards or legal requirements which may in turn be reflected in the privacy policy you will be presented with upon check-in.

BESIX STAY may be operating as a sole or joint data controller together with the local affiliate where you are staying or intend to stay. If BESIX STAY is operating jointly as a data controller with its local affiliate, this means that you can exercise your rights against BESIX STAY BELGIUM or its local affiliate where you are staying.

In some of the situations described in this Privacy Policy, the hospitality center where you made a booking and/or are staying, will also process your data as a (joint or only) controller. The local affiliate (your hospitality center) will be solely responsible for the processing activities for which it is the only data controller.

As a rule, your personal data is only retained for as long as is required to fulfil the activities set out in this Privacy Policy, for as long as otherwise communicated to you in this Privacy Policy or for as long as is permitted by applicable law. By way of example, we may have to retain some of your personal data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation or as otherwise needed to enforce this Privacy Policy and prevent fraud and abuse.

To determine the appropriate retention period of your personal data, due account is taken of the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which your personal data is processed (if processing is at all required for the purposes) and the applicable legal requirements including those imposed by local law.

BESIX STAY is a Belgian corporation with its administrative seat at Berkenlaan 8C, 1831 DIEGEM, Belgium and with company number 0667.752.552.

Contact details DPO:

Affiliate is A-STAY PELIKAANSTRAAT NV with its administrative seat at Berkenlaan 8C, 1831 DIEGEM, Belgium, with company number 0727.908.190.

Contact details DPO or privacy representative:

II. YOUR RIGHTS PURSUANT TO EU LAW AND THIS PRIVACY POLICY

EU privacy regulation (most notably the GDPR) grants specific rights, summarized below, which you can in principle exercise free of charge. You can invoke these rights as contractual rights even if EU privacy regulations do not apply to you by operation of EU law.

In some cases, these rights may be limited e.g. if your personal data has to be retained on the basis of local applicable law or if you request the deletion of personal data which is required to complete the contract with you.

Your personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the controller(s) legitimate interests in compliance with applicable laws.

In addition, your personal data may be shared with a successor to all or part of our business (including that of an affiliate), where this is in our legitimate interests in facilitating a business sale and in this context our business interests preva il. By way of example, if parts of our business or assets are sold (including assets of or a shareholding in an affiliate), personal data may be shared as part of that transaction, subject to applicable law.

To exercise any of your rights set out below, you can file a request via email at:

privacy@besixstay.com

Please note that if you have unresolved concerns, we would appreciate it if you would inform us of any such unresolved concerns using the same e-mail address.

You do however have the right to file a complaint with the data protection authority of your country of residence or of the country wherein you believe a breach may have occurred (to the extent that these data protection authorities are competent to handle your complaint).

If your consent is the basis for processing of your personal data, you will be able to withdraw that consent at any time you want, either by logging in to your account on our website (if you have created an account) and changing your privacy settings or by expressing your intent to withdraw consent by e-mail to: privacy@besixstay.com.

Similarly, you can withdraw your consent by unsubscribing to certain services, usually by clicking on a hyperlink in an e-mail addressed to you.

Please note that the withdrawal of your consent will not affect the lawfulness of the collection and processing of your personal data based on your consent up until the moment where you withdraw your consent.

Moreover, withdrawing your consent is only effective to the extent that the processing of your personal data is happening only on the basis of your consent and is not based on another ground such as a legal requirement.

II.2 Right to access and rectify your personal data

You have the right to access, review and rectify your personal data. You therefore have the right to obtain the rectification of inaccurate personal data or to complete incomplete personal data.

You are entitled to request a copy of your personal data, to review or correct it if you wish to rectify any personal data like your name, email address, passwords and/or any other preferences. As a rule, this can be achieved by logging in to your account on our website (if you have created one) or by contacting us at: privacy@besixstay.com.

Please note however that there may be legal requirements imposed by applicable law which may prevent us from changing personal data when the requested change does not match up with official documentation such as international passports, valid ID-cards etc.

For obvious reasons, we cannot grant you access to personal data of somebody else unless you can demonstrate that you are the legal guardian of said person and local law implementing the GDPR (if any) does not preclude you from having access to personal data of this third party even if you are the legal guardian.

II.3 Right to erasure of your personal data (“right to be forgotten“)

You have the right to request deletion and erasure of your personal data which is processed as described in this Privacy Policy in case this personal data is no longer needed for the purposes for which it was initially collected or processed or in the event you have withdrawn your consent or objected to processing as described in this Privacy Policy and no other legal ground for processing applies (such as the performance of the contract concluded with you or legal requirements imposed by applicable law).

If you wish to exercise your right to erasure, please send an e-mail to this effect to: privacy@besixstay.com.

II.4 Right to restriction of processing of your personal data

Under certain circumstances, you may ask us to restrict the processing of your personal data.

You can do so when you wish to rectify your personal data pending the verification of the accuracy of your personal data by the data controller.

You can also do so when you want to prevent erasure of your personal data because you need this personal data for the establishment, exercise or defense of a legal claim.

You can also do so when you object to the processing of your personal data pending the verification of whether or not the legitimate interests of the data controller override your right to object.

If you wish to exercise your right to restrict processing, please send an e-mail to this effect to: privacy@besixstay.com

II.5 Right to object to processing of your personal data

Under certain circumstances, you may object to the processing of your personal data, most notably when your personal data is processed solely for direct marketing purposes.

If you wish to exercise your right to object, please send an e-mail to this effect to: privacy@besixstay.com

II.6 Right to personal data portability

Where you have provided personal data and where the processing is carried out by automated means and based on your consent or the performance of the contract concluded, you have the right to receive the personal data processed about you in a structured, commonly used and machine-readable format and to transmit this personal data to another “service provider”.

If you wish to exercise your right to data portability, please send an e-mail to this effect to: privacy@besixstay.com.

III.1 Online Booking Process

In the context of the booking process through our website, your personal data is collected and processed for the following purposes:

  1. to enable you to make and complete a reservation;
  2. for you to receive a booking confirmation by e-mail;
  3. for sending you pre-arrival e-mails;
  4. for compliance with local applicable law requiring personal data to be collected which has to be at the disposal of local government authorities and law enforcement agencies.

Processed personal data categories:

Address (including country of residence), date of arrival and departure, email address, first name / last name, first name / last name of any co-guest(s), payment card type, number and expiration date, mobile phone number, title (e.g. Mr. or Ms.).

Ground for processing

Processing is required to enter into and perform a contract.

Recipients of personal data (to the extent required)

  • The BESIX hospitality center where you intend to stay or are staying
  • BESIX STAY Belgium
  • IT service providers involved in the (online) booking process
  • Payment processing service providers
  • Email communications service providers

Retention Period

Your personal data will be retained until 24 hours after the end of your stay unless you opted to create an online account on our website which allows you to facilitate repeated bookings by preserving certain personal data including personal preferences. In that case, you can manage your privacy settings using our website.

If you are a “no show”, your personal data will be erased 24 hours after your indicated date of arrival unless you opted to create an online account on our website which allows you to facilitate repeated bookings. In that case, you can manage your privacy settings using our website.

Retention of some personal data may also be required for compliance with local law requiring personal data to be collected which has to be at the disposal of local government authorities and law enforcement agencies.

III.2 Physical Check-in and Check-out of Guests

When staying at the hospitality center of your choice, your personal data will be collected and processed for the purposes of (i) registering your arrival and departure date; (ii) generating a secure biometric template using Palmvein technology to grant you access to your quarters (and other areas of the hospitality center) or allowing you to use a secure RFID registration card to access your quarters if, for whatever reason, no biometric template of your hand veins can be generated; (iii) establishing and confirming your identity for invoicing purposes and for compliance with local law requirements; (iv) obtaining a credit card guarantee or deposit to ensure payment of your stay; (v) managing your secure RFID registration card (if a more secure biometric template cannot be created); (vi) managing payment of your stay; (vii) establishing, generating and sending an electronic invoice for your stay by e-mail upon check-out.

Processed personal data categories

Address (including country of residence), date of arrival and departure, email address, first name / last name, first name / last name of any co-guest(s), payment card type, number and expiration date, telephone number, title (e.g. Mr. or Ms.), nationality, secure biometric template generated using Palmvein technology by recording the veins in one of your hands.

Source of personal data

Depending on the booking mechanism used:

  • Directly from you on site i.e. in the local hospitality center
  • Directly from you using our website for booking
  • Directly from you through sampling of biometric data (i.e. the vein pattern of one of your hands)

Grounds for processing

The processing is necessary to perform the contract you entered into relating to your stay.

The processing (specifically the retention) of some of the personal data collected is also required by law in many countries.

The processing of personal data to create a secure biometric template solely to verify your identity prior to granting access to your quarters and to (certain areas of) the hospitality center where you are staying, is based on your explicit consent and serves as a security measure to protect your vital interests by preventing unauthorized access by third parties.

Recipients of personal data

  • Local affiliate
  • BESIX STAY BELGIUM

Retention Period

Your personal data will be retained until 24 hours after the end of your stay unless you opted to create an online account on our website which allows you to facilitate repeated bookings by preserving certain personal data including personal preferences. In that case, you can manage your privacy settings using our website.

The biometric template based on the veins in one of your hands generated by the Palmvein technology will ALWAYS be erased no later than 24 hours after the end of your stay.

Retention of some personal data may also be required for compliance with local law requiring personal data to be collected which has to be at the disposal of local government authorities and law enforcement agencies.

III.3 Processing of Personal Data during your Stay

When you stay in one of the hospitality centers, your stay should be as pleasant as possible.

This may require processing your personal data for the purpose of providing specific services during your stay. These services include (i) verifying your identity (using the biometric template generated by the Palmvein technology during check-in) before granting you access to your quarters and/or to (certain areas of) the hospitality center where you are staying; (ii) housekeeping, maintenance and any other service which may be offered on site including (without limitation any laundry services or parking) ; (iii) returning lost or forgotten items to you; and/or (iv) managing your preferences in order to provide you with a better service during your stay if requested by you.

Processed personal data categories

Date of arrival and departure, Email address, First name / Last name, First name / Last name of co-guest(s), Other preferences, Mobile phone number, Biometric Template of the veins of one of your hands

Source of personal data

Depending on the booking mechanism you used:

  • Through our website when you used it in order to make the booking
  • Directly from you during your stay at one of our hospitality centers
  • Directly from you through sampling of biometric data (i.e. the vein pattern of one of your hands) during actual check-in

Grounds for personal processing

BESIX STAY and its affiliates have a legitimate interest as a business to organize their day-to-day maintenance activities, to personalize the services provided (if so requested by you), and/or to be able to identify the owner of a lost or forgotten item.

The processing of personal data to create a secure biometric template solely to verify your identity prior to granting access to your quarters and to (certain areas of) the hospitality center where you are staying, is based on your explicit consent and serves as a security measure to protect your vital interests by preventing unauthorized access by third parties.

Recipients of personal data

  • Personnel of the local affiliate (and to the extent required, third party contractors)
  • BESIX STAY BELGIUM
  • IT service providers
  • PLEASE NOTE that your biometric template will ONLY be made available to local staff who deal with the administration of the local IT infrastructure of your hospitality center

III.4 Subscription to Newsletters and Marketing

If you have consented to receive our newsletters or marketing communications, you may, from time to time, be contacted by e-mail with information about our services and latest offers and your personal data may be processed for this purpose.

If you no longer want to receive our newsletters or marketing communications, please let us know by sending us an e-mail at privacy@besixstay.com

Alternatively, you can manage your privacy settings using our website.

You can also unsubscribe from marketing emails by clicking on the unsubscribe link in the emails sent to you.

Processed personal data categories

Address, Date of birth, Email address, First name / Last name, Gender, Mobile telephone number, Country of residence

Source of personal data

Directly from you when subscribing to the newsletter or later when completing your account online.

Grounds for processing

Ad hoc consent obtained during the subscription to our newsletter

Recipients of personal data

  • Local affiliate
  • BESIX STAY BELGIUM
  • IT service providers
  • Email communications service provider

III.5 Guest Satisfaction Surveys

Guest satisfaction surveys can be sent to by email during your stay or within 24 hours thereafter to measure your satisfaction. You may unsubscribe from guest satisfaction survey emails at any time by clicking on the unsubscribe link in the emails sent to you.

Ground for processing

Processing is justified to allow improvement of the hospitality services.

Recipients of data

  • Besix Stay Belgium
  • BESIX STAY Affiliates
  • Guest satisfaction survey provider

III.6 Website Forms

Should you have a particular query or feedback, including the exercise of one of your rights under the GDPR or this Privacy Policy, you can contact us through the contact forms available on our website.

This may require processing of your personal data for the purpose of handling and providing an answer to your query or request or to follow up on your feedback.

Processed data categories

Address, Email address, First name / Last name, details relating to your stay, Mobilephone number and any other personal data you entered into website forms.

Source of personal data

Directly from you through input in the website form

Ground for processing

Ad hoc consent obtained through the website form

Recipients of personal data

  • BESIX STAY BELGIUM
  • Affiliates of BESIX STAY BELGIUM
  • IT service providers

IV. Security Measures: How we Protect your Personal Data

Appropriate technical and organizational measures are implemented in order to ensure an appropriate level of cybersecurity of your personal data, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing.

These technical and organizational measure include pervasive encryption techniques, secure off-site backups, state of the art biometric identity verification, regular penetration testing, physical and IT system access controls on a “need to know” basis, activity logging and confidentiality obligations imposed contractually on both staff and third parties.

Appropriate technical and organisational measures are taken to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed.

In the event personal data is compromised as a result of a personal data breach, the required notifications will be made pursuant to applicable law.

V. International Transfers of Personal Data

If you are in the European Economic Area (EEA), the data collected from you as described in this Privacy Policy may be transferred to and stored at a destination outside the EEA, including for the purpose of processing personal data by selected processors, in order to facilitate business. These transfers are however strictly limited to the extent technically possible unless the personal data is transferred to a country which has been deemed to ensure an adequate level of personal data protection by the European Commission.

Countries outside the EEA may however not have laws which provide the same level of protection to your personal data as laws within the EEA. Where this is the case, appropriate safeguards will be put in place to ensure that such transfers comply with the GDPR, as a rule by putting in place Standard Contractual Clauses approved by the European Commission as ensuring an adequate protection or if no standard contractual clauses exist, as a last resort, by ensuring that the transfer is done to an organization that complies with the privacy shield mechanism in case the transfer is made to the United States of America.

VI. Changes to this Privacy Policy

BESIX STAY and its affiliates reserve the right to modify and update this Privacy Policy from time to time. Any relevant changes will be brought to your attention (either by e-mail or via our website).