Staytus, Inc. Privacy Positioning Statement
Staytus, Inc. (Staytus, We, or Us) is a guest service platform that enables luxury hotels to adapt to the digital shift with smart, purpose-built marketing and communications solutions. As a global organisation, we understand the network of data privacy and protection laws that govern both our and our customers’ operations. We are committed to complying with data protection and privacy laws applicable to our business, including but not limited to the European General Data Protection Regulation 2016/679 (“GDPR”), the U.K. GDPR, and the California Consumer Privacy Act of 2018 (“CCPA”). Our privacy compliance program is designed to ensure proper safeguards are in place to collect, process, and use personal data correctly and in accordance with applicable data privacy and protection laws.
This position statement provides an overview of how we manage compliance with data privacy and protection laws that regulate the collection and processing of personal data. As an exemplar, Staytus uses terms, standards, and requirements from the GDPR and the CCPA to illustrate its relationship with its customers and individuals in connection with the provision of our products and services. Staytus, Inc.’s Direct Relationship with Data Subjects
Staytus provides products and services that are utilized by both its customers and individual data subjects.
Staytus acts as a data controller (in the sense given by Article 4(7) of the GDPR) or a business (in the sense given by § 1798.140(c) of the CCPA) with respect to the processing of personal data it receives directly from data subjects. For example, when hotel guests download the Staytus mobile application and create a profile, we collect and process certain personal information directly from the guest.
For such personal data, Staytus determines both the purpose and the means for the processing of such personal data, in the context of the overall business relationship. It follows that Staytus is directly responsible for such processing and for ensuring that such personal data is adequately protected when collected, used, and/or transferred from one country to another. Such collection and processing of personal data is subject to our own privacy policy (available here), and subject to our own compliance obligations. Staytus, Inc.’s Relationship with Customers
In limited circumstances, Staytus may act as a processor (in the sense given by Article 4(8) of the GPDR) or a service provider (in the sense given by § 1798.140(v) of the CCPA) for personal data that Staytus receives about individuals from its customers. For such personal data, Staytus processes the personal data at the direction and pursuant to the instructions of its customer.
Staytus takes its responsibilities as a processor very seriously. In that vein, we have implemented a Data Processing Addendum (DPA) that accompanies our Members Terms of Services Agreement. The DPA, as it relates to the processing of personal data received from its customers, addresses contractually required limitations on processing personal data; the implementation of certain technical and organisational safeguards to protect the integrity, confidentiality, and availability of personal data; the use of sub-processors; and compliance with certain data transfer and disclosure restrictions. Our goal is to provide a seamless engagement experience for our customers while also ensuring compliance with relevant data privacy and protection requirements. Staytus has also developed an overview of its technical and organisational safeguards it implements to ensure an appropriate level of protection over the personal data it processes, which is attached here as an appendix.
Our Ongoing Privacy Compliance Efforts
Staytus has undertaken a comprehensive company-wide project to review the application of certain data privacy and protection laws that apply to its global operations in connection with our ongoing compliance obligations.
As jurisdictions around the world consider and implement data privacy and protection regulations, Staytus’ global data privacy and protection compliance framework enables us to provide the security and trust necessary for our global customers to rely on us as a global enterprise.
Staytus will continue to review its privacy compliance program on an ongoing basis to remain at the forefront of global privacy compliance. Should you have any concerns or additional questions about the ways in which we process and protect personal data, please contact us.