TSH APP Privacy Notice
Effective: March 2023
This TSH App Privacy Notice (the “Notice”) sets out our privacy practices with respect to the TSH App (the “App”) including the collection of any information relating to an identified or identifiable natural person (“Personal Data”) and how it is handled by the TSH group.
This Notice applies to all users making use of the App (the “Users”). It covers the collection, storage, processing of Personal Data by TSH Management B.V. (“TSH") as the controller through the App.
We treat all the Personal Data of our Users with great care, and we always act in accordance with the applicable national and international data protection legislation including the EU General Data Protection Regulation (the “GDPR”), the UK Data Protection Act 2018 and the UK GDPR.
1. Updates to this Notice
This Notice may be amended from time to time. Therefore, you are encouraged to review it regularly. Check the date included at the top of this Notice to see whether this Notice has been updated, as your continued use of the App signifies your continuing awareness of this Notice.
2. Personal Data we collect, why we process your Personal Data and the applicable legal basis
Please find an overview below of the types of personal data we collect directly from you or through your use of the App, together with the purposes for processing and the legal basis we rely on.
|Your login details, including first and last name, email address and password||To provide you access to the App (and MyAccount)||Necessary for the purpose of our legitimate interest, namely for the access control of the App, and thus, to secure the App, including your Personal Data|
|Your opt-in for direct marketing communications||To send you direct marketing communications||Consent|
|Your booking details, including the type of your booking, your check-in details such as your property location, floor and room number||To send you transactional broadcast messages (e.g. regarding your booking, our Services, maintenance and surveys)||Necessary for the purpose of our legitimate interest, namely to inform you about transactional matters|
|Your laundry reservation details, including your mobile device ID||To enable you to make a laundry reservation||Necessary for the performance of the contract with you|
|Your email address||To enable you to provide us with feedback||Necessary for the purpose of our legitimate interest, namely to respond to your feedback and improve your stay with us|
|Technical data, including your internet protocol (IP) address, browser version, time zone setting, locations, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access the App|
Usage data, including information on how you use the App
|To improve the App||Necessary for the purpose of our legitimate interest, namely to improve the App, and thus, your user experience|
3. With whom do we share your Personal Data?
We may share your Personal Data with:
- TSH’s affiliates, for example, for product development purposes, improvement of the App, booking management, or regulatory and compliance purposes;
- Selected third parties that provide marketing, advertising, communication and related services to TSH, such as event organisers, marketing agencies, and online agencies; and/or
- Selected third-party service providers, including analytics services and search engine or IT providers, who assist us with the hosting, support, improvement and optimization of the App, as well as in the fraud detection and prevention services.
Further, we may share your Personal Data if:
- we sell, merge or transfer (parts of) our business or separate assets, or in the context of any other corporate reorganization in which TSH participates. In such event, we may share your personal data with the new owner or merging party respectively, but only to the extent necessary for the purpose for which your personal data are processed;
- we are subject to insolvency proceedings, as part of the sale of our assets by a liquidator (or similar);
- we are legally obliged to do so. In such event, we shall share your Personal Data with the relevant government body, supervisory authority, investigative authority or other competent authorities.
Third parties with whom we share your Personal Data provide adequate protection of your Personal Data. We have chosen the third parties with due care and where required concluded appropriate data protection arrangements.
4. How long will we keep your personal data?
We do not process your Personal Data any longer than necessary for the purposes outlined in this Notice.
If Personal Data is subject to a statutory retention period, we will retain your personal data for the period specified by the law.
To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the purposes for which we process your Personal Data, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.
Upon expiry of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations. In some circumstances, instead of destroying your Personal Data, we may anonymize your Personal Data, which means that it can no longer be associated with you. We may use the anonymized data for statistical or analytical purposes.
5. International Data Transfers
There are circumstances that require the transfer of your Personal Data outside the EU:
- We use technology service providers and cloud-based services located outside the EU for many of our business purposes. Therefore, it may be necessary that your Personal Data is transferred to servers located in countries outside the EU.
In case of transfers of Personal Data to countries outside the EU that are not recognized by the European Commission as providing an adequate level of data protection (Adequacy Decision), we ensure appropriate safeguards are in place to guarantee the continued protection of your Personal Data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.
In case of transfers of Personal Data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your Personal Data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your Personal Data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.
6. Your rights
We want to make sure that you are fully in control of your Personal Data. You have multiple rights, and we want to ensure they are respected. If you wish to exercise any of the rights listed below, please make your request by sending an e-mail from the email address that you used when signing up for a TSH service to firstname.lastname@example.org.
Please state clearly in the subject heading the type of your request, including a detailed explanation of your request. This enables us to respond to your request as quickly as possible.
Your data subject requests will only be implemented after we have validated your identity. This can be achieved by sending the request from the same email address that was used when signing up to a TSH Service. If your identity is not clear, we are entitled to ask you to provide proof of your identity before we handle your request.
We will respond to your exercise of the request within one month, but have the right to extend this period with two months. If we extend the response period, we will let you know within one month from your request.
You may ask us if we are processing your personal data and, if we are, you can request TSH to provide a copy of the Personal Data we hold about you. If your request is clearly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to comply in such circumstances.
If you believe that the Personal Data that we process is incorrect, inaccurate or incomplete, you may ask us to correct the Personal Data.
Erasure (‘Right to be forgotten’)
If you want us to remove your Personal Data, you can request us to erase your Personal Data. There are certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for performance of the contract, compliance with law or in connection with legal claims.
You may request us to suspend the processing of certain types of your Personal Data, for example if you want us to establish its accuracy or the reason for processing it.
If you want to transfer your Personal Data to you or to another party, you may request us to do so in a structured, commonly used, and machine-readable format (if technically feasible).
If we process your Personal Data for direct marketing, you have the right to object, and we will stop using your Personal Data for that purpose. If we are processing your Personal Data based on our legitimate interest for other purposes than direct marketing, you may object to our processing on this ground. However, in those cases we may be entitled to continue processing your personal data based on our compelling legitimate interests.
Right to withdraw your consent at any time
Where you may have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. You can withdraw your consent for receiving direct marketing communications by using the unsubscribe link in every communication and/or by switching off the direct marketing push notifications functionality in the App.
Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a supervisory authority in the country of your residence where you work or where an alleged infringement of the applicable data protection law took place. A list of EU data protection authorities is available here. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority. Please do not hesitate to contact us in the first instance.
7. How to Contact us
Should you have any questions or concerns regarding this Notice or how we process your Personal Data, please contact us at email@example.com, or our Data Protection Officer at Lou.firstname.lastname@example.org.