PRIVACY POLICY

INNVITEME Platform

January 2026

Data Controller

The controller of the processing of personal data is:

INNVITEME SOLUTIONS SL
Tax ID (CIF): B22958961
Registered address: Gregorio Benítez 10, 1C, Madrid (28043), Spain
Email address: legal@innviteme.com

Hereinafter, the “Controller”.

Scope of Application

This Privacy Policy governs the processing of personal data of users (hereinafter, the “User”) who register and use the INNVITEME technological platform (hereinafter, the “Platform”).

Use of the Platform is voluntary and is exclusively limited to guests staying at the same hotel establishment.

Relationship with Hotels

Hotels, hostels, or other accommodation providers that facilitate access to the Platform (hereinafter, the “Hotel”):

  • are not responsible for the processing of data derived from the use of the Platform;

  • do not have access to User profiles, messages, or generated content;

  • do not intervene in the management, moderation, or storage of data.

The Hotel acts solely as a facilitator of access to the service.

Personal Data Collected

The Controller may process the following categories of data:

4.1 Data Provided by the User

  • Profile information (language, interests, place of origin, or other voluntary information).

  • Profile photographs voluntarily provided by the User.

  • Check-out date.

  • Profile content and exchanged messages.

Profile photographs will be visible exclusively to other users staying at the same establishment during the period of stay.
Photographs will be automatically deleted together with the profile at the end of the stay or when the User deletes their account.

The Controller does not verify the identity of users nor the authenticity of the published photographs.

Data obtained through third parties
When the User registers through third-party authentication services (Google or Apple), the Controller receives only the full name and the verified email address associated with that account, in accordance with the configuration chosen by the User in those services.

4.2 Technical Data

  • IP address.

  • Connection data to the Hotel’s WiFi network (solely to verify the stay).

  • Basic device information and usage logs.

4.3 Security Data

  • Reports submitted by Users.

  • Information associated with account blocking or moderation.

Purposes of Processing

Personal data are processed for the following purposes:

  • To allow registration and use of the Platform.

  • To verify that the User is an active guest of the Hotel.

  • To display profiles of other guests staying at the same establishment.

  • To manage invitations, connections, and chats.

  • To ensure the security of the Platform and prevent misuse.

  • To automatically delete the profile and chats at the end of the stay.

Electronic Communications

The Controller will not send commercial or promotional communications to Users.

The provided email address will be used exclusively for:

  • technical management of the account, and

  • exceptional and necessary communications related to security, service operation, or compliance with legal obligations.

Legal Basis for Processing

The processing of data is based on:

  • Performance of a contract, upon the User’s acceptance of the Terms and Conditions.

  • The User’s consent, by voluntarily registering.

  • The Controller’s legitimate interest, to ensure the security and proper functioning of the Platform.

Duration of Processing and Data Retention

7.1 Limited Profile Duration

Profile data and messages:

  • are retained only during the User’s stay;

  • are automatically deleted once the indicated check-out date is reached.

7.2 Limited Retention for Legal Reasons

Certain technical or security data may be retained for the strictly necessary period to:

  • comply with legal obligations;

  • handle claims;

  • prevent fraudulent or improper use.

Under no circumstances will active profiles be retained after check-out.

Data Recipients

Personal data may be disclosed only to:

  • technology providers that provide services to the Controller (hosting, maintenance, security);

  • public authorities, when there is a legal obligation.

Data are not shared with the Hotel, except for aggregated and anonymized information on general use of the service.

User Rights

The User may exercise the following rights:

  • Access.

  • Rectification.

  • Erasure.

  • Objection.

  • Restriction of processing.

  • Data portability.

Requests may be sent to: legal@innviteme.com
Documentation may be requested to verify the identity of the applicant.

Security Measures

The Controller applies reasonable technical and organizational measures to protect personal data and prevent unauthorized access, loss, or misuse.

However, the User acknowledges that no system is completely secure.

User Responsibility

The User is responsible for the use they make of the Platform and for the information they choose to share with other Users.

The Controller does not actively control or supervise interactions between Users and is not responsible for the consequences arising from such interactions.

Exclusion of Hotel Liability

The User expressly acknowledges that:

  • the Hotel is not responsible for the processing of data derived from the use of the Platform;

  • the Hotel does not have access to profiles or messages;

  • the Hotel is not responsible for interactions, meetings, or behavior of Users.

Any claim related to the Platform must be addressed exclusively to the Controller, never to the Hotel.

Amendments to the Privacy Policy

The Controller may modify this Privacy Policy at any time.

The version in force will always be the one published on the Platform.
Continued use of the service implies acceptance of such modifications.

Applicable Law

This Privacy Policy is governed by Spanish law and the General Data Protection Regulation (GDPR).