Privacy Policy

Last Updated: November 25, 2025

Hospitality Net understands that visitors to our website ("the Website") and members of Hospitality Net care about how their information is collected, used, processed, transferred, stored, and shared. This Privacy Policy describes Hospitality Net's commitment to protecting your privacy and forms part of our Website Terms & Conditions.

This Privacy Policy is reviewed at least annually and updated as necessary. Updates are published on the Website and, where required by law, we will notify you of material changes.

1. About This Policy

1.1 Who We Are

This Privacy Policy explains how Hospitality Net ("we", "us", "our") handles data as a data controller, meaning all data we process for our own purposes. Where Hospitality Net acts as a processor or sub-processor of data, that activity is governed by a separate Data Processing Agreement.

Contact Information:

  • Email: [email protected]
  • Postal Address: Hospitality Net, Boschcour 54, 6221 JR Maastricht, The Netherlands

1.2 Scope

This policy applies to personal data we collect through:

  • Our Website (hospitalitynet.org)
  • Email communications
  • Webinars and events
  • Account registration and management
  • Contact forms and inquiries

2. Information We Collect

2.1 Personal Data

"Personal Data" means any information that can identify you personally, including:

  • Name (first and last)
  • Email address
  • Company name and type
  • Phone number
  • Job title and professional information
  • Account credentials (User ID, password)
  • Communication preferences
  • Information you provide in contact forms or registration forms
  • Publicly available information from professional networks (LinkedIn, etc.)
  • Your account settings and preferences

2.2 Navigation and Usage Information

"Navigation Information" includes data about your visits and interactions with the Website:

  • IP address
  • Geographic location (city and/or country)
  • Browser type and version
  • Device information
  • Pages viewed and time spent
  • Referring website or campaign source
  • Click patterns and heat mapping data
  • Internet Service Provider (ISP)

In some cases, Navigation Information may also constitute Personal Data.

2.3 Information from Third-Party Platforms

When you create an account or log in through third-party platforms (LinkedIn, Google, Facebook), we receive:

  • Your name
  • Email address
  • Profile picture
  • Other information you authorize the platform to share

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: For marketing communications, non-essential cookies, and newsletter subscriptions

Contractual Necessity: To provide services you've requested, manage your account, and fulfill our obligations

Legitimate Interests: To improve our Website, understand user behavior, ensure security, and develop our business (where your rights don't override these interests)

Legal Obligation: To comply with applicable laws and regulations

3.2 Purposes of Processing

We use your information for:

Account Management

  • Creating and managing your Hospitality Net account
  • Personalizing your 'My HN' experience
  • Authenticating your identity
  • Managing your preferences

Communications

  • Sending newsletters and updates (with your consent)
  • Responding to your inquiries
  • Providing customer support
  • Sending service-related notifications

Website Improvement

  • Analyzing usage patterns and trends
  • Understanding user preferences
  • Improving content and functionality
  • Conducting user profiling for better service delivery
  • Heat mapping and user experience optimization

Business Operations

  • Processing payments
  • Preventing fraud and ensuring security
  • Complying with legal obligations
  • Protecting our rights and property

Marketing

  • Sending promotional materials (with your consent)
  • Tailoring advertising and offers
  • Campaign performance analysis

3.3 Automated Decision-Making

We may use automated tools to analyze user behavior and preferences to personalize content. You have the right to object to automated decision-making that significantly affects you. Contact us at [email protected] to exercise this right.

4. Cookies and Tracking Technologies

4.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Website. We use cookies to ensure optimal user experience and improve our services.

4.2 Types of Cookies We Use

Essential Cookies (Required)

  • Purpose: Enable core website functionality
  • Examples: Session management, security, load balancing
  • Legal Basis: Necessary for service provision
  • Duration: Session or up to 1 year

Functional Cookies (Optional)

  • Purpose: Remember your preferences and settings
  • Examples: Login data, language preferences
  • Legal Basis: Your consent
  • Duration: Up to 2 years

Analytics Cookies (Optional)

  • Purpose: Understand website usage and improve quality
  • Examples: Google Analytics, Hotjar
  • Legal Basis: Your consent
  • Duration: Up to 2 years

Marketing Cookies (Optional)

  • Purpose: Deliver personalized marketing and measure campaign effectiveness
  • Examples: Google Ads, social media pixels
  • Legal Basis: Your consent
  • Duration: Up to 2 years

4.3 Managing Your Cookie Preferences

You can manage your cookie preferences through:

  • Our cookie consent banner (when you first visit)
  • Your browser settings
  • Your account settings (for registered users)

Withdrawing consent for non-essential cookies may affect website functionality. Essential cookies cannot be disabled as they are necessary for the Website to function.

5. How We Share Your Information

5.1 We Do Not Sell Personal Data

We do not sell, rent, or trade your Personal Data to third parties.

5.2 Service Providers and Partners

We share information with trusted third-party service providers who help us operate our business:

Current Service Providers:

  • Cloudflare & Cloudflare Stream: CDN, security, and video hosting
  • Google Services: Analytics (Google Analytics), advertising (Google Ads), Tag Manager, and reCAPTCHA
  • Hotjar: User behavior analytics and heat mapping
  • Stripe: Payment processing
  • Salesforce & Pardot: CRM and marketing automation

These providers process data on our behalf under strict contractual obligations to protect your information and use it only for specified purposes.

5.3 Third-Party Terms

The terms and privacy policies of our service providers may apply to you. Your acceptance of third-party terms is required to access certain Website features.

5.4 Legal Disclosure

We may disclose your Personal Data when required to:

  • Comply with applicable laws, regulations, or valid legal processes
  • Protect our rights, property, or safety, or that of our users
  • Enforce our terms and conditions
  • Respond to claims of illegal activity or policy violations

5.5 Business Transfers

If Hospitality Net undergoes a merger, acquisition, reorganization, or asset sale, your Personal Data may be transferred as part of that transaction.

6. Third-Party Services and Links

6.1 Third-Party Websites

Our Website contains links to third-party websites. We are not responsible for the privacy practices or content of these websites. We recommend reviewing their privacy policies before providing any information.

6.2 Third-Party Embeds

We embed content from third-party services (YouTube videos, maps, etc.). When you interact with embedded content, the third party may collect information about your interaction, including:

  • IP address
  • Viewing behavior
  • Device information

We do not control what information third parties collect through embeds. The third party's privacy policy governs this data collection.

7. International Data Transfers

As an international company serving customers worldwide, we may transfer and access Personal Data across borders, including to and from the United States and other countries outside the European Economic Area (EEA).

7.1 Safeguards for International Transfers

For transfers outside the EEA, we implement appropriate safeguards:

  • EU Standard Contractual Clauses (SCCs)
  • Binding corporate rules
  • Adequacy decisions by the European Commission
  • Additional supplementary measures as required by law

7.2 Your Rights Apply Globally

We believe your essential privacy rights are not contingent on your nationality or residency. While applicable law always governs data privacy matters, we intend for this Privacy Policy to apply generally to all users worldwide.

8. Data Retention

8.1 Retention Principles

We retain Personal Data only as long as necessary for the purposes for which it was collected or as required by law.

8.2 Specific Retention Periods

Account Data

  • Active accounts: For the duration of your account plus 90 days after closure
  • Deleted upon request or account deletion

Marketing Communications

  • Until you unsubscribe or withdraw consent
  • Suppression lists maintained indefinitely to honor opt-outs

Analytics Data

  • Aggregated/anonymized data: Up to 38 months
  • Individual usage data: Up to 14 months

Payment Information

  • Transaction records: 7 years (for legal and accounting requirements)
  • Payment card data: Not stored (processed by Stripe)

Legal Compliance

  • Data retained for legal purposes: As required by applicable law

Backup Data

  • Backup systems: Up to 90 days, then permanently deleted

8.3 Requesting Deletion

You may request deletion of your Personal Data at any time. See Section 10 for how to exercise this right.

9. Data Security

9.1 Security Measures

Data security is of critical importance to us. We implement comprehensive security measures including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication measures
  • Employee training on data protection
  • Incident response procedures
  • Regular backups with secure storage

9.2 Data Breach Notification

In the unlikely event of a data breach affecting your Personal Data, we will:

  • Notify affected individuals without undue delay (within 72 hours where required by law)
  • Report to relevant supervisory authorities as required
  • Provide information about the nature of the breach and steps being taken

9.3 Your Responsibility

Please keep your login credentials confidential and notify us immediately if you suspect unauthorized access to your account.

10. Your Privacy Rights

Depending on your location and applicable data protection laws, you may have the following rights:

10.1 Right to Access

Request access to your Personal Data and receive a copy in a commonly used electronic format.

10.2 Right to Rectification

Request correction of inaccurate or incomplete Personal Data.

10.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your Personal Data, subject to legal limitations (e.g., legal obligations, legitimate interests).

10.4 Right to Restriction of Processing

Request that we limit how we use your Personal Data in certain circumstances.

10.5 Right to Data Portability

Receive your Personal Data in a structured, machine-readable format and transmit it to another controller.

10.6 Right to Object

Object to our processing of your Personal Data based on legitimate interests or for direct marketing purposes.

10.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing before withdrawal).

10.8 Right to Lodge a Complaint

File a complaint with a supervisory authority in your country if you believe we have violated your privacy rights.

10.9 Exercising Your Rights

To exercise any of these rights, contact us:

  • Email: [email protected]
  • Postal Mail: Hospitality Net, Boschcour 54, 6221 JR Maastricht, The Netherlands

We will respond to your request within 30 days (or as required by local law). We may need to verify your identity before processing your request.

10.10 Unsubscribe from Marketing

To unsubscribe from marketing emails:

  • Click the "unsubscribe" link in any marketing email
  • Update preferences in your account settings
  • Email [email protected]

11. Special Provisions for Specific Regions

11.1 European Economic Area (EEA) and UK

Data Controller: Hospitality Net, Boschcour 54, 6221 JR Maastricht, The Netherlands

Supervisory Authority: You may lodge a complaint with your local data protection authority or the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Legal Bases: As specified in Section 3.1

Data Protection Officer: For inquiries, contact [email protected]

11.2 California Consumer Privacy Act (CCPA/CPRA) Supplement

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by CPRA):

California Consumer Rights:

  • Right to Know: Request disclosure of personal information collected, sources, purposes, and third parties with whom it's shared
  • Right to Delete: Request deletion of personal information, subject to legal exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of "sale" or "sharing" of personal information (Note: We do not sell or share personal information)
  • Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information beyond what's necessary
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Personal Information Collected:

  • Identifiers (name, email, IP address)
  • Commercial information (purchase history, preferences)
  • Internet activity (browsing behavior, interactions)
  • Professional information (company, job title)
  • Inferences (preferences, characteristics)

Business Purposes for Collection: As described in Section 3.2

Submitting CCPA Requests: California residents may submit requests by:

  • Email: [email protected]
  • Toll-free: [Add if applicable]
  • Online form: [Add if applicable]

Please be as specific as possible. We are required to verify your identity before processing requests.

Do Not Sell My Personal Information: We do not sell personal information and have not sold personal information in the preceding 12 months.

Shine the Light Law: California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.

11.3 Other U.S. State Privacy Laws

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have rights similar to those described in the CCPA section. Contact us to exercise these rights.

12. Children's Privacy

The Website and our services are intended for business use and not directed toward children under 16 years of age ("Children"). We do not knowingly collect Personal Data from Children.

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at [email protected] so we can delete the information.

We encourage parents and legal guardians to monitor their children's internet usage and help enforce this Privacy Policy by instructing children never to provide personal information through our Website.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in our data practices
  • New legal requirements
  • Enhanced privacy protections
  • Service improvements

13.1 Notification of Changes

  • Material Changes: We will notify you via email (to your registered email address) or prominent notice on the Website at least 30 days before the changes take effect
  • Non-Material Changes: Posted on this page with an updated "Last Updated" date

13.2 Review Policy

We encourage you to review this Privacy Policy periodically. Continued use of the Website after changes become effective constitutes acceptance of the updated policy.

14. Additional Information

14.1 Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Primary Contact:

Postal Address: Hospitality Net Boschcour 54 6221 JR Maastricht The Netherlands

14.2 Language

This Privacy Policy is provided in English. If translated into other languages, the English version prevails in case of discrepancies.

14.3 Updates and Version History

  • Current Version: November 25, 2025
  • Previous Version: April 4, 2022