Legal

GDPR Statement

A plain-language summary of how HotelBee complies with the EU General Data Protection Regulation (GDPR), and what that means for you as a hotelier, a guest, or a visitor to our website.

Last updated 29 April 2026

1. Overview

The GDPR is the EU regulation that governs how personal data is processed across the European Union and the European Economic Area. It applies to any organisation that processes personal data of individuals in the EU, regardless of where the organisation is based.

HotelBee is built and operated with GDPR in mind. This page summarises the most important points. For the full picture, please read our Privacy Policy and Data Processing Agreement.

2. Our role under GDPR

HotelBee acts as a Data Controller in respect of website visitors, prospects, and account administrators, the people who sign up for accounts, request demos, or contact us.

HotelBee acts as a Data Processor in respect of the personal data that hotels and other customers upload, transmit or generate through the platform, for example, guest reservations, profiles, and communications. The customer is the Controller for that data, and our processing is governed by our Data Processing Agreement.

3. Your rights as a data subject

Under GDPR you have the following rights in respect of your personal data:

  • The right to be informed about how your data is collected and used.
  • The right of access, to a copy of the personal data we hold about you.
  • The right to rectification of inaccurate or incomplete data.
  • The right to erasure ("right to be forgotten"), subject to legal exceptions.
  • The right to restrict processing in certain circumstances.
  • The right to data portability, to receive your data in a structured, commonly used format.
  • The right to object to processing based on legitimate interests, including direct marketing.
  • The right not to be subject to a decision based solely on automated processing that produces legal effects.
  • The right to withdraw consent at any time, where processing is based on consent.
  • The right to lodge a complaint with your local supervisory authority.

4. How to exercise your rights

If you are a website visitor, prospect or account administrator, write to privacy@hotelbee.co with your request. We will respond within thirty (30) days; for complex requests we may extend by a further sixty (60) days and will let you know.

If your personal data is held in a hotel's HotelBee account (for example, you stayed at a hotel that uses HotelBee), you should contact the hotel directly, they are the Controller of that data. We will assist them in fulfilling your request as their Processor.

5. Security and accountability

HotelBee maintains a written information security programme aligned with industry standards. Highlights include:

  • Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access control with least-privilege defaults and mandatory multi-factor authentication for HotelBee personnel.
  • Segregation of customer environments at the data layer.
  • Audit logging of administrative actions.
  • Documented incident response and business continuity procedures, regularly tested.
  • Vendor due diligence for every sub-processor we engage.

6. International data transfers

Our primary infrastructure is located in the European Economic Area. Where personal data is transferred outside the EEA, we rely on appropriate safeguards under Chapter V of the GDPR, including the EU Standard Contractual Clauses and supplementary measures where required.

7. Breach notification

In the unlikely event of a personal data breach, we will notify our Customers without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach, in line with Article 33 GDPR. We will also support our Customers in their own notification obligations to supervisory authorities and data subjects.

8. Sub-processors and DPA

A current list of HotelBee sub-processors is maintained at hotelbee.co/legal/sub-processors. Any HotelBee Customer can request our standard Data Processing Agreement at any time by writing to management@hotelbee.co, we are happy to counter-sign in advance of subscription.

9. Data protection contact

HotelBee has appointed an internal data protection contact who oversees our GDPR programme. You can reach this contact at privacy@hotelbee.co or by writing to Strowberry Code, Attn. Data Protection, Rruga Reshit Petrela, Tirana, Albania.

10. Updates to this statement

We may update this GDPR Statement from time to time. The date at the top of this page reflects the most recent revision. Material changes will be communicated through the platform or by email.

Questions about this document? Write to management@hotelbee.co or contact our team.