Skip to main content

Visit one of our events

Book a Demo
Privacy & Cookies

Staynova Privacy & Cookie Policy

Last updated: October 23, 2025

1. Who we are (Controller)

Staynova BV
Company number: 1028345401
Registered address: Generaal Lemanlaan 184, 8310 Assebroek, Belgium
Privacy email: hello@staynova.be

For certain processing activities (see 3B), Staynova BV acts as a processor on behalf of our business customers (such as hotels, B&Bs, and serviced apartments). In those cases, the customer is the controller and our Data Processing Agreement (DPA) applies — available on request.

2. Scope

This policy applies to:

  • our websites, apps, portals, and forms (collectively, the “Services”);

  • our marketing and sales activities (newsletters, events, demo requests);

  • the SaaS functionality that enables customers to manage the guest journey (check-in, communications, upsells, payments), insofar as Staynova acts as (sub-)processor.

3. Roles & responsibilities

A. Staynova as controller

Applies to (among others) website visitors, leads, newsletter subscribers, supplier contacts, and our own user accounts.

Categories of personal data (depending on context):

  • Identification & contact: name, role, company, email, phone, country/region.

  • Business information: hotel/company, size/segment, PMS/technology stack.

  • Interaction & usage: page views, clicks, session ID, IP address, device data, support tickets, demo appointments.

  • Transaction & invoicing (B2B): contract details, billing address, VAT number, payment status.

  • Marketing preferences & consent: opt-ins, unsubscribes, cookie preferences.

Purposes & legal bases (GDPR Art. 6):

  • Website operation, security, and troubleshooting — legitimate interests (Art. 6(1)(f)).

  • Performance & product improvement (aggregated analytics) — legitimate interests; where required: consent.

  • Sales & marketing (B2B), newsletters, events — consent (Art. 6(1)(a)) and/or legitimate interests (relevant B2B prospect relationship).

  • Contract management, invoicing & customer support — performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)).

  • Compliance with legal duties (accounting, tax, abuse prevention) — legal obligation / legitimate interests.

B. Staynova as processor for hospitality customers

Typically when processing guest data (e.g., pre-check-in data, communications, upsells, payments) via the Staynova software.

  • Controller: the customer (e.g., hotel/B&B/serviced apartment).

  • Categories of personal data (examples): name, contact details, reservation and stay details, preferences, communications, arrival/departure, in-app transactions, payments (tokenized).

  • Purposes: determined by the customer (e.g., operational handling, guest communications, upselling, payments).

  • Documentation: processing is governed by our DPA, including a list of sub-processors and appropriate safeguards.

Important: customers remain responsible for their own information obligations toward guests and for the lawful basis of their processing. Staynova provides support with tooling, security, and contractual safeguards.

4. Sources of data

  • Directly from you: form, demo request, support, contract, event.

  • Automatically via our Services: cookies, SDKs, log files, device/browser information, metadata.

  • From customers and integration partners (when acting as processor): PMS/Channel Manager/Payment provider.

  • Public sources/business databases (B2B prospects): within applicable law.

5. Cookies & similar technologies

We use cookies, SDKs, and pixels to operate our website, measure performance, and (with consent) optimize marketing. You can manage your preferences at any time via our Cookie Settings (Consent Management Platform, “CMP”).

5.1 Types of cookies

  • Strictly necessary (required for operation and security).

  • Functional (preferences, language, login).

  • Performance/Analytics (aggregated statistics; e.g., GA4 or equivalent).

  • Marketing/Advertising (retargeting; e.g., LinkedIn Insight Tag, Meta pixel) — only with consent.

5.2 Cookie table (example)

Update the table below based on your actual setup.

Name Provider Purpose Type Retention
_staynova_session Staynova Session management, security First-party, strictly necessary Session
hubspotutk, __hssrc, __hssc HubSpot Lead tracking, marketing automation First-/Third-party, marketing/analytics 6–13 months
_ga, ga* Google Analytics 4 (if enabled) Performance & product improvement First-party, analytics 2 years
li_fat_id, li_sugr LinkedIn Advertising & retargeting Third-party, marketing 30 days–2 years
_fbp Meta Advertising & retargeting Third-party, marketing 3 months
cf_clearance Cloudflare Security / bot protection First-party, strictly necessary 30 days

Browser & device settings: you can block or delete cookies via your browser. Disabling strictly necessary cookies may impact site functionality.

6. Retention periods (indicative)

  • Website & lead data (CRM/HubSpot): 24 months after last interaction or until unsubscribe.

  • Contract & invoicing data: 7 years (legal retention).

  • Product/application logs: 12 months (security & troubleshooting), unless a longer period is required.

  • Support tickets & email correspondence: 24 months after ticket closure.

  • Guest data (when acting as processor): according to the customer’s instructions/retention policy.

7. Sharing of data

We only share personal data with:

  • Processors/sub-processors acting on our behalf (e.g., hosting/cloud, email, CRM/marketing automation such as HubSpot, analytics, payments). We sign data processing agreements and assess security measures.

  • Business partners/integrations at the customer’s instruction (when acting as processor).

  • Authorities where legally required or to protect rights/safety.

  • Business transfer (merger/acquisition): involved parties, with appropriate safeguards.

An up-to-date list of sub-processors is available upon request via hello@staynova.be.

8. International transfers

Where possible, we process within the EU/EEA. If transfers outside the EEA occur, we use Standard Contractual Clauses (SCCs) and additional measures where needed. For UK transfers we apply the ICO Addendum or UK Addendum, as required.

9. Security

We implement technical and organizational measures, including but not limited to: encryption in transit and at rest, network segmentation, least-privilege access, MFA, logging & monitoring, regular backups, vulnerability management, periodic (external) tests/audits, and security training.

10. Automated decision-making & profiling

No decisions producing legal effects are made solely on the basis of automated processing. For marketing profiling (segmentation), processing is aggregated and/or based on your consent; you can always opt out.

11. Children

Our Services are not directed to children under 16 years. If we discover unlawful processing, we will delete the data.

12. Your rights

Depending on your situation, you have the following rights: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

Exercising your rights: send your request to hello@staynova.be. We will respond within 30 days. You may also lodge a complaint with your national supervisory authority (e.g., the Data Protection Authority in Belgium or the Dutch Data Protection Authority).

13. Contact

Questions or requests?
Staynova BV — Attn: Privacy
Email: hello@staynova.be

 

 
Let's start today
Online-Check-in-2025

We remap your entire guest flow

Staynova audits and rebuilds your end‑to‑end guest journey, then digitizes it inside Duve:

Pre-arrival

 

(Online) Check-in

 

During Stay

(Online) Check-Out

Review

Rebook