Privacy Notice — WelcomeBikers CRM

Last Updated: 21.11.2025

This Privacy Notice describes how WelcomeBikers LTD ("we", "us", "our") processes personal data of hotel staff members ("Users") who access and use the WelcomeBikers CRM system ("CRM").

This Notice explains what personal data we collect from Users, how we use it, how it is protected, and what rights Users have under applicable data protection laws, including the GDPR.

This Notice does not apply to hotel guests. Guest data is processed on behalf of the hotel as the Data Controller, under a separate Data Processing Agreement (DPA).

1. Roles in Data Processing

For the personal data of CRM Users (hotel staff):

  • WelcomeBikers LTD acts as the Data Controller.
  • The hotel acts as the organization providing the User's account.

2. Personal Data We Process

When Users access or work in the CRM, we may process the following categories of data:

2.1. Account Information

  • Full name
  • Email address
  • Phone number (optional)
  • Role or job position
  • Login credentials

2.2. Activity and System Logs

  • Actions performed within the CRM (e.g., creating or modifying bookings)
  • Timestamps and audit trails
  • IP address and device information
  • Technical logs related to errors or security events

2.3. Communication

  • Messages sent to our support team
  • Feedback or reports submitted through the CRM

We do not collect more information than is necessary for the operation and security of the CRM.

3. Purposes of Processing

We process User personal data for the following purposes:

  • To create and manage User accounts
  • To authenticate access to the CRM
  • To ensure system security and prevent misuse
  • To maintain audit logs required for compliance and security
  • To provide technical support to Users
  • To improve CRM stability and functionality
  • To fulfill our legal obligations (e.g., fraud prevention, security monitoring)

We do not use User data for marketing purposes.

4. Legal Basis

We process User personal data on the following legal bases:

Legal BasisDescription
Performance of a contractProviding access to the CRM
Legitimate interestsEnsuring security, auditability, and system integrity
Legal obligationsCompliance with applicable data protection and security requirements

5. Sharing of Personal Data

We may share User data only with:

  • Hosting and infrastructure providers that operate our servers
  • IT security and monitoring providers
  • Customer support tools strictly necessary to provide support

All third parties operate under data processing agreements and are obligated to protect personal data.

We do not sell, rent, or trade any User personal data.

6. International Transfers

If personal data is transferred outside the User's country (including outside the EEA/UK), we ensure appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Other recognized mechanisms under applicable law

Users may request more information about these safeguards.

7. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption in transit and at rest
  • Role-based access control
  • Strong authentication mechanisms
  • Audit logging
  • Firewalls and intrusion detection systems
  • Restricted access for support personnel

No system can guarantee absolute security, but we follow industry best practices to minimize risks.

8. Data Retention

We retain User data only for as long as necessary to operate the CRM:

Data TypeRetention Period
Account dataDuration of the hotel's contract
Logs and security dataUp to 12–24 months
Support recordsUp to 12 months

When an account is closed, access is immediately revoked and personal data is deleted or anonymized within a reasonable period, unless required otherwise by law.

9. User Rights

Depending on applicable laws (including GDPR where relevant), Users may have the right to:

  • Access their personal data
  • Correct inaccurate information
  • Delete their data (where legally permissible)
  • Restrict processing
  • Object to certain types of processing
  • Export their data in a portable format

Users should contact us to exercise these rights.

10. Contact Information

For privacy questions or data rights requests:

WelcomeBikers LTD 📧 info@welcomebikers.eu

11. Updates to This Notice

We may update this Privacy Notice from time to time. A current version will always be available in the CRM during registration or in the system settings.