Privacy Policy
Last Updated: December 2025
Introduction
We are committed to protecting your privacy. This Privacy Policy explains how 7Lynx (“we” or “us”), as a hotel booking application provider in the EU, collects, uses, and safeguards personal data of users (“you” or “guests”) of our mobile application. Our app allows guests to book hotel rooms, purchase event tickets, and make minibar orders. We comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws in handling your information. By registering an account or using our app, you agree to the practices described in this Policy.
Information We Collect
We collect several categories of personal data from you when you register or use our services:
Identification and Contact Data
This includes your name, surname, date of birth, and contact details (such as email address and phone number) provided during registration. We may also collect user preferences (for example, room or dietary preferences) to enhance your stay. These are basic personal identifiers necessary to create your account and manage bookings.
Verification Documents
For certain services (such as expedited check-in or legal requirements), we might request a copy of your government-issued ID or passport. This may involve collecting your passport or national ID number and copies of your identification documents to verify your identity. We use this information only for identity verification and to comply with hotel security or regulatory obligations, and we protect it as sensitive data.
Booking and Transaction Data
We maintain records of your booking history (past and upcoming hotel reservations) and any ticket purchases or in-app orders (such as minibar purchases). This information allows you to review your past trips and helps us provide customer support and personalized services. We retain booking history for as long as necessary to serve these purposes and for legal compliance (for example, financial reporting).
Payment Information
When you make purchases (room bookings, tickets, or other services) through the app, payment processing is handled by our third-party payment processor, Stripe. You will provide payment details (for example, credit card number and expiration date) in the app, but we do not store full payment card information on our servers. All payment data is stored by Stripe, and processing of your payment information is subject to Stripe’s own privacy policy. This means Stripe will collect and safeguard your payment details on our behalf. We only receive limited information such as confirmation of payment or a transaction ID.
Location Data
With your permission, our mobile app may collect precise location information to offer location-based features. For example, you may use the app to find hotels “near me” or receive local recommendations. In such cases, we utilize Google location services (for example, Google Maps API) to determine your approximate GPS location. Location data is used to show relevant content or services based on your current location (such as nearby hotel options or directions). We do not collect or use your device’s location unless you have granted permission and are actively using a location-based feature. You can choose to enable or disable location access at any time through your device settings. When location services are enabled, Google may process location information under Google’s terms; please refer to Google’s privacy policy for how they handle such data.
Device and Usage Data
Like most applications, we automatically collect certain technical data when you use our app. This includes details about your device (such as device type, operating system, unique device identifiers), IP address, app usage logs (features used, pages viewed, timing of actions), and diagnostic information (such as crash reports). We collect this data to ensure the app functions securely and to improve our services, for example by diagnosing issues or analyzing usage patterns. This information does not directly identify you, but it may be linked to your account for troubleshooting and analytics purposes.
We collect the above information either directly from you (for example, information you enter in the app) or automatically through your interaction with the app (for device/usage data and location if permitted). All personal information you provide should be truthful and up-to-date, and you may update your account details at any time.
How We Use Your Information
We process personal data for the following purposes, and each purpose has a lawful basis under GDPR:
Providing and Managing Services
We use your personal data to create and manage your user account, and to facilitate your hotel bookings, ticket purchases, and other orders. This includes processing reservations, sending booking confirmations, providing tickets, and enabling payment for services. The legal basis for this is performance of a contract – we need to process your data in order to provide the services you request.
Identity Verification and Security
If we collect ID documentation or other identity details, it is used to verify your identity (for example, to confirm your booking eligibility or during mobile check-in) and to comply with legal obligations that apply to hotels (such as record-keeping or guest registration laws). The legal basis is our legal obligation (where law requires us to verify identity or record guest information) or our legitimate interest in preventing fraud and ensuring security.
Processing Payments
We use the information about your purchases to charge you for the services you use. Payment details are handled via Stripe as noted, and we use the transaction information to track and confirm payments. This is also part of fulfilling our contract with you (to provide the paid services). For example, if you book a room or buy a ticket, we must process that payment and keep a record of it.
Communication and Customer Support
We may use your contact information (such as email and phone) to communicate with you about your bookings and account. This includes sending reservation confirmations, updates or changes to your bookings, check-in instructions, receipts for purchases, and responding to inquiries or support requests you send us. We may also send you service-related announcements (such as important notices about the app or policy updates). These communications are part of providing our services and may be necessary for contractual reasons (for example, to deliver your booking details).
Personalization and Preferences
We process data about your preferences, past bookings, and usage of the app to personalize your experience. For instance, we might pre-fill your preferred settings or suggest hotel rooms or deals based on your previous stays or interests. Doing so helps improve our service and offer relevant content. We rely on legitimate interest as the legal basis for this processing, as it is in our interest to enhance our services and in your interest to receive a tailored user experience.
Location-Based Services
If you have opted to share location, we use your location data to provide features like interactive maps, nearby hotel suggestions, or location-specific notifications. For example, the app can show hotels near your current location or offer navigation assistance for a booking. We only use your GPS location when you engage with these features, and you can withdraw consent by disabling location access. The legal basis for processing precise location data is your consent, which you can give or revoke via your device permissions.
Marketing and Promotional Communications
We will only use your data for marketing purposes if you have given explicit consent. If you opt in, we may send you newsletters, special offers, or promotions (for example, a discount code for a future booking or information about a partner service). You have the right to withdraw consent at any time, and we provide easy opt-out mechanisms (such as an “unsubscribe” link in emails or settings in the app to disable marketing notifications). We do not send you promotional messages without your consent, and we do not share your contact details with third-party marketers without permission.
Improving Our Services and Analytics
We analyze usage data, feedback, and interactions (in an aggregated or anonymized form where possible) to understand how our app is used and to improve its functionality. This helps us debug issues, develop new features, and enhance user experience. For example, we might look at which features are most popular or how users navigate the interface in order to make the app better. We consider this processing to be in our legitimate interest as it is necessary for running and growing our business.
Legal Compliance and Protection
We may process and retain personal information as needed to fulfill our legal obligations (for example, maintaining transaction records for tax and accounting purposes, or complying with hotel guest registration laws). We also may use or disclose data to assert legal rights or defend against legal claims, to prevent, detect, or investigate fraud or other unlawful activity, and to ensure the safety of our users, staff, and property. The legal bases for this are legal obligation and our legitimate interests in protecting our operations.
We will not use your personal data for purposes that are incompatible with those described above without notifying you and obtaining any necessary consent. If we ever need to process your data for a new purpose, we will update this Privacy Policy and inform you as required.
How We Share Your Information
We treat your personal data with care and do not sell your personal information to third parties. However, in order to provide our services and run our business, we may share your data with the following categories of recipients, only to the extent necessary:
Hotel Partners and Service Providers
When you make a hotel booking or purchase a ticket through the app, we must share relevant details with the hotel or the event organizer to fulfill your reservation or purchase. For example, if you reserve a room, your name and booking details will be provided to the hotel so they can check you in, and if you buy an event ticket, the ticket issuer will receive your information to issue the ticket. These partners are themselves data controllers of the information needed to provide the service and are expected to handle your data in accordance with their own privacy policies and applicable law. We only share the information required for the specific service.
Payment Processor (Stripe)
As noted, we use Stripe to handle payments. When you enter payment information in the app to pay for a booking or purchase, that information is transmitted securely to Stripe. Stripe processes your payment details and confirms the payment to us. We share with Stripe only what is necessary for payment processing. Stripe may also receive your email or other identifiers to send you a receipt or for fraud prevention. Stripe is a GDPR-compliant data processor for us, and your payment data is handled under Stripe’s privacy policy.
Cloud Storage and IT Providers
We may store your data on cloud servers or use third-party IT infrastructure (for example, hosting providers or database services). Those service providers may technically have access to personal data for storage or backup purposes. We ensure any such providers are bound by confidentiality and data protection obligations as required by GDPR. They are not allowed to use your data for any purpose other than providing services to us.
Analytics and Crash Reporting
We might use analytics services or crash reporting tools to collect usage data and crash logs. These tools help us understand app performance and issues. If we use such third-party services, we ensure data is either not identifying or the provider is under strict data protection terms. Any personal data shared for analytics is minimized and pseudonymized where possible.
Google Maps Platform
If our app integrates Google Maps or similar Google services for location features, Google may collect certain information when you use those features (for example, location coordinates and device identifiers). This information is governed by Google’s own privacy terms. We only enable such data sharing when you use the map or location features, and it is used to render the services (like showing a map or calculating directions). We recommend reviewing Google’s Privacy Policy if you use the map features, as Google will act as an independent controller for the location data processed through their platform.
Legal and Safety Disclosures
We may disclose personal information to third parties (such as law enforcement agencies, regulators, or government authorities) if required to do so by law or legal process, or if we have a good-faith belief that such disclosure is necessary to comply with a legal obligation, enforce our terms and conditions or other agreements, or protect the rights, property, or safety of our company, our users, or others. In any such case, we will ensure the request is legitimate and only share the minimum necessary data.
Business Transfers
If our company undergoes a business transaction such as a merger, acquisition, corporate reorganization, or asset sale, your personal data may be transferred to the successor or acquiring entity. If this happens, we will ensure the new owner is bound to respect your personal data in line with this Privacy Policy and applicable privacy laws, and we will notify you of any change in data handling where required.
Aside from the above, we will not share your personal information with third parties for their own marketing or other purposes without your consent. We do not sell or rent user data. All third-party processors we engage are subject to data processing agreements under GDPR Article 28, which obligate them to protect your data and process it only on our instructions.
Data Retention
We keep your personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. The retention period can vary depending on the type of data and the purposes for which we collected it:
Account Information
We retain the personal data associated with your account (such as your profile information, contact details, and preferences) while your account remains active. If you choose to delete your account or it is inactive for an extended period, we will delete or anonymize this information, unless we need to keep it for a legal reason (such as resolving disputes or enforcing our agreements).
Booking and Transaction Records
We retain booking history, purchase records, invoices, and related transaction details for a certain period even after the service has been provided. This is to allow you to access your past booking information and for our legitimate business and legal purposes (for example, financial reporting and compliance). Typically, financial and transaction records are kept for a number of years as required by tax law or corporate record-keeping rules. After the retention period, or upon your request if earlier, we will either securely delete or anonymize these records unless a further retention is required (for example, in case of an ongoing legal matter).
ID Verification Documents
Copies of passports or IDs collected for verification are treated with heightened security and are kept only as long as necessary for the verification purpose or to comply with legal record requirements. Once verification is completed and we are no longer required to retain the ID data, we will delete it or store it in a highly restricted manner, separated from active user databases.
Location Data
Location information (if collected) is not stored in an identifiable profile for longer than needed. Real-time location is used to service your request (for example, show nearby hotels) and is not retained indefinitely. We may keep logs of location requests (for security and auditing) for a short period, but these logs are typically purged routinely.
Communications
If you contact customer support or otherwise communicate with us, we may retain those communications (emails, chat logs, support tickets) for evidence and training purposes. These records are generally kept as long as you have an account or as needed to address any issues in the communications.
When we no longer have a legitimate need or legal obligation to keep your personal data, we will ensure it is either deleted or anonymized so it can no longer be associated with you. If deletion or anonymization is not immediately feasible (for example, because the data is stored in backup archives), we will securely store the data and isolate it from further use until deletion is possible.
Data Security
We take data security seriously and implement appropriate technical and organizational measures to protect your personal information. These measures include encryption of sensitive data (for example, our app uses HTTPS/TLS to encrypt data in transit), secure storage of information in protected databases, access controls so that only authorized staff and service providers can access data on a need-to-know basis, and regular monitoring of our systems for vulnerabilities or breaches. We also employ anonymization or pseudonymization techniques where suitable, especially for analytics.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We therefore cannot guarantee absolute security of data in the face of all possible cyber threats. However, we continuously update our security practices to mitigate risks. In the unlikely event of a data breach affecting your personal data, we will follow all applicable breach notification laws, including informing you and relevant authorities when required.
Security tips
You also play a role in keeping your data secure. Please use a strong, unique password for your account and keep your login credentials confidential. Notify us immediately at our contact email if you suspect any unauthorized use of your account or any security incident.
International Data Transfers
Our services are intended primarily for use within the European Union, and we aim to process your data within the EU/EEA. However, some of our external service providers (such as Stripe or Google) and technical infrastructure may be located in countries outside the EEA (for example, the United States). Whenever personal data is transferred outside the EEA, we take steps to ensure adequate protection of your information in line with GDPR requirements.
For transfers to countries that the European Commission has not deemed to have adequate data protection laws, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or an equivalent legal mechanism. These are contractual commitments approved by the EU to protect your data when transferred internationally. Our contracts with service providers include these SCCs where required. Some providers may also participate in recognized transfer frameworks designed to ensure protective standards.
You can contact us for more information about international data transfers and the safeguards we have in place. By using our service, you understand that your personal data may be transferred to our affiliates and processors in other countries, subject to the protections described above.
Your Rights Under GDPR
As an EU data subject, you have robust rights regarding your personal data. We are committed to honoring these rights. Under the GDPR, you have in particular the following rights:
- • Access your data: You can request a copy of the personal data we hold about you and information about how we process it.
- • Rectify your data: You can request correction or update of any personal information we hold that is inaccurate or incomplete.
- • Erase your data: You can ask us to delete your personal data in certain circumstances – for example, if it is no longer necessary for us to retain it, or if you withdraw consent and we have no other legal basis for processing.
- • Restrict processing: You can request that we limit the processing of your data in certain cases (for example, while a complaint or request to correct data is being resolved).
- • Object to processing: You may object to processing that is based on legitimate interests, and we will stop such processing unless we have compelling legitimate grounds. You can also object at any time to processing for direct marketing.
- • Data portability: You can receive certain personal data you provided to us in a commonly used, machine-readable format and request that we transfer it to another controller, where technically feasible.
- • Withdraw consent: Where processing is based on your consent (for example, for marketing or location services), you can withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal, but we will stop the consent-based processing going forward.
To exercise any of these rights, please contact us at delete-account@7lynx.eu and describe your request clearly. You will not have to pay a fee to exercise your rights, but we may need to verify your identity before fulfilling certain requests. We will respond as soon as possible, and at the latest within one month as required by GDPR (this may be extended by two further months for complex requests, and we will inform you if an extension is needed).
If you believe we have not complied with your data protection rights, you have the right to file a complaint with your local Data Protection Authority. We encourage you to contact us first, so we can address your concerns directly.
Children’s Privacy
Our services are not directed to children under the age of 16, and we do not knowingly collect personal data from anyone under 16 years old. If you are under 16, please do not use the app or provide any personal information. In the event we learn that we have inadvertently collected personal data from a child without proper consent, we will promptly take steps to delete such information. Parents or guardians who believe that we might have information about a minor can contact us to request deletion.
In some jurisdictions, the relevant age may differ (for example, it may be 13). We treat “child” according to the age at which personal data can be lawfully processed without parental consent under the applicable law and comply with local requirements.
Updates to This Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by appropriate means, for example by posting an updated Privacy Policy in the app and changing the “Last Updated” date at the top. If changes are significant, we may provide a more prominent notice (such as an in-app notification or email). Continued use of the app after any updates constitutes acceptance of the revised Privacy Policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us at the email address below. This address can be used for privacy-related inquiries, including account deletion requests, data access requests, or general questions about how your data is handled.
Email: info@7lynx.eu
We will respond to privacy inquiries as soon as possible and within the timeframes required by law. Your privacy is our priority, and we are committed to maintaining the confidentiality and security of your personal information.