Data Protection & GDPR Compliance

This Data Protection Policy outlines how HMCTS ("Company", "us", "our", and "we") complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws regarding personal data collected through our website located at hospitalitysoftwaresolutions.com (the "Site").

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation that governs data protection and privacy rights. It applies to any organization that processes personal data of EU residents, regardless of where the organization is located.

Our Data Protection Principles

We are committed to complying with GDPR and operating under the following principles:

• Lawfulness, Fairness & Transparency: We only process personal data on the basis of lawful grounds (e.g., consent, contract, legal obligation). We are transparent about our data practices.
• Purpose Limitation: We collect personal data only for specified, explicit, and legitimate purposes and do not process it further in ways incompatible with those purposes.
• Data Minimization: We collect only the personal data that is adequate, relevant, and limited to what is necessary.
• Accuracy: We ensure personal data is accurate and kept up to date. We take reasonable steps to erase or correct inaccurate data.
• Storage Limitation: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.
• Integrity & Confidentiality: We implement appropriate technical and organizational measures to ensure personal data is secure, protected against unauthorized processing, and safeguarded against accidental loss.
• Accountability: We are responsible for and can demonstrate compliance with all GDPR principles.

Legal Basis for Processing

We process personal data on one or more of the following legal bases:

• Consent: You have given explicit, informed consent for us to process your personal data for a specific purpose.
• Contract: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: We are required by law to process your personal data.
• Vital Interests: Processing is necessary to protect vital interests of you or another person.
• Legitimate Interests: Processing is necessary for the legitimate interests pursued by us or a third party, provided those interests do not override your rights.

Your Rights Under GDPR

Under GDPR, you have the following rights:

• Right of Access: You have the right to request and obtain confirmation of whether we process your personal data, and if so, obtain access to that data in a portable format.
• Right to Rectification: You have the right to request correction of inaccurate personal data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal obligations).
• Right to Restrict Processing: You have the right to request that we restrict our processing of your personal data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to Object: You have the right to object to processing for direct marketing purposes or on grounds relating to your particular situation.
• Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing.
• Right to Withdraw Consent: You have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

Exercising Your Rights

To exercise any of your GDPR rights, please submit a written request to us at info@hospitalitysoftwaresolutions.com. We will respond to your request within 30 days. In some cases, we may require you to provide additional information to verify your identity.

Data Transfers Outside the EU

We may transfer your personal data outside the European Economic Area (EEA) only if we have a lawful basis to do so, such as through Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions.

Data Protection Officer

If we have a Data Protection Officer (DPO), their contact information is available upon request. If you have concerns about our data practices, you can contact our DPO at info@hospitalitysoftwaresolutions.com.

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours of becoming aware of the breach, unless the data is unlikely to pose a risk to your rights and freedoms.

Complaints

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your GDPR rights. You can find your national data protection authority online.

Contact Us

For questions about our data protection practices or to exercise your rights under GDPR, please contact us at:

Changes to This Policy

We may update this Data Protection & GDPR Compliance Policy from time to time. Changes will be effective immediately upon posting to the Site. Your continued use constitutes acceptance of the updated Policy.