Uniguest Hub Platform Privacy Policy

Version Effective: 07 May 2025

This Privacy Policy outlines how Uniguest (“we”, “our”, “us”) collects, processes and protects your personal data when you use our cloud-hosted digital engagement platform, Uniguest Hub.

We act as a data processor under the General Data Protection Regulation (GDPR), processing data on behalf of our clients (data controllers). This policy is intended to fulfill our legal obligation to inform you about how and why we process your data and the rights you have under applicable data protection laws.

 

Who we are

We are U.S. Hospitality Publishers inc. dba Uniguest.

Our address is 2926 Kraft Drive, Nashville, TN 37204 United States.

You can contact us by post at the above address, by email at compliance@uniguest.com or by telephone on 1800 467 1218.

We are not required to appoint a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above.

 

What information do we collect?

We may collect and process the following categories of data depending on your role:

Platform Users (Admins/ Staff):
  • Full name
  • Email address
  • Username and password
  • Authentication details (via third-party SSO providers like Google or Microsoft)
  • If authentication is provided via SSO, only your name and email address are collected
    and stored.
Hotel Guests:

Guest information is retrieved via the property management system (PMS), the management portal, or APls during check-in and removed at check-out. The following personal data may be collected:

  • Name
  • Check-in and check-out date/time
  • Room number or location
  • Preferred language
  • PMS group code and VIP status
  • Wake-up calls {scheduled and status)
  • Guest messages (including timestamps: created, notified, read)
  • Guest service interactions (TV config overrides, inbox messages, billing information)
Event Management:

When an event is created, the following information may include personal identifiers:

  • Host Name
  • Event Title
  • Details about the event
  • Time and date

Private Toggle: When enabled, this setting hides the host and main title from the public display and replaces them with the Private Title. This is primarily for events created by integrations.

  • All data is encrypted during transit and storage.

How and why do we use this information?

Most of the personal information we process is provided to us directly by you within the platform for one of the following reasons:

  • As part of the authentication process, the product requires account information, such as an email address and password to provide authorization into the product user
    interface.
  • To provide support, email address, phone number and name may be collected.

We may also receive personal information indirectly, from the following sources in the following scenarios:

  • Hotel guest names, obtained by hotel staff and done so, on a legitimate interest to provide guest services. This information is retained for the length of the guests stay.

Data processed to enable display and scheduling of events is processed on the basis of:

  • Contractual obligations, for clients managing events
  • Legitimate interest, to enable event management features

All data is encrypted in-transit between the product portal and AWS.

 

Guest Services and Automation

Check-In/Out:

Guests are registered and deregistered via:

  • PMS integration (automated)
  • Portal (manual)
  • API

TVs in guest rooms respond to check-in/out by powering on/off and displaying personalized content. All guest data is purged upon check-out.

Guest Messaging:

Messages can be sent via:

  • Portal
  • PMS
  • API
  • TV interface

Each message includes a subject, body, sender, and timestamps. Unread messages can be tracked, and all messages are deleted upon check-out.

Wake-Up Service:

Wake-up calls can be scheduled as one-time or recurring. Alerts are pushed to TVs and monitored by reception. Missed wake-up calls trigger alerts to reception staff via the Wakeup Alert Monitor.

Virtual Remote Control:

Guests may use a mobile phone to control in-room TVs after scanning a QR code generated upon check-in.

 

Sharing of Information

We may share data with:

  • Third-party authentication providers (e.g., Microsoft, Google)
  • Other entities within the Uniguest corporate group for operational support
  • Clients who are the data controllers (e.g., hotel management)
  • Sub processors who process data on our behalf under strict contractual safeguards

Where data is transferred outside of the EEA, we ensure adequate protection via Standard Contractual Clauses or equivalent safeguards.

 

How we store your information

We retain personal data only for as long as necessary to fulfil I the purpose for which it was collected:

  • Guest data is stored only for the duration of the stay and automatically deleted upon check-out
  • Platform user data is retained for the duration of service provision and removed 60 days after contract termination
  • System backups are retained for 90 days and then permanently deleted
  • Event information booked through the management portal has a default retention period of 31 days, however this can be configured. Events imported from remote
    systems have their own retention policies.

Your information is securely stored and encrypted within the Amazon Web Service (AWS) hosted product environment, located in a secure data center in Stockholm, Sweden. An offsite backup datacenter is located in Frankfurt, Germany.

All data centers comply with strict physical and technical security measures, and all data is encrypted at rest and in transit.

 

Your rights

By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.

If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.

If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.

You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.

If you would like to exercise your rights, please contact us.

 

Your right to complain

If you have a complaint about our use of your information, please contact us:

By post: 2926 Kraft Drive, Nashville, TN 37204 United States

By email: compliance@uniguest.com

By phone: 1800 467 1218

If you are not satisfied with the outcome and wish to proceed further, you have the right to contact the relevant Data Protection Board.

 

Updates

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the date of this document each time it is changed.