Last Updated: 12-08-2025

1. Introduction

Welcome to Aloftk (“we,” “us,” “our”).
We provide smarter hotel booking solutions for business events, making it easier for companies, event organizers, and attendees to find and manage accommodations.

This Privacy Policy explains:

• What personal data we collect and why
• How we use and protect it
• When we share it
• Your privacy rights and how to exercise them

We are committed to complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and relevant local laws.

2. Who We Are & Our Role in Data Processing

Depending on the context, Aloftk acts as:

• Data Controller – When we decide how and why to process your personal data (e.g., when you create an account, visit our website, or receive marketing).
• Data Processor – When we process personal data on behalf of a business client (e.g., event organizers who use Aloftk to book hotels for attendees).

If you are using Aloftk via your company or event organizer, they will typically be the Data Controller, and we will act as their Processor.

3. Categories of Data Subjects

We collect and process information about:

• Website Visitors – Individuals browsing our site.
• Prospects – Individuals or companies we engage with for potential services.
• Business Clients (Admins) – Companies or organizations that use our services.
• Event Organizers – Users managing group bookings.
• Attendees/Travelers – Individuals whose accommodation is booked through our platform.

4. Personal Data We Collect

a. Information You Provide Directly

• Full name, email, phone number, job title, and company details.
• Booking details: destination, dates, preferences.
• Payment information (processed securely via payment providers).
• Communication records (support requests, inquiries).

b. Information Collected Automatically

• Device information (IP address, browser type, operating system).
• Usage data (pages viewed, actions taken on our site).
• Cookies and similar technologies (see our Cookie Policy).

c. Information From Third Parties

• Data from your employer or event organizer.
  Hotel or accommodation partners (booking confirmations, room availability).

5. How We Use Your Information

We process personal data to:

• Provide and manage our services.
  Facilitate bookings and reservations.
• Communicate with you (service updates, confirmations, support).
• Process payments and manage billing.
• Improve and personalize our platform.
• Send marketing communications (with consent where required).
• Ensure platform security and prevent fraud.

6. Legal Bases for Processing (GDPR/UK GDPR)

• Performance of Contract – Providing booked services.
• Legitimate Interests – Improving services, securing our systems.
• Consent – Marketing emails, optional cookies.
• Legal Obligation – Compliance with applicable laws.

7. Sharing Your Data

We may share your information with:

• Hotels and Accommodation Providers – To fulfill your booking.
• Service Providers – Payment processors, cloud hosting, analytics, email delivery.
• Legal Authorities – When required by law.
• Business Transfers – In the event of a merger, acquisition, or sale of assets.

We require all recipients to protect your data in line with this policy and applicable laws.

8. International Data Transfers

Your personal data may be transferred and stored outside your country of residence.
When doing so, we ensure adequate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission.
• UK International Data Transfer Addendum (if applicable).
• Other lawful transfer mechanisms recognized under applicable laws.

9. Security Measures

We use industry-standard security measures, including:

• SSL/TLS encryption
• Access controls and authentication
• Regular security audits and monitoring

While we take all reasonable steps to protect your data, no method of transmission is 100% secure.

10. Data Retention

We retain your personal data for as long as:

• Necessary to provide our services.
• Required by legal or regulatory obligations.
• Needed to resolve disputes and enforce agreements.

After this period, we securely delete or anonymize your data.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access a copy of your personal data.
• Request correction or deletion.
• Restrict or object to processing.
• Receive your data in a portable format.
• Withdraw consent at any time.

To exercise your rights, contact: privacy@aloftk.com.

12. Breach Notification

If we become aware of a personal data breach, we will:

• Notify affected business clients without undue delay (and within 24 hours where legally required).
• Provide details of the breach and mitigation steps.
  Cooperate with authorities as required.

13. Children’s Privacy

Our services are not directed to anyone under 16 years old.
We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time.
We will notify you of material changes via email or through the platform before they take effect.

15. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact:

Data Protection Officer

Aloftek Group, Inc
[Street Address]
[City, Country]
Email: privacy@aloftk.com