HMCTS
Hospitality Solutions

Data Protection Policy

Version 1.0 - Last Updated: 2025

This Data Protection Policy ("Policy") is established by HMCTS LLC - Hospitality Management Consultancy & Technology Solutions (the "Company", "we", "us", "our", and "HMCTS") to outline our commitment to protecting personal data and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant regulations.

Data Protection Principles

The Company is committed to processing personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency – We process personal data lawfully and transparently, with a valid legal basis for processing.
  • Purpose Limitation – We collect and process personal data for specified, explicit, and legitimate purposes.
  • Data Minimization – We collect only the personal data that is necessary for the specified purposes.
  • Accuracy – We ensure that personal data is accurate and kept up-to-date.
  • Storage Limitation – We retain personal data for no longer than necessary for the specified purposes.
  • Integrity and Confidentiality – We implement appropriate security measures to protect personal data against unauthorized processing, loss, or destruction.

Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

  • Consent from the data subject
  • Performance of a contract with the data subject
  • Compliance with legal obligations
  • Protection of vital interests
  • Performance of tasks in the public interest
  • Legitimate interests pursued by the Company or a third party

Data Subject Rights

Individuals whose personal data we process have the following rights:

  • Right of Access – The right to obtain information about what personal data we hold and how we process it.
  • Right to Rectification – The right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure – The right to request deletion of personal data under certain circumstances.
  • Right to Restrict Processing – The right to request limitation of processing under certain circumstances.
  • Right to Data Portability – The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object – The right to object to processing of personal data.
  • Right not to be Subject to Automated Decision-Making – The right not to be subject to decisions based solely on automated processing.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, we securely delete or anonymize it. Retention periods vary depending on the nature of the data and the purposes of processing.

Data Security

The Company implements appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security audits, and employee training. However, no method of transmission or storage is 100% secure.

Data Breaches

In the event of a personal data breach, the Company will notify affected individuals and relevant authorities as required by law without undue delay. We will take appropriate remedial measures to mitigate harm and prevent future breaches.

Third-Party Data Processors

We may share personal data with third-party data processors to provide services on our behalf. All third-party processors are contractually obligated to protect personal data and comply with applicable data protection laws. We maintain a list of our data processors and their processing activities.

International Data Transfers

Personal data may be transferred to, stored, and processed in countries outside the European Economic Area. When we transfer data internationally, we implement appropriate safeguards, such as Standard Contractual Clauses or other mechanisms recognized by applicable law.

Children's Data

The Services are not intended for children under the age of 13 (or the applicable age of digital consent in their jurisdiction). We do not knowingly collect or process personal data from children without verifiable parental consent. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete such data.

Data Protection Impact Assessments

For high-risk processing activities, the Company conducts Data Protection Impact Assessments (DPIAs) to identify and mitigate risks to data subjects.

Exercising Your Rights

To exercise any of your data protection rights, please submit a written request to:

Email: info@hospitalitysoftwaresolutions.com

Phone: +1 (845) 904-7626

Address: 30 N GOULD STREET SHERIDAN, WYOMING 82801 USA

We will respond to your request within the timeframe specified by applicable law (typically 30 days).

Contact of Data Protection Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

Changes to This Policy

The Company may update this Policy to reflect changes in our data protection practices or applicable laws. We will notify you of any significant changes.