Privacy Policy

Last updated: February 1, 2026 · GDPR Compliant

1. Data Controller

DeltaBeds ("we", "us", "our") is the data controller for personal data processed through our platform. Our headquarters are located at Tuinwijkstraat 132, 1930 Zaventem, Belgium. For any privacy-related inquiries, contact us at privacy@deltabeds.com.

2. Data We Collect

We collect: account information (name, email, company details), booking data (guest names, dates, hotel selections), payment information (processed securely via Stripe — we do not store card numbers), usage data (login activity, search history, platform interactions), and technical data (IP address, browser type, device information).

3. Legal Basis for Processing

We process your data based on: contractual necessity (to provide our booking service), legitimate interest (to improve our platform and prevent fraud), legal obligation (for tax and regulatory compliance), and consent (for marketing communications, which you can opt out of at any time).

4. How We Use Your Data

We use your data to: provide and improve our hotel booking service, process payments and manage your account, communicate booking confirmations and service updates, calculate and manage loyalty program points, detect and prevent fraudulent activity, and comply with legal obligations.

5. Data Sharing

We share data with: hotel suppliers (guest name and booking details only, as necessary to fulfill bookings), payment processors (Stripe, for secure payment processing), email service providers (Postmark, for transactional emails), and legal authorities (when required by law). We do not sell your personal data to third parties.

6. Data Retention

We retain your account data for as long as your account is active. Booking records are retained for 7 years for tax and legal compliance. You may request account deletion at any time, after which personal data is deleted within 30 days, except where retention is legally required.

7. Your Rights (GDPR)

Under GDPR, you have the right to: access your personal data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict processing, data portability, object to processing, and withdraw consent. To exercise any of these rights, email privacy@deltabeds.com.

8. Data Security

We implement industry-standard security measures including: 256-bit SSL/TLS encryption, PCI DSS compliant payment processing, two-factor authentication (2FA), encrypted data storage, regular security audits, and access controls with audit logging.

9. Cookies

We use essential cookies for platform functionality and optional analytics cookies to improve our service. See our Cookie Policy for detailed information about the cookies we use and how to manage your preferences.

10. International Transfers

Your data may be transferred to hotel suppliers in countries outside the EEA. When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users at least 30 days before taking effect.