Limited time offer 30% off for 6 months.
Schedule Demo
Crqlar

Trust Center

Welcome to the Crqlar Trust Center. This resource is designed to provide you with clear and comprehensive information about how we protect your personal data, ensure compliance with data protection regulations, and maintain the highest standards of privacy and security. As a trusted partner, we believe in transparency and want to empower you with the knowledge to understand how your data is handled.

In this Trust Center, you will find detailed information about our privacy policies, data processing practices, security measures, and your rights under the General Data Protection Regulation (GDPR). Whether you are a customer, guest, or just visiting our website, we are committed to ensuring that your personal data is handled with the utmost care.

Crqlar graphic, committed to privacy and GDPR
EU GDPR Icon
OVERVIEW

Commitment to Privacy

At Crqlar, your privacy is our priority. We are committed to protecting the personal data you share with us and to processing it in a manner that is transparent, secure, and compliant with all applicable data protection laws, including GDPR. We understand the importance of your personal information and are dedicated to safeguarding it from unauthorized access, disclosure, or misuse.

We have implemented rigorous technical and organizational measures to protect your data and ensure that it is used only for the purposes you have consented to. Our privacy practices are regularly reviewed and updated to reflect the latest legal requirements and best practices in data protection.

By visiting our Trust Center, you can explore how we collect, use, and protect your data, as well as learn about your rights and how you can exercise them. Should you have any questions or concerns about your privacy or our data practices, please do not hesitate to contact our Data Protection Officer or the responsible person whose details are provided below.

Data Protection Officer
arrow
Privacy Policy
arrow
Data Processing Agreement (DPA)
arrow
Subprocessors
arrow

Consent Management

At CRQLAR, we recognize that the process for obtaining and managing user consent varies depending on the context in which our services are used. There is an important distinction between how consent is handled on our website versus within our software used by our customers, such as hotels

Website Visitors and Software Users

When it comes to visitors to our website or staff members who use our software, CRQLAR acts as the data controller. This means we are responsible for collecting and processing personal data in compliance with GDPR. For these users, we have implemented a detailed Cookie Policy and Privacy Policy that outline how we collect and manage consent through our website. This includes the use of cookies and other tracking technologies, as well as the collection of personal data for various purposes.

Hotel Guests

In the case of hotel guests, CRQLAR operates as a data processor, while the hotel itself is the data controller. This means that the hotel is responsible for obtaining the necessary consent from its guests for the processing of their personal data. At CRQLAR, we take privacy very seriously and require in our Data Processing Agreement (DPA) that the hotel/guest consent is properly obtained and accurately transferred to us.

The hotel must obtain the following consents from their guests:

  1. Legitimate Consent for Bookings and Enhanced Guest Experience: The hotel must obtain consent to process personal data necessary for managing bookings and providing a personalized guest experience.
  2. Marketing Consent: This includes consent for marketing activities, such as sharing data with platforms like Meta/Google, and obtaining a double opt-in for newsletter marketing.
  3. Anonymized Data Processing for AI Training: The hotel must also obtain consent for the anonymized processing of guest data, which is used to improve AI-driven services while ensuring that the data cannot be re-identified.

Revoke Consent

Guests always have the right to revoke their consent or request the deletion of their personal data. They can do so by submitting a request through this form:

Thank you! We will be in contact shortly
Oops! Something went wrong while submitting the form. Please try again, or reach out to us at data-privacy@crqlar.com
happy guest because he has a great guest experience
Guest Data
Data Controller: Hotel
Data Processor: Crqlar
happy guest icon
Legitimate Consent for Bookings and Enhanced Guest Experience
newsletter campaign icon
Marketing Consent
ai hotel software icoin
Anonymized Data Processing for AI Training
heart icon
Your Data = Your Choice
Crqlar graphic about commitment to privacy and GDPR

User Rights and Requests

At CRQLAR, we are committed to ensuring that you have full control over your personal data. In compliance with GDPR, we provide a range of options to help you exercise your rights. Below you will find information on how to access your data, request corrections or deletions, request data in a portable format, and object to certain types of data processing.

Access to data

You have the right to access the personal data we hold about you. If you would like to request a copy of your personal data, you can do so through our secure Data Access Request Form. Simply complete the form, and we will process your request within the legally required timeframe, typically within 30 days.

Rectification and Deletion Requests

If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request that we rectify this information. Additionally, you may request the deletion of your personal data if you no longer wish for it to be processed by CRQLAR. To submit a rectification or deletion request, please use our Data Correction and Deletion Request Form. We will review and act on your request promptly, in accordance with GDPR requirements.

Data Portability

You have the right to request your personal data in a structured, commonly used, and machine-readable format, allowing you to transfer it to another service provider. If you would like to request a portable copy of your data, please fill out our Data Portability Request Form. We will provide you with your data in a secure format within the timeframe specified by GDPR.

Right to Object

You have the right to object to certain types of data processing, including processing for direct marketing purposes or processing based on legitimate interests. If you wish to object to the processing of your personal data, please submit your request through our Data Processing Objection Form. We will carefully consider your request and respond in line with GDPR regulations.

How to Submit a Request

All requests can be submitted through the respective forms provided above. Each form is designed to ensure your request is processed securely and efficiently. If you have any questions or need assistance, please contact our Data Protection Officer.

Response Time

We aim to respond to all requests within 30 days, as required by GDPR. In cases where your request is complex or we receive a high volume of requests, we may extend this period by an additional 60 days, but we will inform you of any such delay.

Additional Support

If you require further assistance with your data rights, or if you have any concerns about how your personal data is being processed, please do not hesitate to reach out to us. We are here to help and ensure that your rights are fully respected.

Data Breach Notification

At CRQLAR, we take the security of your personal data very seriously. Despite our best efforts to protect your data, in the unlikely event of a data breach, we have a comprehensive policy in place to ensure that you and the relevant authorities are promptly informed.

Policy

In accordance with GDPR requirements, CRQLAR is committed to swiftly identifying, containing, and addressing any data breaches. Our data breach notification policy is designed to minimize potential harm to individuals and ensure compliance with legal obligations. If we determine that a data breach has occurred, we will take the following actions:

alert icon
Assess the Scope and Impact
Immediately after identifying a potential breach, we will assess its scope, the type of data involved, and the potential impact on affected individuals.
privacy shield icon
Containment and Mitigation
We will take steps to contain the breach and mitigate any further risk, including securing systems, blocking unauthorized access, and recovering lost data where possible.
bell icon
Notification of Authorities
If the breach poses a significant risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority without undue delay, and in any event, within 72 hours of becoming aware of the breach.
Timelines

We understand the importance of timely communication in the event of a data breach. Our policy includes the following timeline for notifications:

  1. Notification to Supervisory Authorities:
    If a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant data protection authority within 72 hours of becoming aware of the breach. If we are unable to provide all the necessary information within this period, we will provide the information in phases as it becomes available.
  2. Notification to Affected Individuals:
    If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected individuals without undue delay. This notification will include a description of the breach, the likely consequences, the measures we have taken or plan to take to address the breach, and advice on steps that individuals can take to protect themselves.
  3. Notification Channels:
    Notifications to affected individuals will be communicated through the most appropriate channels, such as email, phone, or written communication, depending on the severity and scope of the breach.
What to Expect

In the event that you are affected by a data breach, you can expect clear and transparent communication from CRQLAR. We will provide you with all relevant details about the breach and our efforts to mitigate its impact. We will also offer guidance on how you can protect your personal data and minimize any potential harm.

Ongoing Support

If you receive a data breach notification from CRQLAR, our support team will be available to answer any questions and provide assistance. We are committed to supporting you through the process and ensuring that your data is handled with the utmost care and attention.

Training and Compliance

Employee Training
At CRQLAR, we prioritize data protection and privacy. To ensure that all employees understand their responsibilities under GDPR, we have implemented a comprehensive training program. This program includes:

Initial Training:
All new employees undergo mandatory GDPR training as part of their onboarding process. This training covers key GDPR principles, data protection best practices, and CRQLAR's specific policies and procedures related to data privacy.

Ongoing Education:
Employees receive regular updates  on GDPR compliance to stay informed about any changes in regulations and internal processes.

Role-Specific Training:
Employees in roles with elevated data access, such as those in IT, customer support, and management, receive additional training material focused on their specific responsibilities under GDPR.

Compliance Audits
To maintain the highest standards of data protection, CRQLAR conducts regular audits to ensure ongoing compliance with GDPR:

Internal Audits:
We perform internal audits to review our data processing activities, security measures, and compliance with GDPR. These audits help us identify and address any potential risks or gaps in our data protection practices.

Continuous Improvement:
Based on the findings from these audits, we implement corrective actions and improvements to enhance our data protection framework and ensure ongoing compliance.

Legal Notice

Disclaimer
While CRQLAR strives to provide accurate and up-to-date information in our Trust Center, we do not guarantee the completeness or accuracy of the content. The information provided is for general informational purposes only and should not be considered legal advice. Users are encouraged to seek independent legal counsel to address specific legal concerns or questions.

Terms of Service
Your use of the CRQLAR platform and services is governed by our Terms of Service. The Terms of Service outline the legal agreement between you and CRQLAR, including your rights and obligations when using our platform. The Trust Center complements the Terms of Service by providing detailed information on our privacy practices and data protection measures.At CRQLAR, we recognize that the process for obtaining and managing user consent varies depending on the context in which our services are used. There is an important distinction between how consent is handled on our website versus within our software used by our customers, such as hotels

Crqlar crafted in the heart of the alps, Innsbruck, Austria.
© 2024 Crqlar GmbH