Privacy notice

Version 3.1 · Effective 1 January 2026

Data controller

Heritage Hospitality Systems Ltd, a private limited company incorporated in England and Wales under company number 14872365, VAT GB 429 7183 62, registered office at 12 Broad Street, Chipping Norton, Oxfordshire OX7 5AN, United Kingdom. Data protection contact: support@rezlynxportal.org.

Regulator registration

Registered with the Information Commissioner's Office (ICO) under reference ZA987134. The ICO is the UK's independent regulator for data protection and can be contacted at ico.org.uk.

UK GDPR and the Data Protection Act 2018

We process personal data in accordance with the UK GDPR and the Data Protection Act 2018 under the following principles: lawfulness and fairness, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.

Data we process

As part of running the Rezlynx PMS platform we process, on behalf of hotel operators, the following categories of guest personal data: name, email address, telephone number, postal address, reservation history, payment references (never full card numbers), stay preferences, dietary and allergy notes.

For the account holders (hotel staff and owners) we process: name, work email, hashed password, role, session logs and audit records.

Legal basis

For guest data we act as processor under a written contract with the hotel operator (Article 28 UK GDPR). For staff account data we act as controller with lawful basis in contract performance (Article 6(1)(b)) and legitimate interest (Article 6(1)(f)).

Retention

Guest data is retained for as long as the hotel operator instructs, up to seven years after the last stay. Staff account data is retained for the life of the account plus 24 months. Support correspondence is retained for 36 months.

Recipients

We do not sell personal data. Sub-processors include: our infrastructure provider (Hetzner Online GmbH, Germany), our email delivery provider (Postmark, USA under UK/EU adequacy addendum), and integration channels selected by the hotel operator.

International transfers

Where personal data is transferred outside the United Kingdom, we rely on UK adequacy decisions, the ICO-approved International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, together with any supplementary measures required by the transfer risk assessment.

Rights

Under the UK GDPR you have rights of access, rectification, erasure, restriction, portability and objection, and the right not to be subject to automated decision-making. To exercise any of these please write to support@rezlynxportal.org. If your request relates to guest data held on a hotel property's account, we will forward it to the operator without delay.

Complaints

If you are not satisfied with how we have handled your personal data you may lodge a complaint with the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or via ico.org.uk.