Privacy Policy

1. Introduction

Rezlynx by Guestline ("Company", "we", "us", or "our"), registered as Company No. 12847365 in the United Kingdom, is committed to protecting the privacy and security of personal data processed through the Rezlynx Cloud Property Management System ("Platform"). This Privacy Policy explains how we collect, use, store, share, and protect personal data in compliance with UK GDPR as retained in UK law by the Data Protection Act 2018, and the guidance issued by the Information Commissioner's Office ("ICO").

This Privacy Policy applies to all users of the Rezlynx Platform, including hotel general managers, operations directors, front desk reception staff, housekeeping supervisors, revenue managers, reservations coordinators, food and beverage managers, spa managers, estate managers, and individuals whose personal data is processed through the Platform in connection with heritage country hotel operations. This includes Guest Data processed by our clients (heritage hotels, manor house properties, country estate lodges, and rural hospitality businesses) through the Platform.

Rezlynx acts as a data processor when processing personal data on behalf of its clients (the data controllers), and as a data controller when processing data related to the management of user accounts, Platform administration, and direct communications with users. The distinction is particularly important in the heritage hotel context where guest data may include sensitive information about dietary preferences for restaurant dining, health considerations for spa treatments, accessibility requirements for listed building accommodations, and payment details for ancillary service charges.

2. Data Controller and Contact Information

For data processing activities where Rezlynx acts as the data controller, the responsible entity is:

Rezlynx by Guestline, Company No. 12847365, United Kingdom
Email: compliance@pmsrezlynx.org
Website: https://pmsrezlynx.org

For data processing activities where Rezlynx acts as a data processor on behalf of heritage hotel clients, the respective client is the data controller. Questions regarding Guest Data processing should be directed to the relevant heritage property or country house hotel management office.

3. Categories of Personal Data Collected

Rezlynx collects and processes the following categories of personal data:

Account and Identity Data: Full name, business email address, telephone number, job title or hotel role, organisational affiliation, and account credentials (stored in hashed format only). For heritage hotel staff, this may also include the specific department or building where they operate, such as main house reception, estate cottages, restaurant, or spa.

Usage and Technical Data: IP addresses, browser type and version, operating system, device identifiers, session duration, pages visited, features accessed, timestamps, and error logs generated during Platform use. Technical data may also include device type information relevant to optimising the Platform for tablets used at reception desks and mobile devices used by housekeeping teams across the estate.

Communication Data: Messages, support requests, feedback, and correspondence exchanged between users and Rezlynx through the Platform or email, including queries related to heritage hotel-specific operational features.

Guest Data (processed on behalf of clients): Guest names, contact details, booking dates, room assignments, dietary requirements, accessibility needs, stay preferences, room type preferences, restaurant dining reservations, spa treatment bookings, estate activity participation, corporate event attendance, service requests, loyalty programme data, and check-in/check-out records. The specific categories of data processed depend on the configuration established by each heritage hotel client and the range of facilities and services offered by the country house property.

Property Operational Data: Room occupancy statistics, reservation conversion rates, restaurant covers, spa utilisation, housekeeping logs, facility maintenance requests, event schedules, and operational reports that may incidentally include personal data related to staff assignments, guest interactions, and service delivery across the heritage estate.

4. Legal Bases for Processing

Rezlynx processes personal data based on the following legal grounds under UK GDPR:

Contract Performance (Article 6(1)(b)): Processing necessary for the performance of the contract between Rezlynx and the user or their hotel organisation, including account management, Platform access, reservation processing, guest profile administration, and service delivery.

Legitimate Interests (Article 6(1)(f)): Processing necessary for Rezlynx's legitimate interests, including Platform security, fraud prevention, service improvement, seasonal analytics, heritage property performance benchmarking, and business monitoring, provided that such interests are not overridden by the data subject's fundamental rights and freedoms.

Legal Obligations (Article 6(1)(c)): Processing necessary for compliance with legal obligations to which Rezlynx is subject, including tax reporting, record-keeping requirements under UK law, hospitality licensing regulations, and responding to lawful requests from public authorities.

Consent (Article 6(1)(a)): Where processing is based on the user's consent, such as for analytics cookies or communications about Platform features. For details on cookies and how to manage your preferences, please refer to our Cookie Policy. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Guest Data Processing

When processing Guest Data on behalf of heritage hotel clients, Rezlynx acts as a data processor in accordance with Article 28 of UK GDPR. The processing of Guest Data is governed by data processing agreements between Rezlynx and each hotel client, which specify the nature, purpose, duration, and categories of data processing, as well as the obligations and rights of the controller.

Rezlynx processes Guest Data solely in accordance with the documented instructions of the data controller (the hotel client) and does not use this data for any purpose other than providing the Platform services. Guest Data is logically segregated between different hotel clients to prevent unauthorised cross-client access. Heritage hotel guest data may include additional categories such as special occasion records, returning guest preference histories, estate activity participation logs, and loyalty programme activity that are processed as part of the guest relationship management features of the Platform.

Heritage hotel clients, as data controllers, are responsible for ensuring that they have obtained all necessary consents and authorisations for the processing of Guest Data, and for providing appropriate privacy notices to their guests in accordance with applicable data protection laws. This responsibility extends to data collected during reservation bookings, restaurant reservations, spa appointments, and any photography or recording that may take place during estate events.

6. Data Retention

Rezlynx retains personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. The following retention periods apply:

Account Data: Retained for the duration of the account relationship and for a period of three (3) years following account closure for administrative, audit, and legal compliance purposes.

Usage and Technical Data: Retained for a period of twelve (12) months from the date of collection for security, debugging, performance optimisation, and analytics purposes.

Guest Data: Retained in accordance with the instructions of the data controller (hotel client) and the terms of the applicable data processing agreement. Upon termination of the client relationship, Guest Data is made available for export and subsequently deleted within thirty (30) days.

Communication Records: Retained for a period of twenty-four (24) months from the date of the last communication for quality assurance, service improvement, and dispute resolution purposes.

Legal and Compliance Records: Retained for the duration required by applicable UK law, which may extend beyond the periods specified above, particularly for records relating to food safety incidents, health and safety events, or licensing compliance matters at heritage properties.

7. Data Security

Rezlynx implements appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include but are not limited to: encryption of data in transit using TLS 1.2 or higher protocols; encryption of sensitive data at rest using AES-256 encryption; role-based access controls with the principle of least privilege tailored to heritage hotel operational structures; multi-factor authentication for administrative and sensitive operations; regular security assessments, penetration testing, and vulnerability scanning; network segmentation and firewall protection; comprehensive logging and monitoring of access and security events; business continuity and disaster recovery planning with regular backup procedures; employee security awareness training and background verification for personnel with access to personal data. Additional security considerations are applied for shared terminals in reception and restaurant environments.

8. International Data Transfers

Rezlynx primarily stores and processes personal data within the United Kingdom and the European Economic Area (EEA). Where data transfers to countries outside the UK or EEA are necessary (for example, to third-party service providers), Rezlynx ensures that appropriate safeguards are in place in accordance with UK GDPR Chapter V, including International Data Transfer Agreements (IDTAs) approved by the ICO, adequacy regulations, or other legally recognised transfer mechanisms. Heritage hotel clients serving international guests should note that personal data will remain within UK/EEA boundaries regardless of the guest's country of origin.

9. Data Subject Rights

Under UK GDPR and the Data Protection Act 2018, data subjects have the following rights in relation to their personal data:

Right of Access (Article 15): The right to obtain confirmation as to whether personal data is being processed and, if so, to access such data along with information about the processing activities.

Right to Rectification (Article 16): The right to request correction of inaccurate personal data or completion of incomplete personal data held within the Platform.

Right to Erasure (Article 17): The right to request deletion of personal data where it is no longer necessary for the purposes for which it was collected, where consent has been withdrawn, or where processing is unlawful.

Right to Restriction (Article 18): The right to request restriction of processing in certain circumstances, such as where the accuracy of the data is contested or where processing is unlawful but the data subject opposes erasure.

Right to Data Portability (Article 20): The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller or property management system.

Right to Object (Article 21): The right to object to processing based on legitimate interests or for direct marketing purposes.

Right to Lodge a Complaint: The right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that your data protection rights have been violated.

To exercise any of these rights, please contact us at compliance@pmsrezlynx.org. We will respond to your request within one (1) month of receipt. This period may be extended by two (2) further months where necessary, taking into account the complexity and number of requests.

10. Third-Party Service Providers

Rezlynx may engage third-party service providers (sub-processors) to assist in the provision of the Platform. Such service providers are bound by contractual obligations to process personal data only in accordance with Rezlynx's instructions and to implement appropriate security measures. Categories of sub-processors include cloud infrastructure providers, analytics services, communication services, payment processing gateways, and security monitoring tools. A list of current sub-processors is available upon request.

11. Children's Privacy

The Rezlynx Platform is not intended for use by individuals under the age of 18. Rezlynx does not knowingly collect personal data from minors through the Platform's administrative interface. Where heritage hotel clients process guest data that includes information about children (such as family accommodation bookings or children's activity programmes), the hotel client as data controller is responsible for ensuring appropriate consents and safeguards are in place.

12. Changes to This Privacy Policy

Rezlynx reserves the right to update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business practices. Material changes will be communicated to users through the Platform interface or via email. Continued use of the Platform after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Email: compliance@pmsrezlynx.org
General Support: support@pmsrezlynx.org
Website: https://pmsrezlynx.org

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that your data protection rights have been violated. The ICO can be contacted at: https://ico.org.uk