This Privacy Policy applies to Holio B.V., registered in the Netherlands (Breukelen). If you have any questions, contact us at sales@holio.nl.
1. Who we are
Holio B.V. ("Holio", "we", "us") is a Dutch company providing smart energy management software and hardware for hotels, hostels and holiday parks. We are the data controller for the personal data we collect through our website (holio.nl) and, where applicable, act as a data processor for our customers' guest data processed through the Holio platform.
Contact details: Holio B.V., Breukelen, Netherlands. Email: sales@holio.nl
2. Data we collect
We collect personal data in the following situations:
- Contact & demo requests: name, email address, company name, phone number and any message you send us via the contact form.
- Account & platform use: name, email address, job title, login credentials and usage activity within the Holio dashboard.
- PMS integration data: reservation data (check-in/check-out times, room numbers) passed from your Property Management System to Holio in order to automate room temperature control. This data is processed on your behalf as a data processor (see section 5).
- Website analytics: IP address (anonymised), browser type, pages visited, referral source and session duration, collected via Google Analytics 4 and Leadinfo.
- Cookies: see section 8.
3. How we use your data
We use your personal data to:
- Respond to demo requests and sales enquiries.
- Provide, operate and improve the Holio platform and dashboard.
- Automate room energy management based on PMS reservation data.
- Send service-related notifications (alerts, reports, system status).
- Analyse website usage to improve our product and marketing.
- Comply with legal obligations.
4. Legal basis (GDPR)
We process personal data on the following legal bases under Article 6 of the GDPR:
- Contract performance (Art. 6(1)(b)): data necessary to provide the Holio service to customers.
- Legitimate interests (Art. 6(1)(f)): website analytics, sales follow-up and platform improvement, where our interest does not override your rights.
- Legal obligation (Art. 6(1)(c)): where required by Dutch or EU law.
- Consent (Art. 6(1)(a)): for non-essential cookies, where applicable.
5. Who we share data with
We do not sell personal data. We may share data with the following categories of recipients:
- Infrastructure & hosting providers: cloud infrastructure used to operate the Holio platform (EU-based where possible).
- Analytics providers: Google Analytics 4 (Google Ireland Ltd) and Leadinfo B.V. for website analytics. Both operate under appropriate data processing agreements.
- LinkedIn: LinkedIn Insight Tag for marketing measurement. LinkedIn Ireland Unlimited Company acts as a data controller for its own analytics. See LinkedIn's privacy policy.
- PMS providers: Holio integrates with your Property Management System (e.g. Mews, Noovy, Oracle Opera) to read reservation data. In this context, Holio acts as a data processor on behalf of your property, and you remain the data controller for guest data.
Where we transfer data outside the European Economic Area, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
6. How long we keep data
- Contact form submissions: retained for up to 2 years, or until you request deletion.
- Customer account data: retained for the duration of the contract plus 7 years for legal and financial record-keeping purposes.
- PMS reservation data: retained for no longer than 12 months in the Holio platform, then deleted or anonymised.
- Analytics data: Google Analytics data is retained for 14 months. Leadinfo data is retained per their policy.
7. Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct inaccurate data.
- Erasure: request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Restriction: ask us to restrict processing in certain circumstances.
- Portability: receive your data in a machine-readable format where processing is based on consent or contract.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email us at sales@holio.nl. We will respond within 30 days. If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
8. Cookies & analytics
We use the following categories of cookies:
- Functional cookies: required for the website and dashboard to work correctly. No consent required.
- Analytics cookies: Google Analytics 4 (with IP anonymisation enabled) and Leadinfo to understand how visitors use our website. These are set on first visit.
- Marketing cookies: LinkedIn Insight Tag to measure the effectiveness of our LinkedIn advertising campaigns.
You can control cookies through your browser settings or by contacting us. Note that disabling certain cookies may affect how the website functions.
9. Security
We apply technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. These include encrypted data transmission (HTTPS), access controls, and regular security reviews. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify customers by email. We encourage you to review this page periodically.
For questions about this Privacy Policy or to exercise your data rights:
Holio B.V.
Breukelen, Netherlands
sales@holio.nl