Introduction

What Data We Collect

We may collect the following categories of personal data:

• Identification and contact data (e.g., name, email, company)
• Usage data (e.g., interactions with our AI agents, logs)
• Customer-provided content (e.g., queries, uploaded documents)
• Technical data (e.g., IP address, device information)
• Social media data

We do not intentionally collect sensitive personal data unless necessary and with explicit consent.

How and Why We Use Your Data

We process personal data for the following purposes:

• To provide, maintain, and improve our AI agent services
• To respond to user queries and support requests
• To monitor, audit, and enhance AI performance and compliance
• To comply with legal and regulatory obligations
• For security, fraud prevention, and risk management

We only process personal data for specified, explicit, and legitimate purposes, and do not use it in ways incompatible with those purposes.

AI-Specific Processing and Automated Decisions

Our AI agents may process personal data autonomously to deliver services, including automated decision-making. Where such processing has legal or significant effects, data subjects have the right to request human intervention, express their point of view, and contest decisions.

We may use information from public social media profiles to better understand customer preferences and enhance the services provided to customers. We do this based on our clients’ legitimate interest in improving the experience of their customers. You have the right to object to this processing at any time.

We provide clear, plain-language explanations of how our AI agents operate, including the logic, significance, and consequences of automated decisions, as required by GDPR and the EU AI Act.

Data Sharing and Third Parties

We may share your data with:

• Authorized service providers and partners (subject to strict contractual controls)
• Regulatory authorities if required by law
• Other parties with your explicit consent

If we use third-party AI platforms, we disclose their identity and ensure they meet GDPR and CCPA requirements.

Data Subject Rights

You have the following rights, subject to applicable law:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (“right to be forgotten”)
• Restriction: Request restriction of processing
• Objection: Object to certain processing, including direct marketing and automated decisions
• Portability: Request transfer of your data to another provider

For California residents, you may also opt out of the sale or sharing of personal information and request information about data disclosures.

Data Minimization, Security, and Retention

We collect only the data necessary for our stated purposes and retain it only as long as required by law or business needs. We implement robust security measures, including encryption, access controls, and regular audits, to protect your data from unauthorized access or disclosure.

Data Governance, Monitoring, and Compliance

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing, as required by GDPR and the EU AI Act. Our systems are regularly monitored for compliance, and we maintain detailed records of processing activities, consent, and data access.

International Data Transfers

If your data is transferred outside your jurisdiction (e.g., from the EU to the US), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.

Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. We will notify you of significant updates and post the revised policy on our website.

Contact Us

For questions or to exercise your rights, contact us at: compliance@hotelworld.ai