Privacy Policy

This Privacy Policy explains how Grok Travel (operated by Grok Platform Limited) collects, uses, and protects your personal information when you use our hotel booking services.

Last updated: 01 June 2025

1. Introduction

Grok Platform Limited is the data controller for the Grok Travel services. We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes what information we collect, why we collect it, and how we safeguard it. By using our services, you agree to this Policy.

2. Information We Collect

  • Account details: name, email, phone, login credentials.
  • Booking details: reservation data, payment information (processed via secure providers), guest preferences, stay dates.
  • Device & technical data: IP address, browser type, device identifiers, cookie identifiers, usage logs.
  • Communications: customer support inquiries, chat transcripts, survey responses, marketing preferences.
  • Location & analytics data: approximate location from IP and aggregated analytics to improve services.

3. How We Use Your Information (Legal Bases)

  • Provide the Service & fulfill bookings (performance of a contract).
  • Personalize and improve the Service (legitimate interests, balancing tests applied).
  • Customer support and communications (performance of a contract or legitimate interests).
  • Marketing with your consent (consent; you may withdraw at any time via settings or the unsubscribe link).
  • Fraud prevention, security, tax and regulatory compliance (legal obligation and legitimate interests).

4. Cookies & Tracking

We use cookies, web beacons, and similar technologies to enable core functionality, measure performance, and, where permitted, personalize offers. You can control cookies through your browser settings; disabling some cookies may affect site performance. If available, see our Cookie Policy or in-product consent manager for choices.

5. Sharing of Data

We share personal information only as necessary to provide and operate the Service:

  • With accommodation providers to complete and manage your booking.
  • With payment processors for secure transactions (we do not store full card numbers).
  • With service providers (IT, analytics, customer support) under data protection agreements.
  • With authorities or third parties when required by law, court order, or to protect rights and safety.
  • In corporate transactions (e.g., merger or acquisition), subject to appropriate safeguards.

6. International Transfers

Because Grok Travel operates globally, your data may be transferred and processed outside your country of residence. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, and we implement additional technical and organizational measures as appropriate.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Booking and financial records may be kept for up to 7 years (or longer where applicable law requires).

8. Your Rights

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion where applicable (“right to be forgotten”).
  • Restriction — request we limit processing in certain circumstances.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests and to direct marketing.
  • Withdraw consent — where processing relies on consent.

Rights may be subject to legal limitations. To exercise them, contact us at support@innzyroom.com. If you are in a jurisdiction with a supervisory authority, you may also lodge a complaint with that authority.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit, access controls, secure hosting, and monitoring. No system is completely secure; if we become aware of a breach affecting your data, we will notify you and regulators as required by law.

10. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Third-Party Links

Our platform may contain links to third-party websites. Their privacy practices are governed by their own policies. We encourage you to review those policies when you leave our Service.

12. Updates to this Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with the revised “Last updated” date. Material changes will apply prospectively and, where appropriate, we may also notify you via email or in-product notice.