Last updated: December 14, 2025
Privacy Policy
GetResort is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
Quick Navigation
1. Who We Are
GetResort (“we”, “us”, or “our”) is a hospitality technology platform that helps properties enhance guest experiences and manage services. We act as a Data Controller for the personal data we collect directly from you, and as a Data Processor when processing data on behalf of hospitality properties using our platform.
Data Controller Contact:
Getia AS (Org. nr: 926 610 198)
At Mesh, Møllergata 6
0179 Oslo, Norway
Email: privacy@getresort.co
2. Personal Data We Collect
We collect personal data that you provide directly and data generated through your use of our services. We adhere to the principle of data minimisation (Article 5(1)(c) GDPR) and only collect data necessary for the specified purposes.
| Category | Data Types | Purpose |
|---|---|---|
| Identity Data | Name, email address, phone number | Account creation, communication, service delivery |
| Booking Data | Check-in/out dates, room number, booking reference | Reservation management, guest services |
| Transaction Data | Order history, payment amounts, payment method type | Order processing, receipts, accounting |
| Technical Data | IP address, browser type, device information | Security, fraud prevention, service optimization |
| Preference Data | Communication preferences, marketing consent | Personalization, marketing (with consent) |
| Support Data | Support ticket content, issue descriptions | Customer support, service improvement |
Note: We do not collect special category data (Article 9 GDPR) such as health information, religious beliefs, or biometric data. We do not store full payment card details - these are processed securely by our payment processor (Stripe).
3. Lawful Basis for Processing
Under Article 6 of the GDPR, we process your personal data based on the following lawful bases:
aConsent (Article 6(1)(a))
For marketing communications and promotional offers. You can withdraw consent at any time through your profile settings or by contacting us. Withdrawal does not affect prior lawful processing.
bContract Performance (Article 6(1)(b))
Processing necessary to provide our services, including booking management, order processing, payment handling, and customer support during your stay.
cLegal Obligation (Article 6(1)(c))
Processing required to comply with applicable laws, such as financial record-keeping requirements, tax obligations, and responding to lawful requests from authorities.
fLegitimate Interests (Article 6(1)(f))
For fraud prevention, security monitoring, service improvement, and analytics. We have conducted a Legitimate Interest Assessment to ensure your rights are not overridden. You may object to this processing at any time.
4. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data. We will respond to your request within one month (Article 12(3)) and provide services free of charge.
Right of Access (Article 15)
Obtain confirmation of whether we process your data and receive a copy of your personal data.
Request via Profile > Export My Data
Right to Rectification (Article 16)
Request correction of inaccurate personal data or completion of incomplete data.
Edit directly in Profile or contact us
Right to Erasure (Article 17)
Request deletion of your personal data when it is no longer necessary or you withdraw consent.
Request via Profile > Delete My Account
Right to Restriction (Article 18)
Request limitation of processing while we verify accuracy or assess objections.
Contact privacy@getresort.co
Right to Data Portability (Article 20)
Receive your data in a structured, machine-readable format (JSON/CSV) for transfer to another controller.
Request via Profile > Export My Data
Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing purposes.
Contact us or adjust marketing preferences
Rights related to Automated Decisions (Article 22)
Not be subject to decisions based solely on automated processing that significantly affect you.
We do not make solely automated decisions
How to Exercise Your Rights: You can exercise most rights through your profile settings. For complex requests or if you do not have an account, contact us at privacy@getresort.co. We may need to verify your identity before processing your request.
5. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, in accordance with Article 5(1)(e) GDPR (storage limitation principle).
| Data Category | Retention Period | Reason |
|---|---|---|
| Guest profile data | 3 years after last activity | Service continuity, return visits |
| Booking records | 7 years after checkout | Legal/tax obligations |
| Payment records | 7 years after transaction | Financial regulations |
| Session data (IP, user agent) | 90 days | Security, fraud prevention |
| Support tickets | 2 years after resolution | Service quality, dispute resolution |
| Marketing contacts | Until consent withdrawn + 30 days | Consent-based processing |
| Audit logs | 2 years | Compliance, accountability |
After the retention period expires, data is securely deleted or anonymized. You may request earlier deletion subject to our legal obligations.
6. Data Sharing and Recipients
We share your personal data with the following categories of recipients, with appropriate safeguards in place:
Hospitality Properties
The property where you are staying receives your booking and service data to fulfill their hospitality services. They act as joint controllers for guest management.
Payment Processor (Stripe)
Stripe processes payments securely under their own privacy policy. We share only the data necessary for payment processing. Stripe is certified under the EU-US Data Privacy Framework.
Email Service Provider
We use email services to send transactional communications (order confirmations, receipts). Data is processed under a Data Processing Agreement with EU Standard Contractual Clauses.
Hosting & Infrastructure
Our services are hosted on infrastructure with appropriate security certifications. Sub-processors are bound by Data Processing Agreements.
We do not sell your personal data to third parties. We do not share data with third parties for their own marketing purposes without your explicit consent.
7. International Data Transfers
Some of our service providers may process data outside the European Economic Area (EEA). When transferring data internationally, we ensure appropriate safeguards under Chapter V of the GDPR:
- Adequacy decisions (Article 45) - transfers to countries with adequate protection
- Standard Contractual Clauses (Article 46(2)(c)) - EU-approved contract terms
- EU-US Data Privacy Framework - for certified US organizations
You can request information about the specific safeguards applied to transfers of your data by contacting us.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data (Article 32 GDPR), including:
Encryption
Data encrypted in transit (TLS) and at rest
Access Controls
Role-based access with strong authentication
Secure Sessions
HTTP-only cookies with secure flags
Regular Audits
Security assessments and vulnerability testing
Staff Training
Data protection awareness programs
Incident Response
Breach detection and notification procedures
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
Company
Getia AS (Org. nr: 926 610 198)
At Mesh, Møllergata 6
0179 Oslo, Norway
Data Protection Inquiries
privacy@getresort.coGeneral Contact
hello@getresort.co11. Complaints
If you are not satisfied with how we handle your personal data or your rights request, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). You may contact the supervisory authority in your country of residence or where the alleged infringement occurred.
We encourage you to contact us first at privacy@getresort.co so we can address your concerns directly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website with a new “Last Updated” date
- Sending an email notification for significant changes (if you have an account)
- Displaying an in-app notice when you next use our services
We recommend reviewing this policy periodically for any changes.
© 2026 GetResort by Getia AS.