Privacy Policy

Last updated: luglio 03, 2025

1. Introduction

CheckMeIn ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

GDPR Compliance: This policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 and other applicable data protection legislation.

2. About Our Software

Proprietary Custom Software

Our software is proprietary and custom-made to guarantee maximum security and data privacy. It has been developed specifically for our self-check-in service with security and privacy as the primary design principles.

Developer: Tomeo Enterprises Information Technology

Location: Netherlands

Chamber of Commerce: 78573173

This custom development approach ensures that we have complete control over all aspects of data processing, storage, and security, eliminating the risks associated with third-party software components.

3. Information We Collect

We collect the following types of information:

  • Personal Information: Name, email address, phone number, date of birth, nationality, and other contact details
  • Document Information: Data extracted from identity documents, passports, national ID cards, and other official documents including document numbers, expiry dates, and biometric data
  • Usage Data: Information about how you use our self-check-in service, including timestamps and session data
  • Technical Data: IP address, browser type, device information, operating system, and access logs
  • Location Data: Hotel location and check-in venue information

4. How We Use Your Information

We process your personal data for the following purposes:

  • Service Provision: To provide our self-check-in services and process your check-in requests
  • Legal Compliance: To comply with local regulations and legal requirements, including identity verification, guest registration laws, and hospitality industry regulations
  • Identity Verification: To verify your identity and prevent fraud
  • Security: To ensure the security and integrity of our services and prevent unauthorized access
  • Communication: To communicate with you about your check-in status, confirmations, and any issues
  • Improvement: To improve our services and user experience through anonymized analytics
  • Legal Obligations: To fulfill our legal obligations under hospitality and data protection laws

5. Legal Basis for Processing (Article 6 GDPR)

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our self-check-in services and fulfill our contractual obligations
  • Legal Obligation (Art. 6(1)(c)): Processing required to comply with local hospitality and guest registration regulations, including mandatory guest registration laws
  • Legitimate Interest (Art. 6(1)(f)): Processing for security, fraud prevention, service improvement, and business operations
  • Consent (Art. 6(1)(a)): Where you have provided explicit consent for specific processing activities
  • Vital Interests (Art. 6(1)(d)): Processing necessary to protect vital interests in emergency situations

6. Data Storage and Security

Secure Storage Infrastructure

Your data is stored in our private datacenter with enterprise-grade security measures:

  • All document information is stored in secure, encrypted databases
  • Files are stored securely and cannot be publicly accessed or indexed by search engines
  • Data is encrypted in transit using TLS encryption
  • Access to data is strictly controlled through role-based access controls (RBAC)
  • All data access is logged and monitored for security purposes
  • Backup systems with encrypted storage and disaster recovery procedures

7. Third-Party Software and Data Sharing

No Third-Party Software Integration

We do not share any personal information with third-party software or external services. All personal data is processed, stored, and protected exclusively within our private datacenter infrastructure.

We maintain complete control over your data and do not:

  • Share personal data with third-party analytics services
  • Use external cloud storage providers for personal information
  • Integrate with third-party software that requires access to personal data
  • Allow external services to process or store your personal information

8. Data Retention (Article 5(1)(e) GDPR)

We retain your personal data only for as long as necessary to:

  • Provide our services and fulfill contractual obligations
  • Comply with legal obligations (including hospitality industry regulations)
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud
  • Meet regulatory requirements for guest registration

Retention Periods:

  • Check-in data: Retained for the duration required by local hospitality laws (typically 1-3 years)
  • Identity documents: Deleted immediately after successful verification
  • Account information: Retained until account deletion is requested
  • Logs and audit trails: Retained for security purposes for up to 12 months

Data is automatically deleted when no longer required for these purposes.

9. Your Rights Under GDPR (Articles 12-22)

Under GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data and information about how it's processed
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing (Art. 18): Request limitation of data processing
  • Right to Data Portability (Art. 20): Request transfer of your data to another service in a structured format
  • Right to Object (Art. 21): Object to certain types of processing
  • Right to Withdraw Consent (Art. 7): Withdraw consent where processing is based on consent
  • Right to Lodge a Complaint (Art. 77): Complain to your local data protection authority

10. Data Deletion Requests

How to Request Data Deletion

You can request permanent removal of your data by sending an email to:

Email: info@self-check-in.app

Subject Line: "Data Deletion Request"

Processing Time: We will delete all data associated with your email address within 30 days from your request and provide confirmation of deletion.

11. Data Sharing and Transfers

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations and regulatory requirements
  • To protect our rights, safety, and the safety of others
  • With law enforcement when required by law
  • With the hotel where you are checking in (only necessary information for guest registration)
No Third-Party Software: We do not integrate with or share data with any third-party software, analytics services, or external platforms.

12. International Transfers (Chapter V GDPR)

Your data is processed and stored within the European Economic Area (EEA). If any data transfer outside the EEA occurs, we ensure appropriate safeguards are in place to protect your data, including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Other appropriate safeguards as required by GDPR

13. Cookies and Tracking (Article 5(3) ePrivacy Directive)

We use security cookies (anti-forgery tokens) which are essential to guarantee the security of the website and protect against malicious attacks. We do not use tracking cookies or third-party analytics without your explicit consent.

  • Security Cookies: Anti-forgery tokens required for website security and protection against CSRF attacks
  • No Tracking: We do not use cookies for tracking, profiling, or advertising purposes
  • No Third-Party: We do not use third-party cookies or analytics services

14. Data Protection Officer (Article 37 GDPR)

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@self-check-in.app

Data Protection Officer: Available through the above email address

Response Time: We will respond to all GDPR-related requests within 30 days

15. Data Breach Procedures (Articles 33-34 GDPR)

In the unlikely event of a data breach that affects your personal data, we will:

  • Notify the relevant data protection authority within 72 hours
  • Notify affected individuals without undue delay
  • Take immediate steps to contain and remediate the breach
  • Document all breach-related activities

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending email notifications for significant changes

17. Complaints and Supervisory Authority (Article 77 GDPR)

If you believe we have not handled your personal data in accordance with this policy or GDPR requirements, you have the right to:

  • Contact us directly to resolve the issue
  • Lodge a complaint with your local data protection authority
  • Seek judicial remedy under GDPR Article 79

You can find your local data protection authority at: https://edpb.europa.eu/about-edpb/board/members_en

18. Legal Basis for Special Categories of Data (Article 9 GDPR)

If we process special categories of personal data (such as biometric data from identity documents), we do so based on:

  • Explicit consent (Article 9(2)(a))
  • Legal obligations in the field of employment and social security (Article 9(2)(b))
  • Protection of vital interests (Article 9(2)(c))
  • Legitimate activities of foundations, associations, or not-for-profit bodies (Article 9(2)(d))