Lynx Checkin LogoLynx Check-in

Privacy Policy for Lynx Check-in

Last Updated: June 29, 2025

1. Introduction

Welcome to Lynx Check-in. We are committed to protecting the privacy and security of the personal data we process. Our mission is to help accommodation providers comply with legal regulations seamlessly, and an essential part of that commitment is handling personal data with the utmost care and transparency.

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our web application and services (collectively, the "Services"). It also informs you about your rights regarding your personal data under the EU's General Data Protection Regulation (GDPR) and Spain's Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD 3/2018).

2. Who is Responsible for Your Data? (Data Controller)

The entity responsible for processing your personal data is:

  • Company Name: Lynx Check-in (Note: The final legal structure is pending formalization. This section will be updated with the full legal name, registered address, and tax identification number (CIF/NIF) upon completion.)
  • Contact for Data Protection Inquiries: For any questions or concerns regarding your privacy, you can contact us at: privacy@lynxcheckin.com.

While we have not formally appointed a Data Protection Officer (DPO), our team is prepared to handle all inquiries sent to this address with the diligence required by law.

3. What Personal Data We Collect and Why

We process different categories of personal data depending on your relationship with our Services.

A. Data from Travelers ("Huéspedes")

To comply with our core service of managing the Spanish "Parte de Viajeros" under Royal Decree 933/2021, we are legally obligated to collect and transmit the following data from all travelers over the age of 14 to the competent authorities (Spanish Ministry of the Interior).

  • Identity Data: Full name (name and surnames), sex, ID number (DNI, Passport, TIE), ID support number, nationality, and date of birth.
  • Contact & Residence Data: Usual place of residence (full address, city, country), and contact details (mobile and/or landline phone, email).
  • Relationship Data: For minors, the parent or guardian relationship with other travelers.
  • Transaction Data:
    • Contract: Reference number, date, and signatures.
    • Stay: Date and time of entry and exit.
    • Payment: Type of payment (cash, card, etc.), identification of the payment method (e.g., partial card number, IBAN), and name of the payment method holder.

Legal Basis for Processing: The processing of this data is necessary for compliance with a legal obligation to which the accommodation provider is subject (Art. 6.1.c GDPR and RD 933/2021).

B. Data from Our Customers (Property Owners, Managers, and Agencies)

When you create an account and use our Services, we collect the data necessary to provide you with the service, manage your account, and handle billing.

  • Account & Contact Data: Full name, email address, phone number, and password.
  • Company Data (if applicable): Company name, tax ID (CIF/NIF), and registered address.
  • Property Data: Details of the properties you manage, including address and official registration numbers.
  • Billing Data: Payment details (e.g., credit card information, bank account), billing address, and transaction history.
  • Usage Data: Information on how you interact with our Services, logs, and device information to ensure security and improve our platform.

Legal Basis for Processing:

  • Performance of a Contract (Art. 6.1.b GDPR): To provide, manage, and bill for the Services you have subscribed to.
  • Legitimate Interest (Art. 6.1.f GDPR): To ensure the security of our platform, prevent fraud (such as misuse of free trials), and improve our Services.

C. Data from Website Visitors

When you visit our website, we use Vercel Analytics to gather aggregated and anonymized data about visitor traffic. This helps us understand user behavior and improve our website. This may include cookies that collect information such as your IP address, browser type, and interaction patterns. This data is processed in a way that does not directly identify you.

Legal Basis for Processing: Consent (Art. 6.1.a GDPR), which you provide through our cookie consent banner.

4. How We Share Your Data (Data Recipients)

Your trust is a core value. We do not sell your personal data. We only share it in the following circumstances:

  • Competent Authorities: We are legally required to share the "Parte de Viajeros" data with the Spanish Ministry of the Interior's Secretary of State for Security and other relevant regional police forces (e.g., Mossos d'Esquadra, Ertzaintza) as stipulated by RD 933/2021.
  • Service Providers (Data Processors): We use trusted third-party providers for the technical infrastructure needed to run our Services. These include:
    • Amazon Web Services (AWS): For cloud hosting and database storage.
    • Vercel: For web application hosting and analytics.

We have ensured that all our main infrastructure providers process data within the European Union (specifically in data centers located in Spain and France). We have signed Data Processing Agreements (DPAs) with these providers to guarantee they apply the same high standards of data protection that we do.

5. Data Retention Periods

We retain personal data only for as long as necessary.

  • Traveler Data: As mandated by RD 933/2021, we securely store traveler registration data for a period of three (3) years. After this period, the data is permanently deleted within a grace period of two weeks.
  • Customer Data: We retain your account data for as long as you are an active customer. If you cancel your subscription, you may request the deletion of your data. We will keep your data for a reasonable period to allow you to easily reactivate your account. However, to prevent abuse of our free trial policy, we will indefinitely retain the property reference numbers you have registered with our service.

6. Security of Your Personal Data

We take the security of your data very seriously and implement robust technical and organizational measures to protect it.

  • Encryption: All data is protected with encryption in transit (using TLS/SSL) and encryption at rest. We apply an additional layer of application-level encryption for all personal and sensitive information.
  • Anonymization: Where possible, we use anonymized data for analytics and service improvement.
  • Best Practices: Our security architecture is built on the best practices provided by our world-class cloud partners, AWS and Vercel.

7. Your Data Protection Rights

Under GDPR and LOPDGDD, you have the following rights over your personal data:

  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To request the correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): To request the deletion of your data where it is no longer necessary for the purpose it was collected.
  • Right to Restriction of Processing: To request that we limit the processing of your data.
  • Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: To object to the processing of your data, particularly for marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights:

  • Customers (Property Managers): You can exercise many of your rights directly through your account settings in the web application. For any requests you cannot fulfill yourself, or for any other inquiries, please email us at privacy@lynxcheckin.com or support@lynxcheckin.com.
  • Travelers: You can exercise your rights by sending an email to the addresses mentioned above. Please note that for data submitted to the authorities, we may be legally obligated to retain it.

8. Data of Minors

We process data of minors under 18 only when it is a mandatory part of the "Parte de Viajeros." This data is handled with the same high level of security as all other personal data and is processed strictly for legal compliance.

9. Marketing Communications

We will only send you marketing emails or newsletters if you have explicitly given us your consent (opt-in), either by subscribing through a form or by enabling this option in your account settings (which is disabled by default). You can unsubscribe at any time by clicking the "Unsubscribe" link at the bottom of every marketing email.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through a notification in our application. We encourage you to review this policy periodically.

11. Governing Law and Jurisdiction

This Privacy Policy and any disputes arising from it are governed by the laws of Spain and the European Union.