Privacy Statement
Zenstay B.V.
Last updated: 03 January 2026

Zenstay B.V. (“Zenstay” also registered with the Dutch Chamber of Commerce as “Hotel Zenstay” and /or “Hotel Zenstay Zaandam”, and/or “Zenstay Zaandam”) values your privacy. We process personal data safely and responsibly in accordance with applicable regulations, including the GDPR. This statement explains what personal data we process, for what purposes, on which legal bases, how long we keep it, and your rights.

We take appropriate technical and organizational measures to protect your data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. Data we collect is stored on secure servers at secure hosting facilities with access restricted and logged.

Kontakt
Zenstay B.V. is the controller for the processing of personal data described in this statement.
Email: admin@zenstay.com
Address: Hogendijk 28, 1506 AH Zaandam, The Netherlands

Personal data we process
Depending on your interaction with us (e.g., booking, staying, visiting our website), we may process:

First and last name

Gender

Date of birth

Residential address

Phone number

E-Mail-Adresse

Identification details (where required by law for check-in)

Payment data (limited to what’s necessary to process your payment)

Preferences and special requests (e.g., allergies, accessibility or health needs you choose to share)

Data you actively provide (e.g., via forms, messages, or creating a profile)

Booking, stay and communication history

Website usage data (pages viewed, actions taken, device/browser info, IP address)

CCTV: Zenstay may use camera surveillance in public areas and emergency routes for safety and security.

Purposes and legal bases
We process personal data only for the purposes below and based on one or more of these legal bases: performance of a contract, compliance with legal obligations, legitimate interests, or your consent (where required).

Reservations & stays: to create/manage bookings, process payments, verify identity at check-in, provide services (performance of contract; legal obligation).

Guest communications: to contact you about your reservation, arrival instructions, service updates, or support (performance of contract; legitimate interests).

Marketing: to send offers and newsletters only if you have consented. You can unsubscribe at any time via the link in each email (consent).

Personalization & service improvement: to analyze website use and improve our services and user experience (legitimate interests; consent where required for cookies).

Safety & security: to protect guests, staff, and property, including CCTV in public areas (legitimate interests; legal obligation where applicable).

Legal & compliance: to comply with tax, accounting, and hospitality regulations and to handle disputes or claims (legal obligation; legitimate interests).

Cookies
We use cookies and similar technologies on our website:

Functional: remember preferences (e.g., language).

Analytics: understand site usage and improve performance.

Advertising: show relevant content/ads (only with consent).

Third-party: e.g., Google Analytics; social media pixels (only with consent).

You can manage or withdraw consent for non-essential cookies via our cookie banner/settings. You can also block cookies in your browser, but some site features may not function properly.

Third-party examples

Google Analytics – usage analytics. Privacy Policy: google.com/policies/privacy

Tracking pixels / social media pixels – e.g., LinkedIn, Facebook, Instagram, YouTube, X, for measurement/retargeting (consent-based).

Sharing with third parties
We may share personal data with:

Service providers (processors) who act on our instructions (e.g., PMS, channel manager/booking platforms, payment processors, housekeeping/laundry providers, IT hosting/support). We sign data processing agreements to ensure an equivalent level of protection.

Partners you request (e.g., bike rental, tours, dry-cleaning) to fulfill optional services you select.

Authorities where required by law or to protect our rights, guests, or property.

We do not sell your personal data.

International transfers
If data is transferred outside the EEA, we ensure appropriate safeguards (e.g., adequacy decisions or EU Standard Contractual Clauses).

Retention
We retain personal data only as long as necessary for the purposes collected:

Booking and billing records: per statutory retention periods (e.g., tax/accounting).

Guest profiles/communications: as needed to provide services and for a reasonable period thereafter, unless you request deletion and no legal obligation requires retention.

CCTV: retained for a short period unless needed for investigation/incidents.

Marketing data: until you withdraw consent or unsubscribe.

After the retention period, we delete or anonymize data unless a legal obligation requires longer storage.

Your rights
Subject to conditions under the GDPR, you have the right to:

Access your personal data

Rectification (correction)

Erasure (“right to be forgotten”)

Restriction of processing

Data portability

Object to processing based on legitimate interests or to direct marketing

Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact admin@zenstay.com. We may need to verify your identity. You also have the right to lodge a complaint with your local supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens).

Changes to this statement
We review this privacy statement regularly and will post updates on this page.
Last updated: 03 January 2026