Book a Demo

Products

TeamStream+

Unified hotel operations platform

Guest-Journey

App-less digital guest experience

OptemAi

AI hotel operations agent

Quick Links

Simplify Everyday Work

Hotel Operations, made simple.
Connect teams and manage tasks on one central platform.

Book a Demo

Trusted by Leading Hospitality Brands Worldwide

Main Features

Trusted by Leading Hospitality Brands Worldwide

By Hotel type

By Role

By Use Case

Popular

OptemAi: A New Era of Intelligent Hotel Operations 🚀

February 2, 2026

4 min read

Please choose your region

Privacy Policy

  • Issued by: Digital Hotelier Software Solutions L.L.C

  • Company Registration: 1148172, Dubai Economic Department

  • Registered Address: 205, Apricot Towers, Silicon Oasis, Dubai, United Arab Emirates

  • Contact: [email protected]

  • Applies to: The browser-based web application through which hotel guests access ordering and services across the property.

     

1. About This Policy

This Privacy Policy explains how personal data is collected, used, shared, and protected when you use the digital ordering and services platform (the “Platform”) operated by Digital Hotelier Software Solutions L.L.C (“we”, “us”, “our”, or the “Operator”).

The Platform is deployed on behalf of the hotel or property at which you are staying (the “Hotel Partner”). This Policy covers only your use of the Platform. It does not cover the Hotel Partner’s other systems (for example its property management system, loyalty programme, or hotel Wi-Fi), which are subject to the Hotel Partner’s own privacy notices.

This Policy is designed to comply with:

  1. UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “UAE PDPL”); and
  2. where applicable, the EU General Data Protection Regulation 2016/679 (the “GDPR”), to the extent it applies to guests whose personal data falls within its scope.

2. Controller and Processor Roles

For the purposes of the UAE PDPL and the GDPR:

  1. The Hotel Partner determines the purposes for which your personal data is processed in connection with the on-property service relationship. The Hotel Partner is the Data Controller of the personal data you submit through the Platform for the purpose of fulfilling your orders and service requests.
  2. The Operator processes personal data on behalf of the Hotel Partner in order to provide and maintain the Platform. In that capacity the Operator acts as a Data Processor.
  3. The Operator is the Data Controller of limited technical information processed for the security, integrity, and lawful operation of the Platform itself, as described in section 3(e) below.

Where this Policy refers to both roles together, the terms “Controller” and “Processor” carry the meanings given in the UAE PDPL and, where applicable, the GDPR.

3. Personal Data We Collect

When you use the Platform, the following categories of data may be collected.

  1. Room number (mandatory). Your room number is pre-filled automatically based on the QR code from which your session was initiated. It is used to route orders and service requests to the correct location within the property. Placing an order without an associated room number is not possible.
  2. Order and service data. Details of each order or service request you submit, including items selected, quantities, configuration options, payment method chosen, timestamps, and any note or special request you add. This data is recorded for fulfilment and record-keeping.
  3. Optional contact details. The checkout form includes three optional fields:
      • Name
      • Email address
      • Phone number (displayed with a country code corresponding to the Hotel Partner’s location)

    You are not required to complete any of these fields to place an order. If you choose to provide any of them, the information will be used solely to help the Hotel Partner contact you about your order (for example to confirm a delivery time or to resolve an issue).

  4. Payment data. If you select the Pay Online method at checkout, you will enter your card details directly into the secure interface of the applicable third-party payment gateway (see section 6). The Operator does not collect, store, process, or have access to your card or banking details at any time. If you select Cash on Delivery or Card on Delivery, no payment data is entered into the Platform.
  5. Technical and session data. When you access the Platform, limited technical data is recorded automatically, including your IP address, browser type and version, device type, session timestamps, language preference, and interaction logs. This data is used by the Operator to operate the Platform securely, to diagnose faults, to prevent abuse, and to generate aggregated, non-identifiable analytics. It is not used to build profiles of identifiable guests.

  6. We do not knowingly collect any special categories of personal data (for example health, religious, or biometric data) through the Platform. You should not enter such information into free-text fields such as the note or special request field.

4. Purposes and Legal Bases for Processing

We process your personal data only for the purposes set out below. Each purpose has a corresponding legal basis under the UAE PDPL and, where applicable, the GDPR.
Purpose Data used Legal basis (UAE PDPL) Legal basis (GDPR, where applicable)
Routing and fulfilling your order or service request Room number, order data, optional contact details if provided Performance of a contract between you and the Hotel Partner Article 6(1)(b), performance of a contract
Contacting you about your order where you have provided contact details Name, email, phone number Your consent Article 6(1)(a), consent
Processing online card payments (via Payment Gateway, where applicable) Payment data entered by you into the Payment Gateway interface Performance of a contract Article 6(1)(b), performance of a contract
Operating, securing, and protecting the Platform Technical and session data Compliance with legal obligations and service provision requirements Article 6(1)(f), legitimate interests of the Operator
Meeting legal, tax, and regulatory record-keeping obligations Order data and transaction records Compliance with UAE legal obligations Article 6(1)(c), legal obligation
We do not use your personal data for marketing, direct advertising, automated profiling, or commercial segmentation. We do not sell or rent your personal data to any third party.

5. Withdrawing Consent

Where you have provided optional contact details on the basis of consent, you may withdraw that consent at any time by contacting us using the details in section 15. Withdrawal does not affect the lawfulness of any processing carried out before the withdrawal, and does not affect processing that is necessary on another legal basis (for example fulfilling an order already placed or meeting a legal record-keeping obligation).

6. Online Payment Processing

Online payments made through the Platform are processed by one of the following third-party payment gateway providers (each a “Payment Gateway”), depending on the configuration chosen by the Hotel Partner:

  • Magnati
  • iOL Pay
  • Telr
  • Shift4
  • Paymongo
  • Stripe
  • Xendit

When you select Pay Online at checkout, your card details are entered directly into the Payment Gateway’s secure interface. Each Payment Gateway operates under its own privacy policy and maintains its own security standards, including compliance with the Payment Card Industry Data Security Standard (PCI-DSS). The Operator does not receive your card number, CVV, or expiry date at any point in the transaction.

We recommend that you review the privacy policy of the applicable Payment Gateway before completing an online payment.

7. Who We Share Data With

We do not sell, rent, or trade your personal data. We share it only in the limited circumstances set out below.

  1. The Hotel Partner. Your room number, order details, and any optional contact details you have provided are made available to the Hotel Partner’s staff so they can fulfil your order or service request.
  2. Third-party vendors. If you book a service provided by an independent vendor through the Platform (for example transport or a tour), the information necessary to fulfil that booking is shared with the relevant vendor. Any further processing by that vendor is governed by its own privacy policy.
  3. Payment Gateways. Payment data you enter to complete an online payment is transmitted directly to the applicable Payment Gateway, as described in section 6.
  4. Service providers to the Operator. We use carefully selected cloud hosting, infrastructure, and security providers to run the Platform. These providers act as sub-processors and are contractually bound to handle personal data only on our instructions and in accordance with applicable data protection law.
  5.  Legal and regulatory disclosure. We may disclose personal data where we are required to do so by applicable law, regulation, court order, or by a competent authority in the United Arab Emirates.

8. International Transfers

The Operator is established in the United Arab Emirates and processes personal data primarily from infrastructure within the UAE or from data centres of its cloud providers. Where personal data is transferred outside the UAE, the Operator takes reasonable steps to ensure that the transfer is carried out in accordance with the UAE PDPL, including by confirming that the destination jurisdiction provides an adequate level of protection or, where it does not, by relying on another lawful basis permitted under the UAE PDPL.
Where personal data relates to a guest in the European Economic Area and is transferred outside the EEA, the Operator relies on an appropriate transfer mechanism under the GDPR, such as Standard Contractual Clauses or an adequacy decision, as applicable to the specific transfer.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, and in any event no longer than required by applicable law.

  1. Order and transaction records are retained for the period required to handle disputes, chargebacks, and to meet financial, tax, and regulatory record-keeping obligations under UAE law.
  2. Optional contact details you have provided are retained only for as long as needed to handle your order and any related queries, and are then deleted or anonymised.
  3. Technical and session data is retained for a short operational period for security, troubleshooting, and fraud-prevention purposes, and is then deleted or aggregated into non-identifiable statistics.
  4. Anonymised or aggregated data, which cannot be used to identify you, may be retained indefinitely for operational analytics and service improvement.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include encryption of data in transit, access controls, network protections, logging, and regular security reviews. Online card transactions are additionally protected by the security measures of the applicable Payment Gateway.

No method of transmission over the internet or electronic storage is completely secure. While we work to protect your personal data, we cannot guarantee absolute security.

11. Your Rights

Subject to the conditions and limitations set out in the UAE PDPL and, where applicable, the GDPR, you have the following rights in relation to your personal data:

  1. Right of access, to request confirmation of whether we process your personal data and to obtain a copy of it;
  2. Right to rectification, to have inaccurate or incomplete data corrected;
  3. Right to erasure, to request that we delete your personal data, subject to our legal retention obligations;
  4. Right to restriction, to ask us to limit our processing of your personal data in certain circumstances;
  5. Right to object, to object to processing carried out on the basis of legitimate interests, where the GDPR applies;
  6. Right to data portability, to receive your personal data in a structured, commonly used, and machine-readable format, where technically feasible; and
  7. Right to withdraw consent, at any time, where processing is based on consent, as described in section 5.

To exercise any of these rights, please contact us using the details in section 15. We may need to verify your identity before acting on your request. We will respond within the timeframes required by applicable law.

Where the data you are asking about is controlled by the Hotel Partner (for example the content of your order or the optional contact details you submitted at checkout), we will forward your request to the Hotel Partner or assist the Hotel Partner in responding, as appropriate under our processing arrangements.

12. Cookies and Local Storage

The Platform is designed to be privacy-first. We do not use advertising, analytics tracking, or cross-site profiling cookies within the Platform. The Platform uses only strictly necessary session storage on your device to remember, for the duration of your visit, basic functional information such as your cart contents and your language selection. This data is held locally on your device and is not used to identify or track you across sessions or websites.

If the Platform redirects you to an external site (for example Google Reviews or TripAdvisor), that site will apply its own cookies and tracking technologies outside our control.

13. External Links

The Platform may contain links to external websites and platforms. Once you follow such a link, you leave the Platform and this Privacy Policy no longer applies. We encourage you to review the privacy policies of any external sites you visit.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in the Platform, our practices, or applicable law. The updated version will be published on the Platform with a new effective date. Where a change materially affects your rights, we will take reasonable steps to make the update clearly visible. Continued use of the Platform after an update constitutes acceptance of the updated Policy in respect of any subsequent sessions.

15. Contact and Complaints

For any question, request, or complaint about this Policy or about how your personal data is handled, please contact:

Digital Hotelier Software Solutions L.L.C

205, Apricot Towers, Silicon Oasis, Dubai, United Arab Emirates

Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the competent authority:

  1. In the United Arab Emirates, the UAE Data Office established under Federal Decree-Law No. 44 of 2021; and
  2. If you are in the European Economic Area, your local data protection supervisory authority.

Please choose your region

Demo Booked! 🎉

Our team will be in touch soon to schedule your live demo.