Privacy Policy

---

Last updated:September 26, 2025

GDPR means General Data Protection Regulation (EU) No. 2016/679;

Personal data means any information relating to an identified or identifiable natural person;

All definitions used in the Terms of Use are also used in these Privacy terms unless it is stated something explicitly different.

In order to provide “You” (as the User of our services especially the App) and the “Operational Manager” (entity which use the App with respect to the specific project – operation of the Profile) with an essential App functionality under the Terms of Use we, the sustainStay, collect through your App-Usage following personal data:

Minimal viewed data: - 

Basic data for the Services to work for any user:

Login (randomly generated)

Password (not access to it)

Phone operating system & brand

Phone language

Privacy settings

Notification token

Optional data (voluntarily inserted):

Bio (“description”)

E-mail

Image

Name, Surname

Social Content:

Reservations, communications etc. by a particular User

The data specified above is jointly referred to as the "User data". The App does not allow performing any personalized analysis of your behavior or profiling based on the User data.

Other specific data are processed for web admin page and for online payment mechanism within the App:

Experience data

PD I: End-user data. This data pertains to how Users are interacting with content; This category usually does not contain Personal data;

PD II: sustainStay’s aggregate data includes its-wide statistics such as active User count, number of flows shown, how many flows are published at a time, etc. This data does not contain Personal data.

The Optional data and your Account is not seen within a particular Profile by anyone except the Operational Manager and the sustainStay through the web admin page to the extent of your Minimal viewed data and if you post anything, your post is visible to anyone in the particular Profile (in case of ticket request the Operational Manager upon its decision can see your cell phone number). The Partner cannot see in the web admin page anything about you except its published information (e.g. advertisements).

Your Account can be viewed also by other Users connected to the same Profile and in such Profile to the extent of your Minimal viewed data, the Optional data and the Social content you published.

The sustainStay provides some of the data above to the Operational Manager who processes this data for its own purposes. Please find below an overview of who is the controller for which processing activities:

Personal data

Controller

Processor

Basic data (user inserts the data)

sustainStay

Basic data (except of history of purchased Events and history of purchased Amenities) Optional data Social content (user inserts the data)

sustainStay

History of purchased Services (Events, Amenities)

Operational Manager / Partner

sustainStay

Minimal viewed data Optional data Social content (if applicable) (the Operational Manager receives through the App)

Operational Manager

sustainStay

Optional data (Inserted by the User himself about another user)

User (if applicable)

sustainStay

Experience data

sustainStay 

SDK data

sustainStay 

If You provide (as the Operational Manager or Partner or User) the Basic data/Optional data of another natural person (e.g. sub-contractor or employee), You are considered to be a controller with full liability and the sustainStay is a processor.

1. App functionality

We, the sustainStay, use the User data and SDK data in the App in order to make the App work under the Terms of Use, i.e. to provide all Users of the App their connection with their Account and to join the Profiles, and to connect the Users, the Partners and the Operational Managers in social environment of the Profiles. Thus, processing the User data for this purpose is necessary in order to perform a contract with you.

For this purpose, your data will be stored until the Account is deactivated.

‍2. Improvement of the App and Operational Managers’ experience

In addition to the purpose described above, we, the sustainStay, may use the User data (which are for these purposes used in anonymized form and therefore not considered to be personal data under the GDPR) based on the basis of our legitimate interest in further development of the App, more specifically:
to improve, test, and monitor the effectiveness of the App with respect to the current functionalities in the Profiles (e.g. workload of hardware if certain amount traffic is reached, modify user experience in order to provide more comfort and intuitive use of the App, change of the App’s configuration if any);
to develop and test new features (including their improvement, e.g. future internal market, different method of sharing economy implemented within the Project profile, incentivize a cooperation of users,) of the App;
to monitor metrics such as total number of visitors, traffic (e.g. how much users sign into the App during day, what are the main activities they do in the app, the workload of the App during the day);
to diagnose or fix problems with the use of the App (e.g. if the App does not work properly with a specific device operating system, if it crashes due to noncompliance with other technical parameters of the device);
to automatically update the App on your device (if the sustainStay comes with any new functionality of feature we do so through the App update);
We, the sustainStay, process the Experience data in order to provide effective onboarding process for new App-users, to facilitate early adoption of new App features, to enable better user – experience through App-user feedback/surveys, campaigns and Users’ self-service support, as a result to make experience with the App deeper. Social content posted within the Profile stays in the Profile communication history until it is outdated (in case of created events) or deleted by you (if you are an author). All other data (communication) will be stored for the purposes above for the life of the Profile.

3. Recipients

sustainStay uses the following processors:

• GoDaddy Operating Company, LLC (providing “platform as a service” services e.g. environment, domains, computing capabilities), the Services runs on the GoDaddy Platform.
• OpenAI, L.L.C. (providing services, e.g., AI models, natural language processing capabilities), the Services AI tools run on the OpenAI Platform, including ChatGPT.

Furthermore, your data may be disclosed to the following recipients:

• App-User joined in same Profile as the User, application portfolio manager, enterprise managers;
• Courts, Legal representatives and Notaries.

1. Purpose, legal basis and duration of processing

If you are connected to the particular Profile the Operational Manager is a controller of the Personal data in your Profile, namely your Minimal viewed data, the Optional data and the Social content (see above). Your profile can be viewed by the Operational Manager through the web admin page of the App. Operational Manager is entitled to observe and manage the Profile environment to the extent you see. Through the web admin page the Operational Manager is entitled to see your Minimal viewed data. Operational Manager uses the web admin page to:

• regulate access control and management of users of the Profile for a particular enterprise;
• react to various requests/demands and feelings from You;
• communicate with You directly through various communication activities (questionnaires, posts and notifications regarding functionalities, facilities, etc.);
• improve the service of enterprise operated by the Operational Manager; and
• provide a social place for You to meet and to make the enterprise life more vibrant.

Processing your Minimal viewed data, the Optional data and the Social content as just described is necessary for the purpose of the legitimate interest of the Operational Manager to provide better services in the enterprise to which the Project profile in the App is connected, to create a closer connection between the operator of the project and You (the User/Partner), to provide unique and vivid experience when your work or use the particular enterprise any other way and make the particular enterprise attractive for current and prospective users. Minimal viewed data may be used by the Operational Manager in other systems the Operational Manager engages in relation with the operation of the enterprise.

Processing your history of booked Services is necessary for the purpose of the legitimate interest of the Operational Manager (or the Partner) for the establishment, exercise or defense of legal claims and to fulfillment of their duties with respect to tax legislation.

For these purposes, your data is stored until it is outdated (in case of events, history of booked Services) or deleted by you (if you are an author).

Communication between you and your Operational Manager is stored for the life of the Profile.

2. Recipients

Operational Manager uses the following processors:

• IT-Service provider sustainStay Oy (for the purpose of ensuring the technical functionality and for providing all users of the App their connection with their Account and to join the Profiles);
• Enterprise-manager (in case they are admins of the particular Profile, if the Operational manager provides access to the Profile of the facility/asset);
• Other service providers (e.g. calendar providers). The App may provide integration with other systems engaged (and contracted) by the Operational Manager (the “Integrated third systems”) and reads personal data from Integrated third systems which govern personal data privacy policy independently of the App.

Furthermore, your data may be disclosed to the following recipients:

• Company’s affiliates (for the purpose of internal audits);
• Users joined in the same Profile as you, application portfolio manager, enterprise managers, service providers, admin of sustainStay (the latter only in case You load data about the enterprise);
• Courts, Legal Representatives and Notaries.

The App and the web admin page are used in communication with all users of the App a Transport Layer Security (TLS) encryption technology to encrypt personal information and maintain by-design security.

If you make a reservation within a particular Profile in the App for a certain service, you will decide whether the App will have access to your calendar application in order to record such reservation.

The sustainStay guarantees that information in the App may not be accessed, disclosed, altered, or destroyed without authorized access. Data logs from the App are saved for the purposes of security events and are erased from the App after 14 days.

The Experience data is secured by highest level encryption i) in external traffic in transit (HTTPS/TLS) and ii) at rest (using AES-256 and an automated key rotation system).

The Experience data is retained for an indefinite period of time and they can be erased in seven days following the receipt of an individual request at support@sustainstay.com

Personal data received from Integrated third systems are retained in the App for the retention periods set by Integrated third systems providers.

If there is a serious suspicion that the particular user breached the Terms of use or committed a fraud and other illegal activity, such log can be accessed, processed and retained for an extended time period when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of the Terms of Use, or otherwise to prevent harm.

The sustainStay, the Operational Manager and the Partner can access the App through web admin page. We do not use any plugins of third parties in our web admin page and the App web admin environment. The sustainStay uses its own analytics tools to monitor metrics and usage trends in the App and such tools collect information sent by your device but are anonymized. The sustainStay works within the App only with anonymized logs of such statistics and then provides results to the Operational Manager in reports.

If Information is anonymized (e.g. used anonymized for statistics) so it is no longer reasonably associated with an identified or identifiable natural person, the sustainStay and the Operational Manager may use it for any business purpose.

The GDPR grants you a number of rights we will honor:

• to request access to your Personal data;
• to request rectification or erasure your Personal data;
• to request restriction of the processing of your Personal data;
• to object to the processing of your Personal data;
• to receive your Personal data, as it was provided by you (data portability).

In case you granted your consent to processing your Personal data, you have a right to withdraw that consent at any time.

If you wish to exercise any of the rights set out above, please contact the respective controller (see above). You can find the contact details of all controllers at the bottom of this document.

Although the sustainStay and the Operational Manager go to great lengths to ensure your data’s confidentiality and integrity, differences in opinion might nevertheless occur from time to time. If you feel that the sustainStay or the Operational Manager is not handling your data in line with applicable laws, please do not hesitate to contact us. Alternatively, you are entitled to file a claim with the data protection authority in your country.

Your request for deletion (via email: support@sustainstay.tech) of your personal data shall be executed by the sustainStay without delay (in case e.g. there is no legal title to use your personal data), unless the sustainStay is unable to execute your request in accordance with the applicable regulations.

The sustainStay may modify or update this privacy policy from time to time. The sustainStay may provide you through the App with additional forms of notice of modifications or updates as appropriate under the circumstances.

sustainStay Oy
Represented by Valentin Sergienko, CEO

The representative of the sustainStay: support@sustainstay.tech

You can also reach the Operational Manager in the App "contact us" for a particular Profile.