PrivacyPolicy
Zaplar AB
Lastupdated: 14 April 2026
This Privacy Policy explains how Zaplar AB,reg. no. 559485-8309 ("Zaplar," "we," "us," or"our") processes personal data in connection with our platform andwebsite. It applies to our business customers, their staff, event bookers,event guests, and visitors to our website.
Zaplar provides a digital platform forhotels and event venues that enables end-to-end event booking, management, andguest communication. We process personal data to operate this platform, tomanage our business relationships, and to comply with our legal obligations.
We only use personal data for the purposesdescribed in this Privacy Policy and not in any manner that is incompatiblewith those purposes.
Zaplar AB is a Swedish company with itsregistered office at Larkvagen 18, 133 38 Saltsjobaden, Sweden. Depending onthe context, Zaplar acts either as a data controller or as a data processor.Section 3 below explains when each role applies.
If you have questions about how yourpersonal data is processed, you can reach us at support@zaplar.com.
When a hotel or venue uses Zaplar’splatform to manage event bookings, guest communications, guest portals, andrelated operational data, Zaplar processes that personal data on behalf of thehotel or venue. In this context, the hotel or venue is the data controller, andZaplar is the data processor.
The hotel or venue is responsible forinforming you about its processing of your personal data and for addressingyour rights as a data subject in relation to that data. Zaplar processes suchdata only in accordance with the instructions of the hotel or venue and as setout in our data processing agreement with the customer.
This also includes the collection of leaddata from persons who begin but do not complete a booking flow on the platform.Zaplar collects and makes this data available on behalf of the relevant hotelor venue, acting as data processor. The hotel or venue is the data controllerfor such data and is responsible for ensuring a valid legal basis forprocessing and for informing the individual accordingly. See Section 7 fordetails.
Zaplar is the data controller for thefollowing processing activities:
· Creating and managing useraccounts for hotel and venue staff who use the platform
· Managing business contactinformation relating to our customer relationships
· Processing website visitor data(e.g. analytics)
· Processing data for support,security, product improvement, and legal compliance
The personal data we process depends on howyou interact with Zaplar.
Hoteland venue staff (platform users)
· Name and email address (used tocreate and manage user accounts)
· Messages, files, and media(images and videos) shared within the platform
Eventbookers
· Name, email address, phonenumber, and company name
· Booking and event information(event type, date, venue)
· Messages exchanged through theplatform
· Files or images uploaded inconnection with an event
Eventguests (via guest portal)
· Name and email address(provided by the event booker for invitations and RSVP)
· RSVP responses
· Allergy or special dietaryinformation, where the event includes meals and the guest chooses to providethis information
Websitevisitors
· Information collected throughanalytics tools, which may include IP address, browser type, and browsingbehavior (see Section 14)
Specialcategories of personal data
Allergy and dietary information provided byevent guests may reveal information about health. This data is enteredvoluntarily by the guest and is processed only for the purpose of cateringarrangements for the specific event. Zaplar does not retain allergy informationlonger than necessary for the relevant event.
Zaplar does not collect payment cardinformation directly.
We process personal data for the followingpurposes:
· Providing the platform:
To operate the Zaplar platform, includingmanaging user accounts, processing event bookings, enabling communicationsbetween hotels and their customers, operating guest portals, and runningAI-powered workflow automation and chat features.
· Managing customer relationships:
To administer our agreements with hotelsand venues, provide onboarding and support, and communicate with customercontact persons.
· Generating leads:
When a person begins a booking flow on theplatform and provides contact information, Zaplar collects this data as a leadand shares it with the relevant hotel or venue. See Section 7 for details.
· Product improvement:
To analyze aggregated and, where possible,anonymized usage data to improve and develop the platform.
· Security and fraud prevention:
To protect the platform, our users, and ourbusiness from unauthorized access and misuse.
· Legal compliance:
To comply with applicable laws, such asSwedish accounting requirements (Bokforingslagen).
When Zaplar acts as a data controller, werely on the following legal bases under the GDPR:
· Performance of a contract (Art. 6(1)(b)):
Processing necessary to provide theplatform to our customers and to manage user accounts.
· Legitimate interest (Art. 6(1)(f)):
Processing necessary for our legitimateinterests, where those interests are not overridden by the individual’s rights.This includes product improvement based on aggregated usage data, and securitymeasures. You have the right to object to processing based on legitimateinterest (see Section 13).
· Consent (Art. 6(1)(a)):
Where required, we obtain consent beforeprocessing. This applies to non-essential cookies on our website (whereapplicable) and to the processing of special category data such as allergyinformation provided voluntarily by event guests. Where we rely on consent, youmay withdraw it at any time without affecting the lawfulness of priorprocessing.
· Legal obligation (Art. 6(1)(c)):
Where we are required to process personaldata to comply with applicable law, such as accounting and tax obligations.
When you begin a booking flow on Zaplar’splatform, you are asked to provide your name and contact information at thestart of the process. If you provide this information but do not complete thebooking, Zaplar collects and stores this data as a lead.
For this lead capture, Zaplar acts as adata processor on behalf of the relevant hotel or venue, which is the datacontroller. The hotel or venue determines the purpose of and legal basis forthis processing and is responsible for informing you of its processingactivities. Before submitting your contact information, you will be asked toacknowledge that your data may be shared with the hotel or venue in accordancewith its privacy terms.
Lead data is made available to the relevanthotel or venue as part of the platform’s core function. Lead data held byZaplar is retained for up to 12 months, after which it is deleted unless abooking or other customer relationship has been established.
Zaplar’s platform includes AI-poweredfeatures such as workflow automation and an AI chat assistant. These featuresmay process personal data contained in bookings, messages, or other platformcontent, and are delivered with the help of third-party AI service providers.
Customer personal data processed through AIfeatures is not used to train general-purpose AI or machine learning models.
Zaplar may share personal data with thefollowing categories of recipients:
· Our customers (hotels and venues):
Booking data, lead data, and guestinformation is shared with the relevant hotel or venue as part of theplatform’s core function.
· Sub-processors:
We use third-party service providers tohost and operate the platform (see Section 10).
· Legal or regulatory authorities:
Where required by law, court order, orregulatory decision.
Zaplar does not sell personal data and doesnot share personal data with third parties for their own marketing purposes.
Zaplar uses third-party sub-processors tohost and operate the platform, including cloud infrastructure providers and AIservice providers. Our primary infrastructure is located within the EU/EEA.
Where personal data is transferred outsidethe EU/EEA, Zaplar relies on appropriate safeguards such as the EU StandardContractual Clauses (SCCs) and, where applicable, the EU-U.S. Data PrivacyFramework.
A current list of sub-processors isavailable on request by contacting support@zaplar.com.
Zaplar retains personal data only for aslong as necessary to fulfill the purposes described in this Privacy Policy oras required by law. As general principles:
· Account and customerrelationship data is retained for the duration of the customer relationship anddeleted within a reasonable period after it ends.
· Lead data from incompletebookings is retained for up to 12 months.
· Allergy and dietary informationis not retained longer than necessary for the relevant event.
· Messages exchanged within theplatform are retained for a period not exceeding twelve months, unlessretention is required for an ongoing customer relationship or by law.
· Accounting records are retainedfor seven years in accordance with Swedish accounting law (Bokforingslagen).
Zaplar implements appropriate technical andorganizational measures to protect personal data against unauthorized access,loss, alteration, or destruction. These measures include encryption of data intransit, access controls limiting data access to authorized personnel, andregular review of security practices.
Under the GDPR, you have the followingrights in relation to personal data for which Zaplar is the data controller:
· Access:
You may request confirmation of whether weprocess your personal data and, if so, a copy of that data.
· Rectification:
You may request correction of inaccuratepersonal data.
· Erasure:
You may request deletion of your personaldata where there is no longer a legal basis for its retention.
· Restriction:
You may request that we restrict processingof your personal data in certain circumstances.
· Data portability:
You may request to receive your personaldata in a structured, machine-readable format.
· Objection:
You may object to processing based onlegitimate interest. Where you object, we will assess whether our legitimategrounds override your interests.
To exercise any of these rights, contact usat support@zaplar.com. We will respond within one month of receiving yourrequest.
Where Zaplar processes your personal dataas a data processor on behalf of a hotel or venue, you should direct yourrequest to the relevant hotel or venue. Zaplar will assist the hotel or venuein responding to your request in accordance with our data processing agreement.
You also have the right to lodge acomplaint with the Swedish Authority for Privacy Protection(Integritetsskyddsmyndigheten, IMY) at imy.se.
Zaplar’s website (www.zaplar.com) usesGoogle Analytics to analyze website traffic and understand how visitors use thesite. Google Analytics collects information such as IP address, browser type,pages visited, and time spent on pages. This data is processed by Google andmay involve transfer to the United States.
Before non-essential cookies or analyticsscripts are loaded, Zaplar requests your consent where required by applicablelaw. You may withdraw your consent at any time through the cookie settings onour website.
Zaplar does not currently use marketing oradvertising pixels.
For full details about the cookies andsimilar technologies we use, please refer to our separate Cookie Policy,available on our website.
We may update this Privacy Policy from timeto time to reflect changes in our processing activities, legal requirements, orour business. The date at the top of this document indicates when it was lastupdated. Where changes are material, we will take reasonable steps to informaffected individuals.
If you have any questions about thisPrivacy Policy or about how Zaplar processes your personal data, please contactus:
Zaplar AB
Org. no. 559485-8309
Larkvagen 18, 133 38Saltsjobaden, Sweden
Email: support@zaplar.com
