Privacy Policy
Last updated 23 June 2026
Linen operates an infrastructure layer that carries guest context between hospitality partners. This policy explains what personal data we process, why, and the rights you have over it. It is written to meet the EU General Data Protection Regulation (GDPR) and the Portuguese RGPD.
1. Who we are
Linen ("Linen", "we", "us") is the entity responsible for the platform described on this website. For data exchanged through partner integrations, the partner establishment is the data controller and Linen acts as a processor on their behalf. For data you provide directly to us — for example through our contact or subscription forms — Linen is the controller.
You can reach our Data Protection Officer at dpo@linen.agency.
2. Scope
This policy covers our public website, the partner workspace, and the Linen widget embedded on partner sites. It does not cover the independent privacy practices of partners or third parties who may link to or from our services; those are governed by their own notices.
3. Personal data we process
Depending on how you interact with Linen, we may process:
- Guest context data — booking references, stay dates, stated preferences, dietary or accessibility notes, and service history shared between partners.
- Partner account data — names, business email addresses, company details, and billing identifiers of partner staff.
- Enquiry data — the name, email, subject, and message you submit through our forms.
- Technical data — IP address, device and browser type, and aggregated usage events needed to operate and secure the service.
We do not seek to process special-category data and ask partners not to transmit it through Linen unless strictly necessary and lawfully justified.
4. How we collect it
We receive data directly from you, automatically through your use of our services, and from partners who integrate the Linen widget under a Data Processing Agreement. Guest context is only transmitted where there is a lawful basis recognised by the originating partner.
5. Why we process it and our legal bases
- Performance of a contract — to provide the platform to partners and to respond to your requests.
- Legitimate interests — to secure, maintain, and improve the service, balanced against your rights.
- Legal obligation — to meet accounting, tax, and regulatory duties.
- Consent — where required, for example certain non-essential cookies; consent can be withdrawn at any time.
6. Sharing context between partners
The core purpose of Linen is to let a guest's context follow them between participating partners. Sharing only occurs within the network defined by the controlling partner and only for the purpose of preparing and delivering the guest's experience. Partners remain responsible for the lawfulness of the context they originate.
7. Service providers and sub-processors
We rely on a limited set of vetted sub-processors for hosting, payment (Stripe), and communications. Each is bound by contract to process data only on our instructions and to maintain appropriate safeguards. A current list is available on request to dpo@linen.agency.
8. International transfers
Linen stores personal data within the European Union. Where a sub-processor operates outside the EEA, transfers are protected by an adequacy decision or by Standard Contractual Clauses together with supplementary measures.
9. Retention
We keep personal data only as long as necessary for the purposes above, after which it is deleted or irreversibly anonymised. Guest context is retained according to the instructions of the controlling partner; enquiry data is kept for up to 24 months unless a longer period is legally required.
10. Your rights
Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to the processing of your data, and the right to data portability. You can exercise the right to erasure or request a copy of your data through our Right to be Forgotten page, or by writing to our DPO.
11. Security
We apply encryption in transit and at rest, role-based access controls, continuous audit logging, and regular review of our technical and organisational measures. No system is perfectly secure, but we work to reduce risk to a level appropriate to the data we handle.
12. Cookies and tracking
Our public website uses only the cookies strictly necessary to function. We do not run advertising trackers. Where any non-essential cookie is introduced, we will ask for your consent first.
13. Children
Linen is intended for use by businesses and is not directed at children. We do not knowingly collect data from anyone under 16.
14. Changes to this policy
We may update this policy to reflect changes in our practices or the law. Material changes will be signalled on this page with a revised "last updated" date.
15. Contact and complaints
For any privacy question, contact dpo@linen.agency. You also have the right to lodge a complaint with your local supervisory authority — in Portugal, the Comissão Nacional de Proteção de Dados (CNPD).