Coders PMS legal

Privacy Statement

Last updated December 18, 2025

Back to Coders PMS
ENAL

Introduction

This Privacy Statement explains how Coders.al (“we”, “us”, or “our”) collects, uses, and protects personal data processed through the Coders PMS platform, portals, and supporting services.

Coders PMS is delivered as a dedicated SaaS tenant for each hospitality client. We act as a data processor for guest and reservation data handled on your behalf, and as a data controller for business contact information needed to manage our relationship with you.

Data We Collect

The specific personal data processed depends on the features you enable, but typically includes:

  • Guest identity and contact details, including preferences submitted through booking portals.
  • Reservation, stay history, folio balances, payment tokens, and loyalty program identifiers.
  • Employee or contractor details required for user accounts, audit logs, and workflow routing.
  • Business contact information for invoicing, support coordination, and solution design.
  • Technical telemetry such as IP addresses, device information, and interaction logs used for security.

How We Use Data

We only process personal data to deliver the Services and to fulfill contractual or legal obligations. This includes provisioning environments, delivering support, enabling hospitality communications, preventing fraud, improving product reliability, and meeting regulatory reporting duties.

Legal Bases

Where the EU General Data Protection Regulation (GDPR) or similar laws apply, we rely on the following legal bases for processing:

  • Performance of a contract: to provide the Coders PMS platform and related services.
  • Legitimate interests: to secure infrastructure, improve features, and communicate service updates.
  • Compliance with legal obligations: to maintain audit trails, tax records, and certifications.
  • Consent: for optional communications or features you configure that require explicit guest permission.

Data Sharing and International Transfers

We do not sell personal data. Access is limited to Coders.al personnel, subcontractors, or technology providers who require it to operate the Services and who are bound by confidentiality and data protection obligations.

Where data is transferred outside its country of origin, we implement safeguards such as Standard Contractual Clauses, regional hosting, or encryption to maintain an equivalent level of protection.

Security and Retention

Each tenant is provisioned with an isolated database, encrypted data-at-rest, and least-privileged access policies. Backups are encrypted before being stored in separate locations.

Controls we maintain

ISO 27001 and ISO 20000 control frameworks, multi-factor authentication for administrators, continuous monitoring, and incident response procedures validated through recurring tabletop exercises.

Personal data is retained for as long as necessary to fulfill the stated purposes or as required by law. You may configure custom retention periods for reservations, folios, and guest communications within your tenant.

Your Rights

Where applicable, individuals may exercise the following rights by contacting the Coders PMS client that collected their data or by reaching out to us for assistance:

  • Access personal data and obtain a copy.
  • Request corrections, deletions, or restrictions on processing.
  • Object to processing carried out on legitimate interest grounds.
  • Receive data in a portable format where technically feasible.

Contact and Requests

If you have privacy questions, want to report a security concern, or require a Data Processing Agreement, please contact our product team. We will respond within four business days.

Contact us at contact@coders.al for privacy questions, and security@coders.al to report urgent incidents.