Privacy Policy
This policy describes how HITECH GROUP processes personal data in accordance with the GDPR and the French Data Protection Act.
Publisher / Site controller: HITECH GROUP — SASU with share capital of €5,000, registered office 2323 Chemin de Saint-Bernard, 06220 Vallauris, RCS Antibes 101 382 752
Brand: NEXO Hotel AI Solutions
Last updated: May 2026
1. Purpose
This Privacy Policy describes how HITECH GROUP, publisher of the NEXO Hotel AI Solutions platform, processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act No. 78-17 of 6 January 1978, as amended.
It applies to data processed via the website nexo-hotel.com and via the NEXO solution deployed in client hotel establishments.
2. Roles and responsibilities
When the NEXO solution is used by a hotel establishment, the hotel acts as data controller for its guests’ data, and HITECH GROUP acts as processor within the meaning of the GDPR. The terms of such processing are set out in the Data Processing Agreement (DPA).
For data collected directly via nexo-hotel.com (contact form, demo request), HITECH GROUP acts as data controller.
3. Data collected and legal bases
| Processing | Data concerned | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Provision of the concierge service (chat, messaging, voice) | Conversation content, language, session metadata, contact details if provided | Contract performance — Art. 6(1)(b) |
| Demo / contact request via the website | Name, email, phone, establishment name | Pre-contractual measures — Art. 6(1)(b) |
| Solution improvement, platform security | Anonymized or pseudonymized technical data, logs | Legitimate interest — Art. 6(1)(f) |
| Advanced personalization, profiling, marketing (where applicable) | Preferences, behaviour | Consent — Art. 6(1)(a) |
| Accounting retention and security obligations | Billing data, security logs | Legal obligation — Art. 6(1)(c) |
In accordance with Article 6 of the GDPR, each processing activity relies on an identified legal basis:
No special categories of data (sensitive data within the meaning of Article 9 GDPR) are processed in the standard operation of the solution.
4. Purposes
Data is processed to: provide the AI concierge service to hotel guests, respond to contact and demo requests, ensure security and improvement of the solution, and comply with applicable legal obligations.
5. Retention periods
| Data category | Active retention | Archiving | Action at end of period |
|---|---|---|---|
| Conversation data (chat, messaging) | Duration of subscription | 6 months post-termination | Automatic deletion |
| Call data (Phone AI) | 3 months | 3 months | Purge after 6 months |
| Access and audit logs (security) | 12 months | 6 months | Deletion |
| AI activity logs (traceability) | 12 months | 12 months | Purge after 24 months |
| Billing data | 10 years | — | Legal obligation (French Commercial Code) |
| Contact data (prospects, demo) | 3 years after last contact | — | Deletion |
6. Recipients and subprocessors
| Category | Purpose | Location |
|---|---|---|
| Cloud hosting provider | Hosting and storage of data | European Union (Germany) |
| AI model providers (OpenAI, Anthropic, Mistral depending on configuration) | Automated natural language processing | EU / compliant transfer mechanisms (SCCs) |
| Machine translation service | Real-time multilingual translation | European Union |
| Speech synthesis and recognition services (Phone AI option) | Voice generation and recognition | European Union |
Data may be processed by the following categories of subprocessors acting on behalf of HITECH GROUP in connection with the provision of the service:
Each subprocessor is bound by an agreement compliant with Article 28 of the GDPR. An up-to-date detailed list is available on request at contact@nexo-hotel.com.
7. Transfers outside the European Union
Data is hosted in the European Union (Germany). However, certain third-party providers may carry out transfers outside the EU; in such cases, HITECH GROUP ensures appropriate safeguards compliant with Chapter V of the GDPR (European Commission standard contractual clauses or adequacy decision).
8. Your rights
Under the GDPR, data subjects have the following rights: access, rectification, erasure, restriction, portability, objection, and the right to define directives regarding the fate of their data after death.
Where data is processed in connection with use of the NEXO solution within a hotel, these rights should primarily be exercised with the hotel (data controller). HITECH GROUP provides technical assistance to the hotel to respond.
For data collected via the website, or for any questions, you may contact us at: contact@nexo-hotel.com.
You also have the right to lodge a complaint with the CNIL — 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France — www.cnil.fr.
9. Artificial intelligence and transparency
The NEXO solution relies on artificial intelligence technologies. In accordance with the European Artificial Intelligence Act (Regulation (EU) 2024/1689), users are informed that they are interacting with an automated assistant, not a human operator.
Transfer to a member of the establishment’s staff remains possible at any time. AI-generated responses are produced automatically; human intervention remains available when needed.
10. Security
HITECH GROUP implements appropriate technical and organizational measures (encryption in transit and at rest, access control, logging, backups) to protect data against unauthorized access, alteration or disclosure.
11. Cookies
The website nexo-hotel.com may use cookies strictly necessary for its operation, and, subject to your consent, audience measurement cookies. You may manage your preferences at any time.
12. Changes
This Policy may be updated to reflect legal or technical developments. The date of the last update appears at the top of the document.
Contact: contact@nexo-hotel.com