Privacy Policy
Under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), Zenyon s.r.o. adopts this Privacy Policy.
This Privacy Policy applies to all users (hereinafter "You") of the online identity verification service operated by Zenyon s.r.o. (hereinafter the "Service"), marketed as GuestIdenty, who, upon receiving a personalised verification link from an accommodation provider ("Host"), submit a photograph of their identity document and a selfie for the purpose of guest registration.
This document provides information on the following:
- The roles of the parties involved (controller, processor, sub-processors);
- Our data processing practices when You use the Service;
- The legal basis, purpose, scope, and retention of the personal data we process;
- The recipients of Your personal data and the safeguards in place;
- Your rights as a data subject and how to exercise them.
I. Roles and Contact Information
Data Controller of guest registration data
The Host (the accommodation provider — hotel, guesthouse, short-term rental operator, or similar) who provided You with the verification link is the Data Controller of the personal data extracted from Your identity document and required for fulfilling their legal obligation of guest registration under the Convention Implementing the Schengen Agreement and the applicable national law of the country in which You are accommodated.
The Host is solely responsible for informing You of the purposes of processing of Your guest-registration data, for any subsequent storage, transmission to competent authorities, and retention of that data after it is delivered to them.
Data Controller of the biometric verification process
For the biometric verification step itself — namely the matching of Your selfie against the photograph on Your identity document, liveness detection, deepfake detection and video injection attack detection — the Data Controller is:
Zenyon s.r.o., Továrenská 14, Bratislava, Slovak Republic.
For inquiries regarding data protection, please use the following contact details:
- Email: gdpr@zenyon.sk
- Postal address: Zenyon s.r.o., Továrenská 14, Bratislava, Slovak Republic
Sub-processors
In delivering the Service, Zenyon s.r.o. relies on the following sub-processors:
- Innovatrics, s.r.o., Jurská 14621/19, 831 02 Bratislava, Slovak Republic — providing the biometric algorithms and identity document inspection components (Innovatrics Digital Identity Service / IDV Toolkit). Innovatrics' privacy notice for these components is available at innovatrics.com/privacy-policy-demo-applications.
- Lovable AB, Sweden — providing the cloud hosting and runtime environment on which the Service is operated. Processing resources are located within the European Union.
- Stripe Payments Europe Ltd., Ireland — providing payment processing for Host subscriptions (this concerns Host data only, not Your data as a verified guest).
Personal data of guests is not transferred to any third country outside the European Economic Area.
II. Purpose of Processing, Legal Basis, and Scope of Data
Purpose
The purpose of the Service is twofold:
- Biometric identity verification of the natural person submitting an identity document, by comparing biometric data (the facial image on the document) with a current photograph (selfie) of that person, including detection of liveness, deepfake and video injection attacks, in order to provide assurance that the document is genuine and that the person presenting it is its rightful holder.
- Extraction of the legally required guest-registration data from the identity document and transmission of only those fields to the Host, who needs them in order to comply with their statutory guest-registration obligation.
The verification result is an automated decision made by biometric algorithms. As the Service merely produces an assurance score that the Host then uses to decide whether to accept You as a guest under their own normal procedures, this does not constitute automated decision-making with legal or similarly significant effects within the meaning of Article 22 GDPR.
Legal basis
The legal basis for processing differs by category of data:
- For the biometric processing (selfie, facial image extracted from the document, liveness/deepfake/injection checks): Your explicit consent under Article 6(1)(a) GDPR in conjunction with Article 9(2)(a) GDPR, as biometric data are a special category of personal data. The consent confirmed by checking the consent box and pressing the "Start verification" or equivalent button in the Service before uploading the document and selfie will be considered Your explicit consent.
- For the extraction and transmission of guest-registration data (Your name, date of birth, nationality, document number, document type, document expiry) to the Host: the Host's compliance with a legal obligation under Article 6(1)(c) GDPR, namely the statutory guest-registration requirement applicable to lodging establishments.
You may withdraw Your consent to biometric processing at any time by contacting us at the addresses provided above. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. If You withdraw consent before completing verification, the verification session will be terminated and any data already collected will be deleted. If You decline to provide consent, the Service cannot be used; the Host may then ask You to verify Your identity by other lawful means.
If You are submitting personal data on behalf of another data subject (for example, a family member or co-traveller), You are fully responsible for ensuring that the data subject has provided their explicit consent for processing their data for the purposes set out in this Privacy Policy and has been informed of all necessary details, including the recipients of the personal data.
Scope of data processed
Upon uploading the identity document and selfie, the Service temporarily processes:
- The image(s) of Your identity document (front, and back where applicable);
- Your selfie photograph and short biometric capture sequence (used for liveness, deepfake and injection-attack detection);
- The biometric facial image extracted from the document;
- Personal data printed or encoded on the document, the exact scope of which depends on the type of document and the issuing country — typically: first name, surname, date of birth, nationality, document number, document type, date of issue and expiry, and the photograph on the document;
- Technical information about the device and browser used to access the Service (user agent, approximate IP-derived region) for fraud prevention and quality control.
From the data above, only the minimum set of fields legally required for guest registration is transmitted to the Host. Typically these are: first name, surname, date of birth, nationality, document type, document number, document expiry date, and the verification timestamp. The selfie, the document images, the extracted document portrait and the full machine-readable zone (MRZ) raw content are not transmitted to the Host and are not made available to the Host in any form.
III. Retention and Deletion
The Service is designed to operate on a near-stateless basis. Your images and biometric data are processed only for the duration strictly necessary to complete the verification and are deleted immediately upon completion of the verification process, in particular:
- The document images, selfie, biometric capture sequence and extracted document portrait are deleted from Zenyon's systems and from Innovatrics' systems within seconds of the verification verdict being produced.
- The extracted guest-registration data fields are held only until they are successfully delivered to the Host through the delivery channel the Host has chosen (email, host dashboard, or webhook), after which they are also deleted from Zenyon's systems.
- No copy of Your document, selfie, biometric template, or guest-registration data is retained by Zenyon s.r.o. after delivery is confirmed.
What Zenyon does retain, for the purposes of accountability and fraud prevention, is an operational audit log containing no personal data of guests — only metadata such as a verification identifier, timestamp, anonymous outcome (pass / fail), and which Host the link belonged to. This log is retained for 12 months and then deleted.
After the guest-registration data has been delivered to the Host, all further retention, storage, sharing with competent authorities, and eventual deletion of that data is the sole responsibility of the Host as the Data Controller for that processing.
IV. Hosting, Security, and Transfers
The Service runs on cloud infrastructure provided by Lovable AB, with processing resources located within the European Union. The biometric processing components provided by Innovatrics are operated on infrastructure within the European Union. No personal data of guests is transferred outside the European Economic Area.
Zenyon s.r.o. has implemented adequate technical, organisational, and security measures to protect personal data, taking into account the risks, the nature of processing, the latest technology and the cost of implementation, including:
- Encryption of data in transit (TLS) and at rest;
- Strict access control and role separation;
- Server-side handling of all biometric API calls (credentials never exposed to the browser);
- Automated deletion of session data upon delivery confirmation;
- Logging and monitoring of all access to processing systems;
- Confidentiality obligations binding all personnel and sub-processors.
Personal data will not be disclosed to any third party other than the Host (as described above) and the disclosed sub-processors, unless legally required (for example, in response to a lawful order from a competent supervisory or law-enforcement authority).
V. Your Rights
As a data subject under GDPR, You have the right:
- (i) Upon a written (including electronic) request, to access Your personal data — in particular, You may request confirmation of whether data is being processed, the categories of data processed, the purpose of processing, the source of the data, and the retention period;
- (ii) To rectify inaccurate data and complete incomplete data;
- (iii) To restrict processing under Article 18 GDPR (for example, where data is inaccurate or unlawfully processed);
- (iv) To obtain the personal data You provided in a structured, commonly used, and machine-readable format and to transfer it to another controller, under the conditions set out in Article 20 GDPR;
- (v) Where we process personal data based on Your consent, to withdraw that consent at any time; the withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal;
- (vi) To object in cases specified in Article 21 GDPR;
- (vii) To request the erasure of Your data where the purpose of processing has ended or in other cases specified in Article 17 GDPR.
Because Zenyon s.r.o. does not retain Your document images, selfie, biometric data or extracted guest-registration data after the verification has been completed and delivered, requests for access, rectification, portability or erasure relating to data already transmitted to the Host should be addressed directly to the Host as the Data Controller for that data.
You may exercise Your rights in respect of the biometric verification step by contacting Zenyon s.r.o. at the contact details provided above.
If You believe that the processing of Your personal data violates Your rights or the Data Protection Act or the GDPR, You may submit a complaint to Zenyon s.r.o. at Továrenská 14, Bratislava, Slovak Republic, or to the Office for Personal Data Protection of the Slovak Republic at Hraničná 12, 820 07 Bratislava 27, Slovak Republic; www.dataprotection.gov.sk; statny.dozor@pdp.gov.sk.
VI. Changes to this Privacy Policy
Zenyon s.r.o. may change or modify this Privacy Policy at any time, in particular with regard to legislative changes in the area of personal data protection. If we do so, we will inform You by posting the modified Privacy Policy in the Service or by other appropriate means of communication.
This Privacy Policy is governed by the laws of the Slovak Republic.
Effective date: 28 May 2026.