The Student Hotel s.a.r.l. (‘TSH’) operates activities in the business of hospitality, which includes offering hotel services, food and beverage facilities and co-working spaces. TSH is committed to protecting the privacy of all guests who interact with us at any moment during their TSH experience. We treat all the personal data of our guests with great care and we always act in accordance with the applicable national and international data protection legislation including the General Data Protection Regulation (GDPR).
This privacy statement is designed to fully inform you about our privacy practices including the collection of personal data, how we use it and the rights that exist for you to fully be in control of it. We love to interact with our guests so that we can learn and continue to improve the services we offer to the TSH community, which means data is exchanged and used on many occasions including: when you use our mobile applications, visit our websites, make a reservation or visit one of our hotels, food & beverage locations (‘The Commons’), co-working spaces (‘TSH Collab’), the gym or any other property that belongs to TSH.
2. Who we are
This Privacy Statement applies to the processing of personal data by The Student Hotel Group s.a.r.l. and more specifically the relevant subsidiary that determines the particular purpose of the personal data that is processed. In practice the data controller will be either TSH Management B.V. or TSH Southern Europe S.L. and the relevant TSH location you are engaging with.
TSH Management B.V. is a limited liability company registered under the laws of the Netherlands with its statutory seat in Amsterdam, the Netherlands, and its office at Aambeeldstraat 34 (1021KB) Amsterdam, PO Box 9082 (1006AB) Amsterdam, registered with the Dutch Chamber of Commerce under number 55241247. TSH Management B.V. is the legal entity that acts as the primary data controller for all Northern European TSH subsidiaries.
TSH Southern Europe S.L. is a limited liability company registered under the laws of Spain with its statutory seat in Barcelona, Spain, and its office at Calle de Sanchi de Avila 22, 08018, registered under the number B 62647631. TSH Southern Europe Management S.L. is the legal entity that manages and acts as the primary data controller for all Southern European TSH subsidiaries.
We may change this Privacy Statement to reflect changes at any time. The most recent version of the Privacy Statement is reflected by the version date located in the top left of this document. All updates and amendments are effective immediately upon notice, which we may give by posting a revised version of this Privacy Statement on the Website. We encourage you to review this Privacy Statement often to stay informed of changes that may affect you, as your continued use of our services signifies your continuing awareness of this Privacy Statement.
4. What categories of personal data do we collect and why?
The type of data that TSH collects and what we do with it depends on how it was collected and the type of service you have signed up to enjoy. For example:
Browsing TSH websites
We may use this information for additional purposes depending on the cookie preferences you select for example to provide relevant offers on other websites you visit via online and third-party advertisements. We may also use this information for remarketing purposes to remind and assist you with potential bookings that were left incomplete.
Subscribing using forms (online and offline)
When you subscribe to a newsletter, event, deal, competition or classroom online or offline you will be requested to provide certain data, which may include but not limited to name, e-mail, event you’re interested in, profession, residence, city, gender, phone and date of birth.
We use this information to contact you about the relevant topic you have indicated you are interested in. We will only contact you when we believe there is a legitimate interest to do so based on the interest and information you have declared.
We may also use this information to perform other marketing activities regarding TSH more generally. We will only use the information submitted for marketing if you have provided consent for us to do so by most typically ticking the opt-in tick box when submitting the information on the form. You can unsubscribe from marketing e-mails at any time by clicking the unsubscribe link contained in the e-mail.
When you join as a TSH Collab member
When you apply to join as a member of TSH Collab, you will provide us with your name, your (e-mail) address, your home address, and your payment details.
This information will be used for processing the membership application, billing purposes and to allow us to communicate with you about your membership, including sending surveys to understand how we can improve the service offered.
We will also use this information to send general marketing e-mails about other TSH material but only if you have given us consent to do so by clicking the opt-in tick-box when joining as a member.
When you make a reservation at the Commons restaurant
When you make a reservation at the Commons, you will provide us with your name, e-mail address, reservation details and dietary preferences / allergies.
This information will be used for processing the reservation and to communicate with you about the reservation.
We will also use this information to send general marketing e-mails about other TSH material but only if you have given us consent to do so by clicking the opt-in tick-box when making the reservation.
When you make a hotel booking as a hotel guest or short / extended stay guest
When you make a reservation as a hotel guest or a short stay guest at TSH, you will provide us with your name, your (e-mail) address, your home address, your stay preferences, the dates you are staying with us and your payment details.
This information will be used for processing the hotel booking, billing purposes and to allow us to communicate with you about your booking, including sending surveys to understand how we can improve the service offered.
We will also use this information to send general marketing e-mails about other TSH news, events and deals but only if you have given us consent to do so by clicking the opt-in tick-box when making the booking.
When you make a hotel booking as a semester guest
When you make a reservation as a semester guest, you may be required to provide TSH with your name, your home address, place of birth, nationality, ID/passport number, and a copy of the registration of your university. Furthermore, you may provide us with the personal details of your parents and/or guarantor ensuring that they are aware that such data will be shared. These details will be used to process the booking, billing purposes, communication about the reservation, in the event of an emergency and sending surveys to understand how we can improve the services offered.
As soon as you make a reservation as a semester guest you automatically receive a login code to enter the TSH LIFE App and/or our online portal.
Within 3 weeks of check-in you are contractually obligated to provide TSH with evidence of your registration with local municipality (if applicable). The evidence may include your individual identification number.
When making using the TSH LIFE App
When you make use of the TSH LIFE App, we collect the following types of data:
When attending TSH events and using the hotel facilities
When you attend events and make use of the TSH facilities you may be requested to provide various personal data for example using the photobooths in the hotel lobbies.
This information will be used for the processing activity specified when giving the personal data. It may also be used to send general marketing emails about other TSH news, events and deals but only if you have given us consent to do so by giving consent to receive such information.
After your TSH experience
After what we hope is only your first TSH experience we will continue to store your personal data in a profile that is strictly accessible by TSH and its affiliates. Should you return to TSH in the future, we want to be able to offer the best possible service, including the ability to customize your stay based on your previous personal preferences. We will only do this to the extent that we believe we have a legitimate interest to do so which in every case will be to improve the service we can offer to you in the future across all our locations and services.
The data collected may therefore be kept for as long as we believe you may return to TSH or until you communicate your right to be deleted.
We will also continue to send you marketing e-mails to keep you updated if you have previously giving consent for us to do so and will continue to do so for as long as we believe the content is valid and of interest to you.
You can of course unsubscribe anytime you like by following the link contained in the bottom of the email or contacting p[email protected].
5. Legal grounds for the processing activities identified
Based on the contractual agreement
Based on legal obligations
Based on TSH legitimate interests
Based on your explicit consent
6. Who has access to your personal data?
We handle your personal data discreetly and will process the personal data only for strictly our own purposes. We will only transfer your personal data to third parties if it is necessary for us to fulfill our contractual obligations towards you, when it is necessary to perform functions you have granted consent for us to do or any other identified legal ground under data protection law. The third parties we work with are bound by the same conditions toward you and your personal data as written in this privacy statement.
7. Your rights
We want to make sure that you are fully in control of your personal data. You have multiple rights and we want to ensure they are respected. If you wish to exercise any of the rights listed below, please make your request by sending an e-mail to:
Please state clearly in the subject heading what type of request you are making including as much detail as you can to assist us complete your request as quickly as possible. Please confirm as a minimum:
We will complete your request within 4 weeks.
Right of access
If you want to know what personal data we have collected and/or processed from you, you can request TSH to provide an overview. We will provide you with an overview of your personal data that we collect and/or process.
If you believe that the personal data that we process is incorrect, inaccurate or incomplete, you may ask us to change or remove such personal data.
Erasure (‘Right to be forgotten’)
If you want us to remove the personal data we have collected and/or processed from you, you can request TSH to erase your personal data.
Instead of requesting erasure, you may also request us to restrict the way we are processing your personal data. Restriction can be requested i.e. in case the personal data is inaccurate, unlawful, or pending a decision of a complaint lodged by you. If you restrict us from processing, we will only further process your data with your consent.
If you want to transfer the processed personal data to another controller of your choice, you may request us to provide you with a copy of your personal data in a structured, commonly used, and machine-readable format.
You have always the right to object against the processing of your personal data by TSH. If it concerns a processing activity that requires consent you are always entitled to remove your consent.
Limitations of your rights
When a data subject request is made TSH will as a standard policy provide this service free of charge, however in exceptional cases TSH reserves the right to charge a reasonable fee. Data subject requests will only be implemented after the individual making the request has proved their identity, which confirms that they are indeed the subject that the request concerns. This can be achieved by sending a copy of a passport from the e-mail account that was used when signing up to a TSH service.
Finally, in certain situations TSH may be entitled to legally refuse requests. If TSH believe there are legitimate grounds that override the interest of the data subjects request, then TSH may reasonably refuse to fulfill the request. TSH will always justify in writing why that is the case.
Right to contact the supervisory body
If you believe your data request is not being handled correctly you are entitled to contact the TSH lead national data supervisory body. The appropriate authority in the Netherlands is:
2509 AJ DEN HAAG
8. How do we protect your personal data?
TSH takes the security of personal data seriously and has implemented the following security measures:
Physical Access Controls: TSH have taken reasonable measures to prevent physical access, such as security personnel and secured buildings to prevent unauthorized persons from gaining access to Personal Data or have ensured third party partners operating data centers on our behalf are adhering to such controls.
System Access Controls: TSH have taken reasonable measures to prevent Personal Data from being used without authorization. The controls vary based on the nature of the processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorization processes and logging of access on several levels.
Data Access Controls: TSH take reasonable measures to provide that Personal Data is accessible and manageable only by properly authorized staff; application access rights are established and enforced to ensure that persons entitled to use a system only have access to the Personal Data to which they have privilege of access and a companywide policy that Personal Data cannot be read, copied, modified or removed without authorization in the course of processing.
Transmission Controls: TSH have taken reasonable measures to ensure that it is possible to check and establish to which entities the transfer of Personal Data by means of data transmission facilities is envisaged so personal data cannot be read, copied, modified or removed without authorization during electronic transmission or transport.
Input Controls: Data Processor shall take reasonable measures to provide that it is possible to check and establish whether and by whom personal data has been entered into data processing systems, modified or removed. Data TSH have taken reasonable measures to ensure that (i) the Personal Data is always under TSH control and (ii) Personal Data is managed by secured transmission.
Data Backup: Back-ups of the databases are taken on a regular basis, are secured, and encrypted to ensure that Personal Data is protected against accidental destruction, loss or unauthorized disclosure.
Logical Separation: Data collected for different TSH services and purposes is logically segregated in TSH systems to ensure that Personal Data that is collected and processed for the particular purpose it was collected for by TSH
Security Audit: External security audits are performed periodically. TSH are implementing a maturity plan that will continuously improve security standards and work towards a standardized ISO certification.
9. Transfer of personal data to other countries
For many of our business purposes we use cloud-based services. Therefore, for technical and organizational reasons, it may be necessary that your personal data is transferred to servers located in other countries outside of the European Economic Area. TSH have implemented internal processes to ensure that your personal data will only be sent to parties and/or countries with an adequate level of personal data protection.
10. Links to other websites
The Websites may contain links to other websites we do not control. Therefore, we will not be responsible for the content of these websites, nor for the processing of personal data that may occur on these websites.
If you have any questions about this Privacy Statement, please email: