NOLLIE PRIVACY POLICY

This Privacy Policy explains how Nollie Pte Ltd ("nollie," "we," "our," or "us"), a company incorporated in Singapore (UEN: 202517156D), collects, uses, discloses, and protects personal data in connection with our AI-powered hospitality CRM platform (the "Service").

1. SCOPE AND ROLES

1.1 Scope of this Policy

This Privacy Policy applies to:

  • Personal data of hospitality businesses who subscribe to our Service ("Business Subscribers")
  • Personal data of the customers of Business Subscribers ("End-Customers") that is processed through our Service
  • Visitors to our website at [nollie.ai]

1.2 Data Controller and Processor Roles

  • For Business Subscriber Data: nollie acts as a data controller, determining the purposes and means of processing.
  • For End-Customer Data: nollie acts as a data processor, processing such data solely on behalf of and according to the instructions of Business Subscribers, who remain the data controllers.

2. INFORMATION WE COLLECT

2.1 Business Subscriber Data

We collect and process the following categories of personal data from our Business Subscribers:

  • Account information: Names, job titles, business contact details, and login credentials
  • Billing information: Payment details, billing addresses, and transaction history
  • Usage information: Service interaction data, feature usage, and settings preferences
  • Communications: Customer support inquiries and other correspondence
  • Device information: IP addresses, browser types, and technical identifiers

2.2 End-Customer Data

As a data processor, we may process the following categories of End-Customer data on behalf of Business Subscribers:

  • Contact information: Names, email addresses, phone numbers, and postal addresses
  • Reservation details: Booking dates, preferences, and special requests
  • Service preferences: Dining choices, amenity requests, and other preferences
  • Loyalty program information: Membership status and history
  • Communication history: Records of interactions with the Business Subscriber

2.3 AI Processing of Personal Data

Our Service utilizes artificial intelligence and machine learning to process personal data for:

  • Analysing customer preferences and behaviour patterns
  • Generating insights and personalized recommendations
  • Optimizing resource allocation and service delivery
  • Predicting future customer needs and trends

3. HOW WE USE YOUR INFORMATION

3.1 Business Subscriber Data

We use Business Subscriber data for:

  • Providing and maintaining the Service
  • Processing transactions and sending related information
  • Responding to inquiries and providing customer support
  • Sending administrative messages and updates
  • Providing personalized features and recommendations
  • Improving and developing the Service
  • Protecting against fraudulent or unauthorized activity
  • Marketing our products and services

3.2 End-Customer Data

We process End-Customer data solely as instructed by our Business Subscribers for:

  • Customer relationship management
  • Generating personalized marketing recommendations
  • Creating customer profiles and insights
  • Analyzing customer preferences and behavior
  • Optimizing service delivery and customer experience

3.3 Legal Basis for Processing (For EU/UK Users)

We process personal data on the following legal bases:

  • Performance of our contract with you
  • Our legitimate business interests
  • Your consent, where specifically requested
  • Compliance with legal obligations

4. DATA SHARING AND DISCLOSURE

4.1 Service Providers

We may share personal data with trusted third-party service providers who perform services on our behalf, including:

  • Cloud infrastructure providers for hosting (AWS Australia)
  • Payment processors for billing transactions
  • Customer support services
  • Data analytics providers
  • AI technology partners

4.2 Business Subscriber Access

When acting as a data processor, we make End-Customer data available to the Business Subscriber who provided it to us, in accordance with our agreement with that Business Subscriber.

4.3 Subprocessor Management

We engage subprocessors to assist with providing the Service. Business Subscribers authorize this use, and we:

  • Maintain information about current subprocessors at [nollie.ai/subprocessors]
  • Impose appropriate data protection terms on subprocessors
  • Remain responsible for subprocessor performance
  • Provide reasonable notice of new subprocessors

4.4 Legal Requirements

We may disclose personal data if required by law, regulation, legal process, or governmental request. We may also disclose data to enforce our terms, protect our rights or property, or protect the safety of our users or others.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred as a business asset. We will notify affected users of any such change.

5. DATA SECURITY

5.1 Security Measures

We implement appropriate security measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Strong authentication and access controls
  • Regular security assessments and monitoring
  • Staff security training
  • Physical security controls for offices and data centres

5.2 Data Breach Response

In the event of a data breach affecting personal data, we will:

  • Investigate the breach and take remedial action
  • Notify affected Business Subscribers without undue delay
  • Assist Business Subscribers with their notification obligations
  • Document the facts, effects, and remedial actions taken

6. DATA RETENTION

6.1 Business Subscriber Data

We retain Business Subscriber data for the duration of the subscription plus a limited period afterward to:

  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements
  • Protect against fraud or abuse

6.2 End-Customer Data

As a data processor, we retain End-Customer data in accordance with the instructions of Business Subscribers and our contractual agreements. Unless otherwise instructed, we generally retain End-Customer data for the duration of our agreement with the Business Subscriber plus 30 days to allow for data retrieval following termination.

7. CROSS-BORDER DATA TRANSFERS

7.1 Data Locations

nollie's primary data processing facilities are located in Singapore, with additional processing through AWS in Australia. AI processing may occur in the United States.

7.2 Transfer Safeguards

When transferring personal data across borders, we implement appropriate safeguards, including:

  • Contractual clauses requiring adequate data protection
  • Technical and organizational measures to secure data
  • Compliance with jurisdictional requirements for Singapore, Australia, and New Zealand

8. AI-SPECIFIC PROVISIONS

8.1 AI Technology Description

Our Service employs machine learning algorithms that:

  • Analyse historical guest data to identify preferences and patterns
  • Generate predictions about future guest behaviour
  • Create personalized recommendations for guest communications and services
  • Optimize operational workflows based on historical patterns

8.2 AI Training and Improvement

nollie may use aggregated and anonymized data derived from use of the Service to train and improve our AI systems, provided such use does not identify specific Business Subscribers or End-Customers. Business Subscribers may opt out of having their data used for AI training by contacting support@nollie.ai.

8.3 Decision-Making and Human Oversight

Our AI systems are designed to assist, not replace, human decision-making. Business Subscribers should:

  • Review AI-generated recommendations before implementation
  • Maintain human oversight for significant decisions affecting guests
  • Consider the context and specific circumstances of each guest
  • Recognize the probabilistic nature of AI-generated insights

9. YOUR RIGHTS AND CHOICES

9.1 Business Subscriber Rights

Depending on your location, you may have the following rights regarding your personal data:

For Business Subscribers in Singapore (under PDPA):

  • Right to access personal data we hold about you
  • Right to correct inaccurate personal data
  • Right to withdraw consent to the collection, use, or disclosure of personal data
  • Right to data portability in applicable circumstances

For Business Subscribers in Australia (under Privacy Act):

  • Right to access personal information we hold about you
  • Right to correct inaccurate personal information
  • Right to make a complaint about a breach of the Australian Privacy Principles

For Business Subscribers in New Zealand (under Privacy Act 2020):

  • Right to access personal information we hold about you
  • Right to correct inaccurate personal information
  • Right to request deletion of personal information in certain circumstances

9.2 End-Customer Rights

As a data processor, we process End-Customer personal data on behalf of our Business Subscribers. If you are an End-Customer and wish to exercise your data subject rights, please contact the relevant Business Subscriber directly. They are the data controller responsible for handling your request.

9.3 How to Exercise Your Rights

To exercise your rights as a Business Subscriber, please contact us at support@nollie.ai.

10. COOKIES AND TRACKING

We and our third-party partners may use cookies and similar technologies to collect information about your browsing activities on our website. These technologies help us analyse website traffic, personalize content, and improve our services.

You can manage your cookie preferences through your browser settings. However, blocking certain cookies may impact your experience on our website and limit certain features.

11. CHILDREN'S PRIVACY

Our Service is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without verification of parental consent, we will delete that information promptly.

12. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify Business Subscribers of material changes by email or through the Service. Continued use of the Service after such notice constitutes acceptance of the updated policy.

13. CONTACT INFORMATION

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Nollie Pte Ltd
Email: support@nollie.ai

Data Protection Officer:
Email: team@nollie.ai

For Business Subscribers in Australia: team@nollie.ai
For Business Subscribers in New Zealand: team@nollie.ai

Last updated: 17th May 2025