Privacy Policy

Privacy Policy

Last updated: 01.05.2026 · Policy Owner: Operations Team

1. Introduction

This Privacy Policy explains how Fuse Stays collects, uses, shares, and protects your personal data when you visit our website, create an account, apply for Fuse membership, book a unit, or rent from us.

Your privacy matters to us. We aim to process your personal data lawfully, transparently, and only for the purposes described below. This policy is written to comply with the EU General Data Protection Regulation (GDPR) and with applicable national laws in Belgium, Latvia, and Hungary.

If you have any questions, or would like to exercise your privacy rights, please contact us at privacy@fusestays.com.

2. Who is responsible for your data (Data Controllers)

Depending on how you interact with Fuse Stays, one or more of the following Fuse Stays group entities is the data controller for your personal data:

• Fuse Stays BV (platform, booking, membership, marketing)
  Wolstraat 70, 1000 Brussels, Belgium
  KBO: 1023.053.654 · EUID: BEKBOBCE.1023.053.654
• SIA Fuse Hotel Latvia (tenancy data for Units in Riga)
  Strēlnieku iela 3-12, LV-1010 Rīga, Latvia
  VAT: LV40203565468
• Fuse Living Kft. (tenancy data for Units in Budapest)
  Ferenc krt. 1, 2. em. 13/a, 1094 Budapest, Hungary
  VAT: HU32628636

How this works in practice:

• When you browse our website, create an account, apply for membership, or pay the Membership Fee → Fuse Stays BV is the controller.
• When you sign a Tenancy Agreement and become a tenant → the relevant Local Entity (SIA Fuse Hotel Latvia or Fuse Living Kft.) is the controller for tenancy-related data.
• For marketing communications and community benefits → Fuse Stays BV is the controller.

Where more than one entity has controller responsibilities, they act as joint controllers under GDPR Article 26 for the relevant processing. You may contact any of the entities using the details above, or simply write to privacy@fusestays.com, and we will route your request appropriately.

3. What personal data we collect

3.1 Information you give us

When you create an account and apply for Fuse membership:

• Full name
• Email address
• Phone number
• Date of birth (to verify age eligibility)
• Desired city, contract start date, and contract length

When you complete document verification:

• A copy of your government-issued identity document (passport or national ID card)
• A document evidencing the purpose of your stay (e.g., enrollment letter, internship agreement, employment contract, volunteering agreement, exchange program confirmation)

When you sign a Tenancy Agreement:

• Your signature (electronic)
• Contact details of a next-of-kin or emergency contact (if provided)
• Tenancy details (unit, dates, rent, deposit)

When you communicate with us:

• The content of your emails, support messages, and chats
• Any information you choose to share about maintenance issues, complaints, or requests

When you participate in community activities or give feedback:

• Responses to surveys
• Reviews or testimonials (only if you give us consent to collect and publish these)
• Event attendance and RSVPs

3.2 Information we collect automatically

• Website analytics data collected via Google Analytics 4 (see Section 3.3 below and our Cookie Policy)

We do not otherwise collect IP addresses, device identifiers, or browser information directly ourselves — this data, where collected, is collected via the analytics and marketing tools described in our Cookie Policy.

3.3 Information from third parties

• Payment information: When you pay the Membership Fee, payment is processed directly by our payment provider (Stripe). We do not receive or store your credit or debit card details. We only receive confirmation of successful payment, the amount, and transaction reference.

3.4 CCTV at our properties

Some of our properties have CCTV cameras at building entrances, hallways, and indoor common areas for safety and security purposes. CCTV does not cover private rooms or private bathrooms. Signage is displayed at each property where CCTV is in use.

4. Why we process your data and on what legal basis

Under GDPR, we can only process your personal data if we have a lawful basis. Here is what we process, why, and on what basis:

4.1 To manage your application and membership

What: Account creation, identity verification, eligibility checks, application review, Membership Fee processing, community benefits.
Legal basis: Performance of a contract (GDPR Article 6(1)(b)) — we need this data to provide you with the Fuse Stays platform and membership you applied for.

4.2 To provide the tenancy

What: Signing the Tenancy Agreement, managing rent payments and deposits, handling maintenance and support, managing check-in and check-out, deposit refunds.
Legal basis: Performance of a contract (Article 6(1)(b)) — we need this data to fulfill the Tenancy Agreement.

4.3 To verify your identity and eligibility

What: Checking your ID document and proof-of-purpose document. Confirming you meet the eligibility criteria (age, purpose, valid documentation).
Legal basis: Legitimate interests (Article 6(1)(f)) — we have a legitimate interest in verifying that applicants meet the community eligibility criteria, for the safety and quality of our shared housing product. Also performance of a contract where this is a precondition of membership.

4.4 To meet legal and accounting obligations

What: Keeping invoicing and accounting records, tax filings, responding to lawful requests from authorities.
Legal basis: Legal obligation (Article 6(1)(c)).

4.5 To send you operational communications

What: Account-related emails, booking updates, payment reminders, maintenance notifications, end-of-tenancy communications, policy changes.
Legal basis: Performance of a contract (Article 6(1)(b)) — these are essential to the service.

4.6 To send you marketing communications

What: Emails about Fuse Stays offers, new properties, community events, partner benefits, and similar content.
Legal basis: Your consent (Article 6(1)(a)) — you tick a separate consent box when you create an account or apply.

You can withdraw your consent at any time by clicking "unsubscribe" in any marketing email, or by emailing privacy@fusestays.com. Withdrawing your consent does not affect the lawfulness of processing before withdrawal.

4.7 To remarket to incomplete bookings

What: If you started an application and gave us your email, but did not complete the booking, we may send you follow-up emails with offers, reminders, and housing suggestions.
Legal basis: Your consent (Article 6(1)(a)) — we only do this where you have ticked the marketing consent box during the application flow. You can unsubscribe at any time.

4.8 To ensure safety at our properties (CCTV)

What: CCTV recordings at property entrances, hallways, and indoor common areas.
Legal basis: Legitimate interests (Article 6(1)(f)) — to protect the safety of our tenants, staff, and property, and to help investigate incidents if they occur.

4.9 To improve our website and services

What: Analytics data via Google Analytics 4 (aggregated and pseudonymized), understanding how users interact with the website.
Legal basis: Your consent (Article 6(1)(a)) — we only process analytics data where you have accepted analytics cookies.

4.10 To publish reviews and testimonials

What: Using reviews and testimonials you have provided on our website, marketing materials, or social media.
Legal basis: Your consent (Article 6(1)(a)) — we only publish these where you have explicitly agreed.

4.11 To establish, exercise, or defend legal claims

What: Retaining and using data in case of disputes, complaints, or legal proceedings.
Legal basis: Legitimate interests (Article 6(1)(f)) — to protect our legal rights.

5. Who we share your data with

We do not sell your personal data. We share it only with the parties listed below, and only for the purposes described.

5.1 Our processors (service providers acting on our behalf)

We use carefully selected third-party service providers to help us run our business. They act as data processors under a Data Processing Agreement (DPA) with us. They can only use your data on our instructions, for the purposes we specify, and are contractually prohibited from using it for their own purposes or sharing it with others.

Our main processors include:

• Salesforce — our property management system (PMS), CRM, and email marketing platform. Stores tenant records, application data, communications history, and marketing lists. Data is hosted in Salesforce's cloud infrastructure under strict security controls.
• Stripe — payment processor for the Membership Fee. Handles card payments directly; we do not receive or store card details.
• Google Analytics 4 — website analytics provider.
• Text.com (LiveChat) — our customer support ticketing and chat platform. Stores chat and ticket history.
• Amazon Web Services (AWS) — cloud infrastructure provider hosting fusestays.com and related services. Data is hosted in AWS's EU data centers where possible.

5.2 Between Fuse Stays entities

Your data may be shared between Fuse Stays BV and the relevant Local Entity (SIA Fuse Hotel Latvia or Fuse Living Kft.) as necessary to deliver the full service (booking platform → tenancy → community benefits). This is governed by an intra-group data sharing arrangement.

5.3 Authorities and legal recipients

We may disclose data where required by law, to comply with lawful requests from public authorities (tax, law enforcement, courts), or to protect our rights and safety.

5.4 Professional advisors

We may share data with our lawyers, accountants, auditors, or insurers where necessary and subject to their own confidentiality obligations.

5.5 In case of business transfer

If Fuse Stays is involved in a merger, acquisition, or asset sale, personal data may be transferred. We will give you notice before your data is transferred and becomes subject to a different privacy policy.

6. International data transfers

Some of our processors are located in, or transfer data to, countries outside the European Economic Area (EEA). This includes:

• United States: Salesforce, Stripe, Google Analytics, Text.com, and Amazon Web Services (AWS) — noting that for AWS we host primarily in EU data centers, but AWS is a US-headquartered company with potential US access under US law.

Where we transfer your data outside the EEA, we rely on appropriate safeguards as required by GDPR:

• EU-US Data Privacy Framework (DPF): Salesforce, Stripe, Google, AWS, and Text.com are certified under the EU-US DPF, providing an adequate level of protection for transfers from the EU to the US.
• Standard Contractual Clauses (SCCs): Where the DPF does not apply or is supplemented, we use the European Commission's SCCs.
• Additional safeguards: including encryption in transit and at rest, pseudonymization where appropriate, and data minimization.

You can request more information about the specific safeguards in place for transfers relevant to your data by emailing privacy@fusestays.com.

7. How long we keep your data

We keep your personal data only as long as needed for the purposes described in this policy, after which it is deleted or anonymized. Our main retention periods:

Where data is retained for legal obligations (e.g., accounting), we restrict access to what is strictly necessary.

8. How we protect your data

We take appropriate technical and organizational measures to protect your data, including:

• Data storage with reputable cloud service providers (primarily Salesforce) that maintain industry-standard security certifications
• Encryption of data in transit (HTTPS/TLS) and at rest
• Role-based access controls — only authorized Fuse Stays personnel can access personal data, and only to the extent needed for their role
• Contractual obligations on all processors (DPAs) prohibiting unauthorized use or sharing of data
• Secure password handling and account authentication
• Staff training on data protection and confidentiality

Despite our efforts, no method of transmission or storage is 100% secure. If a personal data breach occurs, we will notify affected users and the relevant supervisory authorities in line with GDPR Article 33 and 34.

9. Your privacy rights

Under GDPR, you have the following rights in relation to your personal data:

• Right of access — you can ask us for a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — you can ask us to delete your data in certain circumstances.
• Right to restriction of processing — you can ask us to stop using your data temporarily while a dispute is resolved.
• Right to data portability — you can ask us to provide your data in a portable format, or to transfer it to another controller.
• Right to object — you can object to processing based on legitimate interests, including for direct marketing purposes.
• Right to withdraw consent — where processing is based on your consent, you can withdraw it at any time.
• Right not to be subject to automated decision-making — we do not make automated decisions that produce legal or similarly significant effects about you.

To exercise any of these rights, email privacy@fusestays.com. We will respond within one month (which may be extended by two further months for complex requests, in which case we will inform you).

There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive.

10. Your right to complain

If you believe we have handled your personal data unlawfully, we'd like the chance to resolve it directly — please contact privacy@fusestays.com first.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular:

• Belgium (primary): Gegevensbeschermingsautoriteit / Autorité de protection des données (APD/GBA)
  Drukpersstraat 35, 1000 Brussels · contact@apd-gba.be · https://www.dataprotectionauthority.be
• Latvia: Datu valsts inspekcija (DVI)
  Elijas iela 17, Rīga, LV-1050 · pasts@dvi.gov.lv · https://www.dvi.gov.lv
• Hungary: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
  Falk Miksa utca 9-11, 1055 Budapest · ugyfelszolgalat@naih.hu · https://www.naih.hu

You can also complain to the supervisory authority in the EU country where you live, work, or where the alleged infringement took place.

11. Children's data

Fuse Stays is an adult community-housing platform and is not intended for use by children. We require applicants to be under 35 and at least 18 at the contract start date.

We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not use our website or provide any personal data to us. If we learn that we have collected personal data from someone under 18, we will delete it without undue delay.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@fusestays.com.

12. Cookies and similar technologies

We use cookies and similar tracking technologies on our website for essential functions, analytics, and marketing. Full details — including the categories of cookies, the specific providers, and how to manage your cookie preferences — are set out in our separate Cookie Policy.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or applicable law. If we make material changes, we will notify current Members by email and update the "Last updated" date at the top of this policy.

We encourage you to review this policy periodically.

14. Contact us

For any questions about this Privacy Policy, to exercise your rights, or to raise a concern, please contact us at:

Email: privacy@fusestays.com
Post (Fuse Stays BV, platform controller): Wolstraat 70, 1000 Brussels, Belgium

For tenancy-specific data questions, you may also contact the relevant Local Entity directly using the details in Section 2.