Privacy & Cookies Policy – Wishmiq Ltd

Wishmiq Ltd (“Wishmiq”, “we”, “us”, or “our”) is committed to protecting personal data and respecting the privacy of individuals whose information we process.

This Privacy & Cookies Policy explains how personal data and information collected through cookies and similar technologies is collected, used, disclosed, and safeguarded when you visit www.wishmiq.co, communicate with us, or access or use our cloud-based software solutions and related services.

This policy is designed primarily to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we operate in other jurisdictions, we aim to apply data protection standards consistent with the principles set out in this policy.

This policy covers the following platforms and services:

• Wishmiq Website (www.wishmiq.co)
• ElySuite Web Platform (elysuite.co)
• ElySuite Mobile App for iOS (Apple App Store)
• ElySuite Mobile App for Android (Google Play Store)

1. About Wishmiq

Wishmiq Ltd is a technology company that designs, develops, and operates cloud-based Software-as-a-Service (SaaS) solutions and provides related digital services to business clients. Our services enable organisations to configure and use software platforms to manage business operations, users, records, and transactions. The nature and scope of personal data processed depends on how clients choose to configure and use the services.

2. Our Role in Processing Personal Data

Depending on the context, Wishmiq acts as either a Data Controller or a Data Processor.

As a Data Controller, Wishmiq determines the purposes and means of processing personal data in relation to the Wishmiq website visitors, business communications, contractual relationships, billing, and account administration.

As a Data Processor, Wishmiq processes personal data on behalf of its clients strictly in accordance with their documented instructions. This applies to operational data within the ElySuite web platform and mobile applications. Clients remain responsible as Data Controllers for the lawfulness and use of personal data processed within the services.

3. Personal Data We Process

3.1 Information Provided Directly

We may process personal data voluntarily provided to us, including names, business contact details, company information, enquiries, correspondence, and contractual or billing information.

3.2 Information Processed Through SaaS Services

When acting as a Data Processor, Wishmiq may process personal data uploaded, generated, or stored by clients within the ElySuite web and mobile platforms. The content and scope of such data is determined by the client, and Wishmiq does not control or independently use this data.

3.3 Technical and Usage Information

We may automatically collect limited technical information such as IP addresses, browser and device details, operating system information, log files, access records, and usage or performance metrics. This data is used to maintain security, system integrity, and service performance.

4. Platform-Specific Privacy Information

4.1 Wishmiq Website (www.wishmiq.co)

The Wishmiq website is a public-facing informational site that provides details about our products and services.

Data collected:

• Contact form submissions (name, email address, message content)
• Technical data (IP address, browser type, device information, pages visited)
• Cookie data (see Section 7 below)

Purpose:

• Responding to enquiries and business communications
• Analysing website usage to improve user experience
• Maintaining website security and performance

Lawful basis: Legitimate interests (website analytics, security), consent (cookies where applicable), and performance of a contract (responding to enquiries).

4.2 ElySuite Web Platform (elysuite.co)

ElySuite is a B2B hotel and property management platform designed exclusively for authorised business users. User accounts are created and managed by Wishmiq through direct onboarding or by the client organisation. There is no public registration on the platform.

Data collected:

• Authentication data: Full name, email address, Microsoft account identifier, and authentication tokens — collected through Microsoft Sign-In (Microsoft Entra ID / Azure Active Directory), which is used as the enterprise identity provider.
• User profile data: Name, role, contact details, and organisational affiliation as configured by the client.
• Operational data (processed on behalf of client organisations): Reservation and booking information, guest records (names, contact details, stay history), room and property management data, housekeeping and maintenance records, financial and billing information, and staff activity logs.
• Technical data: IP address, browser type, device information, access timestamps, and session data.

Purpose:

• Authenticating authorised users via Microsoft Entra ID
• Providing access to the property management platform and its features
• Processing operational data on behalf of client organisations
• Maintaining security, detecting unauthorised access, and preventing fraud
• Monitoring system performance and resolving issues
• Complying with legal and contractual obligations

Lawful basis: Performance of a contract, legitimate interests (security, service integrity), and compliance with legal obligations. For operational data processed on behalf of clients, the lawful basis is determined by the client as Data Controller.

4.3 ElySuite Mobile App – iOS (Apple App Store)

The ElySuite iOS app is a mobile extension of the ElySuite web platform, providing authorised users with access to hotel and property management features on Apple devices.

The App does not offer public registration. Users cannot create accounts through the App. Access is restricted to authorised users belonging to registered client organisations.

Data collected:

• Authentication data: Full name, email address, Microsoft account identifier, and authentication tokens — collected through Microsoft Sign-In (Microsoft Entra ID / Azure Active Directory).
• Operational data (processed on behalf of client organisations): The same categories of operational data as described in Section 4.2 above, accessed and displayed through the mobile interface.
• Device and diagnostic data: Device type and model, iOS version, App version, IP address, and crash logs/diagnostic data.

Purpose:

• Authenticating authorised users via Microsoft Entra ID
• Providing mobile access to the ElySuite property management platform
• Maintaining security and preventing unauthorised access
• Monitoring App stability and resolving errors
• Complying with legal and contractual obligations

Lawful basis: Performance of a contract, legitimate interests (security, diagnostics), and compliance with legal obligations.

Apple App Store Privacy Label:

In compliance with Apple’s App Store requirements, the following data types may be collected through the App:

No data collected through the iOS App is used for tracking purposes as defined by Apple’s App Tracking Transparency framework.

4.4 ElySuite Mobile App – Android (Google Play Store)

The ElySuite Android app is a mobile extension of the ElySuite web platform, providing authorised users with access to hotel and property management features on Android devices.

The App does not offer public registration. Users cannot create accounts through the App. Access is restricted to authorised users belonging to registered client organisations.

Data collected:

• Authentication data: Full name, email address, Microsoft account identifier, and authentication tokens — collected through Microsoft Sign-In (Microsoft Entra ID / Azure Active Directory).
• Operational data (processed on behalf of client organisations): The same categories of operational data as described in Section 4.2 above, accessed and displayed through the mobile interface.
• Device and diagnostic data: Device type and model, Android version, App version, IP address, and crash logs/diagnostic data.

Purpose:

• Authenticating authorised users via Microsoft Entra ID
• Providing mobile access to the ElySuite property management platform
• Maintaining security and preventing unauthorised access
• Monitoring App stability and resolving errors
• Complying with legal and contractual obligations

Lawful basis: Performance of a contract, legitimate interests (security, diagnostics), and compliance with legal obligations.

Google Play Data Safety:

In compliance with Google Play’s Data Safety requirements, the following data types may be collected through the App:

Data is encrypted in transit. Users may request deletion of their data by contacting their organisation or Wishmiq directly.

5. Third-Party Services

Our platforms integrate with or rely upon the following third-party services:

Data shared with Microsoft through the authentication process is subject to Microsoft’s Privacy Statement (https://privacy.microsoft.com). Data processed by Apple and Google in connection with app distribution is subject to their respective privacy policies.

Wishmiq does not share user data with any third party for advertising, profiling, or marketing purposes.

6. Data Sharing

Personal data processed through our platforms may be shared with:

• The user’s organisation — as the Data Controller of operational data within ElySuite.
• Microsoft — limited to authentication data necessary for sign-in via Microsoft Entra ID.
• Cloud hosting and infrastructure providers — for secure data storage and processing.
• Payment and billing service providers — where applicable for contractual and billing purposes.
• Professional advisers and public authorities — where required by law.

We do not sell, rent, or trade personal data. Data processed within our platforms is not used by Wishmiq for advertising, profiling, or marketing to third parties.

7. Cookies and Similar Technologies

7.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They help websites function correctly and provide information about how the site is used.

7.2 How We Use Cookies

We may use cookies and similar technologies on the Wishmiq website and ElySuite web platform to:

• Enable essential website and platform functionality
• Support security and performance
• Maintain authenticated user sessions
• Analyse website usage to improve user experience

7.3 Managing Cookies

You can manage or disable cookies through your browser settings. Where required by law, cookie consent mechanisms may be implemented. Disabling cookies may affect website and platform functionality.

The ElySuite mobile applications (iOS and Android) do not use browser cookies. Session management on mobile is handled through secure authentication tokens.

8. International Data Transfers

As a technology provider, personal data may be processed in multiple jurisdictions. Where international transfers occur, appropriate safeguards are applied to protect personal data in line with applicable data protection standards, including the use of standard contractual clauses approved by the UK Information Commissioner’s Office where required.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data across all our platforms, including:

• Encrypted data transmission (TLS/HTTPS) across all platforms
• Secure authentication via Microsoft Entra ID with OAuth 2.0 / OpenID Connect
• Role-based access controls within the ElySuite platform and mobile applications
• Regular security assessments and updates
• Secure cloud hosting infrastructure

While we take data security seriously, no system can be guaranteed to be completely secure.

10. Data Retention

• Website enquiry data is retained for as long as reasonably necessary to manage the business relationship and respond to communications.
• Authentication data (tokens and session data) is retained only for the duration of the active session and is cleared upon sign-out.
• Operational data within ElySuite is retained in accordance with the client organisation’s data retention policies. Wishmiq retains this data on behalf of the organisation for as long as required under the service agreement.
• Diagnostic and crash data is retained for a reasonable period to support troubleshooting and service improvement, after which it is deleted.
• Technical and usage data is retained for a reasonable period for security and analytical purposes.

11. Individual Rights

Subject to applicable law, individuals may have the right to:

• Access the personal data we hold about them
• Request correction of inaccurate data
• Request deletion of their data
• Restrict or object to processing
• Withdraw consent (where consent is the basis for processing)
• Request data portability

For requests relating to operational data processed within the ElySuite platform or mobile applications, please contact your organisation directly, as they are the Data Controller for that data.

For requests relating to authentication, technical, or website data, please contact Wishmiq directly using the details in Section 15 below.

12. Children’s Data

Our services and applications are business tools and are not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

13. Third-Party Links and Services

Our website or platforms may integrate with or link to third-party services. We are not responsible for the privacy practices of those third parties. We encourage users to review the privacy policies of any third-party services they interact with.

14. Changes to This Policy

This Privacy & Cookies Policy may be updated from time to time to reflect changes in our practices, platforms, or legal requirements. Any changes will be published on our website with an updated revision date. Where changes are significant, we will make reasonable efforts to notify affected users.

15. Contact Us

For any questions or concerns regarding the processing of your personal data:

Wishmiq Ltd Email: info@wishmiq.co Website: www.wishmiq.co

You also have the right to raise a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk.

Last updated: April 2026