Privacy Policy

Neoma's Privacy Policy

Last Updated: October 15, 2023

Neoma Ltd (“Neoma” or “Company”) through the portal and its Gaia mobile application collects some Personal Data from its Users.

This privacy policy is in line with the Data Protection Regulation 679/2016/EU (“GDPR”) and governs your use of the Neoma Ltd Portal (the “Portal”) and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processes and used by us.

Protection of your personal data is very important to us. Please devote some time to read our Privacy Policy and understand the way Neoma, either as a Data Collector or as a Data Processor, collects, stores, uses and in general processes personal information that is collected through our website, our sales activities in general, when entering into and executing agreements with/for us and/or during the use of our products, solutions and services.

Data Processor

Neoma Ltd

Unit 510, 5W Enterprise Place,

Hong Kong Science Park,

Sha Tin, Hong Kong

Phone: +852 3970 5670

Email: /

Few words about Neoma.

Neoma is a technology company specialised in creating world-class experiences in premium and luxury spaces. We measure how people use spaces and empower staff to manage their customers effectively and recognise them automatically.

Due to its international activities, Neoma has to comply with several international laws and regulations, GDPR of European Union among others.

What is personal data?

The term “personal data” refers to information about physical persons, such as name, postal address, email address, biometric information, phone number etc that are/can be used to identify a single person.

Personal data processing.

Any act or series of acts, performed with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organisation, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting

Which personal data do we collect and why?

GDPR acknowledges two company roles in personal data processing: Data Collector, which initiates processing and assumes responsibility, and Data Processor, which processes personal data only under a specifically defined order of a Data Collector.

Neoma, as a technology company in the area of customer management and recognition, assumes both roles, in accordance with the source and the reason of personal data processing. In any case, Neoma processes only the absolutely necessary information per case, as follows:

Marketing and sales activities:  

Neoma, as a Data Collector, may process personal information (contact information and any more information you may supply). The information is stored on the company' s systems and is protected by an AES-256 encryption framework (bank grade), in compliance with our information security policy as per our ISO 27001 certification.

Legal and tax obligations:  

Neoma, as a Data Collector, processes all the information demanded by Authorities. The information is stored on company‘s systems and is protected by an AES-256 encryption framework (bank grade), in compliance with our information security policy as per our ISO 27001 certification.

Gaia app and platform:  

Data Privacy is implemented by design. Neoma, as a Data Processor, does not process any personal data entered by the users or face data on our platform. All information is either stored locally on our customer’s/staff’s/FR devices or, in case of our cloud solution, is encrypted by the application and is not available to Neoma. Furthermore, with the use of our “geofencing spot” technology, even our customer’s devices stop having access to personal data if they are moved further of a specific distance from our customer’s premises.

Gaia app collects both FINE_LOCATION and COARSE_LOCATION data from users. This information is utilized to provide location-based services and enhance user experience. By using Gaia app, you consent to the collection and processing of your location data. We do not share this data with third parties for marketing purposes. Your location data is securely stored and used solely for the intended purposes. You have the right to access, correct, or delete your location data. If you have any questions or concerns about our privacy practices, please contact us at

Website visitors:  

We do not collect other than the essential cookies that are related to the site's security and performance.

How long do we keep the personal data or face data?

We maintain your personal/face data for as long needed for the fulfilment of the purpose associated with its collection, unless if an extension is needed due to legal or any other company obligations. e.g. For guest stay in a hotel, data is deleted after checkout or for any event, data is deleted after event is over.

Is your personal data safe with us?

Any kind of access/process to your personal data is allowed only to persons authorized by us, either our employees or our subcontractors and only regarding the above-mentioned purposes. It is not shared to any un-mentioned third party.

We have taken the necessary and appropriate organisational and technical measures for the security and protection of your data from any form of accidental or unlawful processing both at the physical level and at the level of logical security (indicative procedures of physical security, graded data access, protection of computer systems, software). We are using AES-256 encryption framework (bank grade) and we have an information security policy in place, as per company's ISO 27001 certification
These measures are reviewed and amended when deemed necessary.

Which are your rights?

You have the following rights:

How can you exercise your rights?

You can exercise your rights by sending an email to or via the company contact information, as presented in our website.

When do we answer to your requests?

We answer to your requests without delays and, in any case, within 30 days from the submission of your request. If your request is too complicated, we will inform you within 30 days that we may need an extension of up to 60 more days the most.

How will you be notified of any changes to this policy?

We update this policy whenever necessary. If there are significant changes to the policy or the way we use your personal data, we will post an update to this policy on our website before the changes take effect and we will notify you as soon as possible. We encourage you to periodically read this policy to know how your data is protected.