Effective date 4.05.2021
PERSONAL DATA WE COLLECT AND PROCESS
Contacts (e-mail address, physical address, phone number)
Identification document information (photos, document number, expiry date, issuing state);
Activity log (regarding use of digital room key, extra services and chat);
Additional information provided by the user in connection with the booking;
Personal data exchanged and disclosed in e-mail correspondence with the user or other relevant third parties in the regular course of providing our services;
Personal data otherwise exchanged and disclosed in the regular course of providing our services;
We also collect non-personally identifiable information, such as data regarding the length of website visits, click counts and user behaviour, in order to make the website more convenient and for analytical purposes. We only use secure services, for example Google Analytics. We also compile relevant statistical summaries for business purposes, whereby your personal data is converted into non-personal data and stored on secure media.
2. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
We process the above personal data as a data processor on behalf of our partners in order to enable them to provide you accommodation and supplementary services and to fulfil their legal obligations. The purposes and legal basis for such processing of personal data are determined by our respective partner (data controller).
We may process the above personal data as a data controller (i.e. in addition to processing personal data as a data processor on behalf of our partners) in order to provide our partners information and statistics related to your preferences, activity history and other personal data processed by us and to provide our users with a user account with all of its functionalities (user preferences, booking history etc.) and to send you newsletters, blog updates, promotional, marketing, and other information. Such processing of personal data takes place only upon your prior consent and you can at any time withdraw your consent. Among other things, you can at any time request the deletion of your user account (see under “Your Rights”) and unsubscribe from our mailing lists by clicking the “unsubscribe” button found in the e-mail.
In addition, we may process personal data in order to provide our services under our terms of service, e.g. in order to send e-mails or other notices concerning the services we offer, respond to your comments, questions and requests, and to send you technical notices, updates and administrative messages.
In case you send us e-mails, you acknowledge and agree it is necessary for us to process your personal data (including to retain the contents of such e-mails and queries) in order to reply to your e-mails and queries. In such case, your personal data is processed on the basis of our legitimate interest and in order to ensure a smooth customer support process.
We may also process your personal data to fulfil our lawful obligations, e.g. to ensure the protection of your personal data, retain personal data for any periods necessary to fulfil obligations arising from law, and to fulfil any other obligations arising from applicable legal acts.
We may process your personal data in any cases of contractual or other disputes in order to protect our legitimate interests.
We will always ask for your prior consent for the processing of personal data for purposes other than those set out herein.
3. SECURITY MEASURES
We are not responsible for any misuse of your personal data caused by malware on your own computer or other device.
We have the right to disclose and transfer personal data without your prior consent to data processors acting on behalf of us and under relevant data processing agreements, and to fulfil our obligations under the law. For the protection of our rights, we have the right to disclose the personal information to third parties, including legal counsels, auditors, etc.
5. DELETION AND RETENTION
We retain personal data only for as long as it is necessary for the fulfilment of the purposes described herein, for the protection of our rights or for the fulfilment of our obligations arising from legislation. We limit the processing of your personal data and only process personal data under a strict need basis.
For the period of 2 years, we retain the above personal data in order to fulfil our obligations before our partners as a data processor. After the above period, we retain your personal data on the basis of your consent and until you have withdrawn your consent by requesting the deletion of your personal data or user account or until you have not used your account for at least 2 years. Upon deletion of your user account, your personal data linked to your user account (user-ID, name, e-mail address, user preferences, booking history etc.) will be permanently deleted. In case there has been e-mail correspondence and/or other communication between us, the personal data in such e-mail correspondence and/or other communication between us will be stored up to 3 years in accordance with our archiving rules, and will be permanently deleted thereafter.
6. YOUR RIGHTS
You may at any time request information from us regarding the processing of your personal data. As further prescribed in applicable legislation, you have or may have the right to:
request deletion of your personal data and user account, however, we cannot delete personal data which we process as a data processor, unless we are authorised by the data controller;
request the rectification of your personal data;
request the restriction of processing your personal data;
object to the use of your personal data;
right to receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format, and to transmit this data to another controller.
In case we use your personal data on the grounds of your consent, you may at any time withdraw your consent. This will not affect the legality of any previous processing of your personal data.
We will respond to your requests as soon as possible, taking into account the requirements set forth in the applicable law.
8. QUESTIONS AND COMPLAINTS
If you have any questions or complaints regarding the processing of your personal data, you can contact us HotelBuddy Technology OÜ (Pärnu mnt 105, 11312, Tallinn, Harju county, Republic of Estonia; firstname.lastname@example.org or the Estonian Data Protection Inspectorate (email@example.com; +372 627 4135).