Last updated: 30.08.2023
“Apartment” means the apartment booked by the Client by way of using the Service;
“NAHVL” or “we”, “us”; “our” means Not a Hotel Venture Limited, a company incorporated in Ireland, with the registry code 635034, address Floor 3, Block 3, Miesian Plaza, Dublin 2, D02 Y754, e-mail address firstname.lastname@example.org, including any subsidiaries or other entities which Not a Hotel Venture Limited is in control of, providing the Services. List of NAHVL entities providing the Services is provided in Section 11;
“Client” means any person who is using the Services of NAHVL who has made the Reservation or has concluded an Agreement with NAHVL;
“Data Subject” Natural person who uses NAHVL Services or whose Personal Data is processed by NAHVL;
“Data Processor” or “Processor” natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller; for example, the service providers to NAHVL;
“Extra Service” means the extra services ordered by the Client upon availability in accordance with the Terms and Conditions;
“Service” means the accommodation service and related services provided to the Client by NAHVL;
“OTA” means the online travel agency or other services provider who has listed Apartments through its services and thereby mediates the Services by NAHVL;
“GDPR” defined in the preamble;
“Guest” or “Guests” mean the person or persons being provided with the Service;
“Reservation” means a reservation for Service made by the Client;
“Website” means https://bobw.co/, its subdomains and/or other web pages used by NAHVL;
“Personal Data” any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of such a record as the name, personal identification code, place of location information or network identifier, or on the basis of one or more physical, physiological, genetic, mental, economic, cultural or social identities;
“Processing” any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Terms and Conditions” mean the Terms and Conditions for using NAHVL Services, available at https://bobw.co/terms.
“You” means the same as the “Data Subject”.
2. WHY WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS?
2.1 When you have opted to use NAHVL Services and you are the Client of NAHVL or Guest staying at our Apartment, we need to process your Personal Data to enable the Services to you (data subject).
2.2 We process Personal Data that is submitted to us directly by the Client or automatically obtained by NAHVL about the Client in the course of using our Services.
2.3 If you have ordered the Service through the OTA, we process Personal Data that is submitted to us by the relevant OTA. In such a case, the privacy terms of the OTA selected by you apply in addition.
2.4 If the Reservation for the Apartment is submitted by the Client for a third person being the Guest or co-Guest(s), we process Personal Data about such Guest or co-Guest(s) as submitted to us by the Client.
2.5 When submitting the Personal Data about a third person, the Client undertakes to ensure that he/she/it has the consent (s) of each Guest or other Data Subject to transfer his/her Personal Data to NAHVL.
2.6 We also process Personal Data that is submitted to us when you contact us with a query or question via Website or via any other channel (by sending an e-mail, for example). In such a case we process your Personal Data included in the inquiry to the extent that is necessary to respond to you.
2.7 Personal Data NAHVL processes in the course of providing the Services may include following data about you:
2.7.1 general personal information: first name; last name; citizenship, nationality, sex, date of birth; ID document data;
2.7.2 contact details: e-mail address; address; phone number;
2.7.3 data related to the ordered Service: any data disclose to us as through the use of the Service, including, for example, information related to the ordered Extra Services;
2.7.4 payment data: information concerning the payment for the Services, including the credit card details used;
3. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
3.1 We process Personal Data to provide the Services (please also read NAHVL Terms and Conditions). Legal basis for such data processing is GDPRArticle 6-1-(b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
3.2 In certain situations, we might process your Personal Data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation or applicable tourism legislation. Legal basis for such data processing is GDPR Article 6-1-(c).
3.3 In certain specific situations we might also process your Personal Data where processing your Personal Data is necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment. For example, for the purpose of our legitimate interest we analyse how our Services and Website are used by our Clients so we can provide better service; when processing is necessary in connection with an investigation of suspected or actual fraudulent or other illegal activity or in connection with corporate sale, merger, reorganization, dissolution or similar event.
3.4 In certain specific situations we might also process your Personal Data based on your consent. Legal basis for such data processing is GDPRArticle 6-1-(a). In such a case, you have the right to withdraw from your consent at anytime. For example, based on your consent we may send you marketing content from receiving of which you may unsubscribe at any time.
Additionally, in accordance with the applicable privacy legislation regarding electronic communications, we may also send you direct marketing related to our services without prior consent if you are an existing customer. This applies only if you have not opted out of receiving direct marketing communications. It’s important to note that general customer communications may be sent without requiring consent.
We are committed to respecting your privacy and adhering to the relevant legal requirements for processing your Personal Data.
3.5 Fora more specific overview, please see Section 5 below.
4. HOW LONG IS YOUR PERSONAL DATA RETAINED?
4.1 NAHVL does not retain Personal Data longer than it is necessary for the purposes of processing Personal Data or pursuant to applicable law.
4.2 Personal Data related to contracts can be retained during the term of the contract and based on our legitimate interest pursuant to Article 6 (1)(f) of the GDPR until the end of the statutory limitation periods under applicable law. Accordingly, as a general rule NAHVL retains your Personal Data as long as it is necessary for the provision of the Services during the term of the contract concluded between you and NAHVL and for 3 years after the term of the contract.
4.3 Pursuant to the Accounting Act, we retain accounting documents for7 years.
4.4 Pursuant to Tourism Act, we retain registration data of the accommodation service user, which includes general personal information for2 years.
4.5 For a more specific overview, please see Section 5 below. Technical data collected by the use of the cookies, are retained as indicated in the Section “Cookies”.
5. OVERVIEW OF DATA PROCESSING
Personal data: First name, last name, e-mail address, phone number, address and information concerning the Services and Extra Services ordered. Purpose of processing: Enabling provision of the Services in accordance to Terms and Conditions and our legitimate interest to retain the related information until the end of applicable limitation periods. Legal basis: GDPR Art. 6 (1) (b); GDPR Art. 6 (1) (f). Retention period: 3 years
Personal data: First name, last name, date of birth, citizenship and address; the name, date of birth and citizenship of the co-Guest(s); the period of provision of the accommodation Service; Purpose of processing: Fulfilling our legal obligation arising from tourism laws to register the recipient of accommodation service. Legal basis: GDPR Art. 6 (1) (c). Retention period: 2 years
Personal data: Accounting-related data such as invoices. Purpose of processing: Fulfilling your legal obligation arising from accounting laws to process supporting documents of the transactions. Legal basis: GDPR Art. 6 (1) (c). Retention period: 7 years
Personal data: Name, e-mail address. Purpose of processing: Sending marketing content. Legal basis: GDPR Art. 6 (1) (a). Retention period: Until the withdrawal of the consent. Personal data: Technical data.
Purpose of processing: Our legitimate interest to ensure security, continuity and/or improvement of the Portal Legal basis: GDPR Art. 6 (1) (f).
Retention period: Up to 2 years, please see Section “Cookies” for more specific information. Personal data: Sensor data. Purpose of processing: Our legitimate interest to improve our Services- Legal basis: GDPR Art. 6 (1) (f). Retention period: 5 years
6. WHEN DO WE SHARE YOUR PERSONAL DATA?
6.1 To the extent this is necessary for the provision of our Services, we may share your Personal Data with certain third parties. For example, if you order food delivery as Extra Service in accordance with the Terms and Conditions, we need to process this order for Extra Service and related data and to forward it to such Extra Service provider, to fulfil your order.
6.4 Please note that we might access your Personal Data also when you have booked our Apartment through OTAs. In such a case your Personal Data will also be processed in accordance with the privacy policies adopted by specific OTA selected by you and who shall act as a separate Data Controller of your Personal Data.
7. USE OF SECURITY CAMERAS
7.1 Please be noted that security cameras may be installed in public areas near the Apartment (outdoor areas, lobbies, etc). If the security cameras are installed, this is done by the security undertaking with whom NAHVL may have entered a service agreement.
7.2 The use of security cameras may be necessary in order to ensure security, prevent and process security incidents and ensure the safety of the property and people near the Apartment. The legal basis for the use of security cameras is legitimate interest under article 6(1)(f) of the GDPR.
7.3 Please be noted that security cameras are never installed inside the Apartment or in areas where complete privacy can be presumed.
7.4 When security cameras are used, there shall always be a sign informing of the use of a camera in the security camera’s surveillance area, i.e. a sign depicting a camera and/or the words “VIDEO SURVEILLANCE”. In the absence of a sign, camera are not used.
7.5 NAHVL does not have the general access to the security camera recordings. Security undertaking organising the security near the respective Apartment shall have access to security camera recordings. The sign informing the use of the security cameras shall also include the details of the security undertaking who has installed the security cameras and who is conducting the security.
7.6 Security camera recordings are stored by security undertakings. Security undertaking shall retain security camera recordings in accordance with the applicable law. For more details, you may contact the respective security undertaking.
8. HOW DO WE PROTECT YOUR PERSONAL DATA?
8.1 To protect your Personal Data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.
9.3 We may use the following type of cookies on our Website:
9.3.1 Functional cookies that record information about choices you have made that allow us to tailor our Website to your needs. Functionality cookies remember choices you make.
9.3.2 Statistics cookies, that record information about the way our Website is used, to acquire knowledge on how often our Website is visited, where on our Website our visitors spend the most time, how often they interact with a page or part of a page, this allows us to make the structure, navigation, and content of our Website as user-friendly as possible.
9.3.3 Advertising cookies, to gather information from you on your device to display advertisements to you based on relevant topics that interest you.
9.4 The specific cookies that Portal uses are the following:
Service provider: Google analytics Name of Cookie: _ga Type: Statistics Description: This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. Expiration: 2 years
Service provider: Google AdSense Name of Cookie: _gcl_au Type: Advertising Description: Used by Google AdSense for experimenting with advertisement efficiency across websites using their services Expiration: 3 months
Service provider: Facebook Name of Cookie: _fbp Type: Advertising Description: This cookie is set by Facebook and used to store and track visits across the website for marketing purposes. Expiration: 3 months
Service provider: Google Analytics Name of Cookie: _gid Type: Statistics Description: This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. Expiration: 1day
Service provider: Google Tag Manager Name of Cookie: SubscriberID Type: Advertising Description: Set to help identify ActiveCampaign and/or other e-mail marketing providers 'users' subscriber ID-s. Expiration: 365 days
Service provider: Triptease Name of Cookie: triptease-identity-data Type: Advertising Description: User by Triptease to keep user logged in and track your progress through the booking process Expiration: 5 hours
Service provider: Triptease Name of Cookie: tt-domain-user-id Type: Advertising Description: User by Triptease to keep user logged in and track your progress through the booking process Expiration: 5 year
Service provider: Elfsight Name of Cookie: _p_hfp_client_id Type: Statistics Description: Set by Elfsight to implement social platforms on the website. Expiration: 1 day
Service provider: Facebook Name of Cookie: datr Type: Advertising Description: Set by Facebook to identify the web browser being used to connect to Facebook independent of the logged in user. Expiration: 2 year
Service provider: Facebook Name of Cookie: dpr Type: Statistics Description: Set by Facebook to deliver an optimal experience for user device's screen. Expiration: 7 days
Service provider: Facebook Service provider Name of Cookie: fr Type: Advertising Description: Set by Facebook to deliver, measure and improve the relevancy of ads, with a lifespan of 90 days Expiration: 90 days
Service provider: Facebook Name of Cookie: m_pixel_ratio Type: Statistics Description: Set by Facebook to test the functionality of the site. Expiration: session
Service provider: Facebook Name of Cookie: sb Type: Functionality Description: Set by Facebook to help identify the user browser securely. Expiration: 2 years
Service provider: Elfsight Name of Cookie: session_id Type: Statistics Description: Set by Elfsight to implement social platforms on the website. Expiration: 1 day
Service provider: Triptease Name of Cookie: triptease-session-id Type: Advertising Description: User by Triptease to keep user logged in and track your progress through the booking process Expiration: 1 day
Service provider: Triptease Name of Cookie: triptease-user-id Type: Advertising Description: User by Triptease to keep user logged in and track your progress through the booking process Expiration: 5 years
9.5 You can delete or block the use of the cookies through your browser settings at anytime. However, some cookies might be necessary for the functionality of Website. Therefore, you understand that when blocking or deleting the cookies some features of the Website might not function correctly.
9.6 For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.
10. YOUR RIGHTS
10.1 NAHVL is dedicated to ensuring that all data subject rights arising under applicable law are always guaranteed to you. In particular, any data subject has:
10.1.1 the right to access the Personal Data that NAHVL processes about you;
10.1.2 the right to request that NAHVL rectifies any inaccurate Personal Data about you;
10.1.3 the right to request NAHVL to erase your Personal Data and/or restricts of processing of your Personal Data if we do not have valid legal basis for processing;
10.1.4 the right to receive your processed Personal Data in a structured, commonly used and machine-readable format and have the right to transmit your Personal Data to another Controller;
10.1.5 the right to object to the processing of your Personal Data.
10.2 If you believe that your rights have been infringed, you may contact and lodge a complaint to the supervisory authority applicable for your jurisdiction - you can find your data protection authority on the following website: https://edpb.europa.eu/about-edpb/board/members_en).
11. GOVERNING LAW AND JURISDICTION
Company Name: Not a Hotel Venture Limited
Address: Floor 3, Block 3, Miesian Plaza, Dublin 2, D02 Y754
E-mail address: email@example.com