- ‘Host’ refers to our customer, a physical person, who access the website and accepts the Company’s terms and conditions by creating the user account.
- ‘Guest’ refers to the individual, physical person, that will be renting the Host’s property through one of the online rental platforms such as Airbnb, Booking.com, HomeAway.
- ‘You’ and ‘Yours’ refers to Hosts, Guests and visitors of Website collectively. You are the data subjects.
- ‘Website’ refers to our website www.guestready.com, in particular to the home page and the linked pages;
Processing and Protection of Hosts’ Personal Data
We process the personal data of the Hosts that are provided by them to us directly by filling a form on our website, through our chat or a call or by browsing the Website:
- We ask Hosts for information such as a first name, last name, e-mail address, city, country, postcode, mobile phone, bank account nr. We also store our communication with the Hosts.
- First name, last name, email address, city, country, postcode, mobile phone and bank account nr are used for the purpose to administer our services, provide information about the process of accommodating, asking for feedback, solving of the requests of the Hosts and Guests, processing of the payments. The legal basis for this processing is contracted performance. The data according to this paragraph is processed until the service is provided, maximally up to limitation period for the disputes arising from providing of the services.
- E-mail address, name and surname are also processed to inform Hosts about improvements of our services and relating news, which means for direct marketing (our legitimate interest). The data is processed as long as we provide our services, maximally up to ten years.
- We also process the personal data to communicate with Hosts. Carrying out the data according to this paragraph is based on the performance of the contract for smooth providing and improvement of the services. The data according to this paragraph is processed until the service is provided, maximally up to limitation period for the disputes arising from providing of the services where the communication may be used as evidence before the court.
Processing and Protection of Guests’ Personal Data
We also process the data about the Guests, namely:
- A first name, last name, phone number, a copy of ID card
- We get this personal data from Hosts, third party software and online rental platforms. The personal data is processed to arrange an appointment for allowing an accommodation, communication regarding housing and dealing with the requests of the Guests. The legal basis for processing is contracted performance and the data are stored for six months for potential legal dispute arising from accommodation providing.
- A copy of ID card is necessary to get while the accommodation is provided as the most effective way to verify the Guests and keep the information about her or him to comply with other legal obligations regarding to accommodate the people and to protect property of the Host (legitimate and vital interest of the Host). The copy of ID is also necessary to avoid chargebacks. The data in this paragraph is stored for six months. The data is deleted after this period.
Processing based on the consent of data subjects
- We can also process personal data (first name, last name, e-mail address) to inform potential customers about news regarding GuestReady via e-mail.
- Carrying out the data according to this article is based on a freely and explicitly given informed consent granted by the filling an e-mail on the Website or by clicking in the e-mail. The newsletter will be sent and personal data for this purpose is retained for so long as the relevant person remains opted-in to notifications, nevertheless maximally for five years.
- Data subjects always have a right to withdraw consent by unsubscribing from the e-mail campaigns in the footer of every single e-mail.
- The consent is valid also for the processors authorised by us that help us with the e-mailing campaigns.
Automatic data collection through Website
The Common Provisions
- We solely carry out personal data collected directly, consciously and voluntarily from you or third parties if we are in a position of the data processor. You should provide only complete, exact, correct and up-to-date data to us. If you provide personal data about another person, you are liable for lawful handling of the data, and you declare that it does not infringe to the privacy of those third parties.
- The data shall be processed automatically as well as non-automatically. You may not be object to automated-decision making.
- Data relating to bank cards is stored no longer than the time necessary to allow the fulfilment of the transaction and are provided to third parties, providers of such payment services. We do not store card data on our servers.
- We generally retain your personal information for as long as it is necessary for the performance of the contract between you and us and to comply with our legal obligations or as long as the consent is granted. When the personal data that we have collected is no longer required, we will delete it securely. We may process data for statistical purposes, but in such cases, data will be anonymised.
- We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites, products or services.
- We use messaging and communication software which complies with European Union data protection laws thanks to participation in E.U.-U.S. Privacy Shield. The metadata about the communication may be stored (identification, duration of the call).
- We use marketing and sales system which complies with European Union data protection laws thanks to participation in E.U.-U.S. Privacy Shield.
- We also use a third-party website to make the reservation. Your data will be stored by a third-party software that declares that is compliant with General Data Protection Regulation. Moreover, the data is stored on our internal systems and servers as well.
- We use cloud computing service Google Suite maintained by Google LLC, based in California, USA. Google Company implements contractual clauses in their service agreements to reach compliance with European Union data protection laws. The Company does not let the data be stored out of the European Union. The data is not transmitted to the third parties.
- You are aware that we use a cloud computing platform called Heroku, based in California. Heroku implements contractual clauses in its service agreements to reach compliance with European Union data protection laws. The data is not transmitted to the third parties and are physically stored in Ireland.
- We do not provide databases containing your data to a third party and not use your data for purposes other than the one already mentioned.
- We disclose personal data to law enforcement if it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are legally obliged to do so. We may need to disclose personal data to competent authorities further to protect and defend our rights or properties.
- We will ensure that all personal information supplied is held securely following the GDPR. We implemented, and we are updating administrative, technical, and physical security measures to help protect your information against unauthorised access, loss, destruction, or alteration.
- You hereby agree that we can use your photo, first name and second name circumstantially for references on the Website.
- You have the right to confirmation as to whether or not we process your data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your data in 30 days after your request via email@example.com.
- You have the right to have any inaccurate personal data about you rectified.
If you consider that our processing of your personal information infringes the GDPR, you can:
- Contact us and ask for the removal of the unlawful situation via mail: firstname.lastname@example.org.
- Complain to a supervisory authority responsible for data protection (list of data protection authorities is available here.
- To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
- If you no longer want us to use your information, you can request that we erase your personal information. Please, be aware, that this request may prevent us from providing you with the services. You can contact us via mail at email@example.com.
- There are specific general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
Last Updated: June 26, 2018