Personal Data Protection

Last updated: March 2024

Introduction

RateBeds, as the data controller, takes the utmost care to ensure the security of your personal data and to process it in accordance with the General Data Protection Regulation ("GDPR") and other relevant legislation. This Personal Data Protection Policy ("Policy") explains how we collect, use, disclose, and protect your personal data when you use our services.

Data Controller

RateBeds, as the data controller, is responsible for determining the purposes and means of processing your personal data. We process your personal data in accordance with the principles set forth in Article 5 of the GDPR:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Personal Data We Process

We process the following categories of personal data:

  • Identity information (name, surname, date of birth, etc.)
  • Contact information (e-mail address, phone number, address)
  • Customer information (customer number, order history, preferences)
  • Transaction information (payment details, booking information)
  • Technical information (IP address, browser type, device information)
  • Usage data (website visit history, interaction with our services)

Purposes of Processing Personal Data

We process your personal data for the following purposes:

  • Providing and improving our services
  • Processing your bookings and payments
  • Communicating with you about our services
  • Ensuring the security of our systems
  • Complying with legal obligations
  • Analyzing and improving our services
  • Marketing and promotional activities (with your consent)

Transfer of Personal Data

We may transfer your personal data to:

  • Service providers who assist in our operations
  • Business partners with whom we collaborate
  • Legal authorities when required by law
  • Third parties with your explicit consent

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Regular backup procedures

Contact Us

If you have any questions about this Policy or wish to exercise your rights under GDPR, please contact us at:

Email: [email protected]