Flataway Privacy Policy

Effective Date: 15.09.2024

Flataway (hereinafter referred to as "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy outlines how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR).

1. Introduction

This Privacy Policy explains how Flataway collects, processes, and stores personal data when you use our platform. We are committed to ensuring the privacy and protection of all personal data and follow the guidelines set by the GDPR to safeguard your rights.

By using Flataway's services, you agree to the terms of this Privacy Policy.

2. Data Controller Information

Flataway is the data controller responsible for processing your personal data. If you have any questions or concerns about how we handle your data, you can contact our Data Protection Officer (DPO) at:

• Email: privacy@flataway.com

• Mailing Address: 27 Solunska Str., Sofia 1000

• Phone: +359875333000

3. What Data We Collect

We collect various categories of personal data when you use our platform. This data includes:

• Personal Identification Information: Name, email address, phone number, postal address.

• Payment Details: Credit card information and transaction history (processed securely by Stripe).

• Booking Information: Property details, booking dates, guest preferences, and any special requests.

• Communication Records: Messages between guests and PMCs, as well as communications with our customer service team.

• Technical Data: IP addresses, browser type, device identifiers, and cookie data.

• Profile Information: User preferences, saved properties, and feedback or reviews.

We collect this information through account registration, booking transactions, and communications made through the platform.

4. Why We Collect Personal Data

We process personal data for several purposes, including but not limited to:

• Booking and Payment Processing: To facilitate property bookings, process payments, and manage your reservations.

• Communication: To enable you to communicate with PMCs and to send notifications related to bookings and platform updates.

• Compliance with Legal Obligations: To comply with tax reporting obligations, legal disputes, and other regulatory requirements.

• Marketing: To send you marketing communications about new properties, special offers, and platform updates (with an opt-out option available at any time).

• Improvement of Services: To analyze usage data, improve platform functionality, and provide a personalized experience for our users.

5. Legal Basis for Processing Data

We process personal data on the following legal grounds:

• Performance of a Contract: Data is processed to provide our services (e.g., managing bookings, payments, and guest-PMC communications).

• Consent: We process personal data for marketing communications only with your explicit consent, which you can withdraw at any time.

• Legal Obligations: We process personal data to comply with our legal obligations (e.g., tax compliance, legal claims).

• Legitimate Interests: We process data to improve our platform, prevent fraud, ensure security, and provide a seamless user experience.

6. How We Use Personal Data

We use your personal data for the following purposes:

• To process bookings and facilitate communication between guests and PMCs.

• To process payments through third-party services like Stripe.

• To handle disputes, complaints, and issues between guests and PMCs.

• To comply with applicable laws, such as tax reporting and regulatory requirements.

• For marketing purposes, to send promotional emails and offers (with an opt-out option available).

• To improve platform functionality, including analyzing user behavior and preferences.

7. Sharing Personal Data

We only share your personal data with third parties when it is necessary for the operation of our platform or when required by law. The third parties with whom we share data include:

• PMCs (Property Managers): To provide them with necessary guest details for managing bookings (e.g., names, contact details, booking information).

• Payment Processors (e.g., Stripe): To process payments securely. We never store full credit card information on our servers.

• Service Providers: Technical providers who manage our website, databases, or analytics tools.

• Legal Authorities: When required by law or legal processes, we may share data with courts, regulatory bodies, or government authorities.

We do not sell or rent your personal data to third parties for commercial purposes.

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Specifically:

• Account Information: Retained for the duration of your use of the platform.

• Booking Information: Retained for the duration of your booking and as required for tax and legal obligations.

• Payment Data: Retained for processing the transaction and then deleted, except when legally required to retain transaction data.

• Communication Records: Retained as necessary for dispute resolution and platform improvements.

We regularly review our data retention policies to ensure compliance with GDPR.

9. Data Security

Flataway is committed to securing your personal data. We have implemented technical and organizational measures to protect your information, including:

• Encryption: Sensitive data, such as payment details, is encrypted during transmission.

• Access Control: Personal data is accessible only to authorized personnel or service providers who need the data to fulfill their duties.

• Regular Audits: We conduct regular security audits and assessments to identify and address vulnerabilities.

While we take all reasonable measures to protect your data, no system is completely secure. If you suspect any unauthorized use of your personal data, please contact our DPO immediately.

10. User Rights under GDPR

Under the GDPR, you have several rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you.

• Right to Rectification: You can request that we correct any inaccuracies in your personal data.

• Right to Erasure: You can request the deletion of your personal data, subject to certain legal obligations.

• Right to Restrict Processing: You can request that we limit the processing of your personal data under certain circumstances.

• Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format.

• Right to Object: You can object to the processing of your personal data for direct marketing purposes or other legitimate interests.

• Right to Withdraw Consent: You can withdraw consent for processing where consent is the legal basis (e.g., marketing communications).

11. How to Exercise Your Rights

If you wish to exercise any of your rights under GDPR, please contact our DPO at [DPO email]. We will respond to all requests within 30 days, in accordance with GDPR.

12. International Data Transfers

Flataway may transfer personal data outside the European Economic Area (EEA), such as when a guest from the EEA books a property managed by a PMC in a non-EEA country (e.g., the United States). In such cases, we ensure that these transfers are conducted in compliance with GDPR.

To protect your personal data during these transfers, we implement Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring that your data receives an adequate level of protection. If you have questions about international data transfers, please contact our DPO at [DPO email].

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on the Flataway platform. For more detailed information about how we use cookies and how you can manage your preferences, please refer to our separate Cookie Policy.

14. Changes to the Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any significant changes will be communicated to you via email or through the platform. Continued use of the platform after changes have been implemented constitutes your acceptance of the revised Privacy Policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact our Data Protection Officer (DPO) at:

• Email: privacy@flataway.com

• Mailing Address: 27 Solunska Str., Sofia 1000

• Phone: +359875333000