The purpose of this policy statement is to inform you of the policies that have been put in place to protect your privacy interests: to inform you of the types of information we collect, how we collect it, why we collect it, who we share it with, the legal basis for collecting it and your rights. We promise to keep your personal data safe and private, not to sell your personal data, and to give you a simple way to understand how and why we use your data and how you can contact us to amend, access or request that your data be deleted.
B. WHO WE ARE
House Parties, its website and management are operated by House Parties Limited, a private limited company registered in England and Wales. Our company registration number is 02601372. Our registered office is 2 Suffolk Court, Suffolk Place, Cheltenham, Gloucestershire GL50 2QG. We are registered with the Information Commissioner’s Office as a Data Controller under ICO Number Z1208726. For more information on the ICO visit their website at www.ico.org
D. THIS POLICY AND THE GDPR
GDPR stands for the General Data Protection Regulation, a European privacy law approved by the European Commission which came into force on 25 May 2018.
GDPR Regulations have replaced previous data protection legislation regulations across Europe. House Parties is registered with the Information Commissioner Office (ICO) and compliant with GDPR Regulations 2018. The GDPR is an attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and eliminate personal data. It applies to any organisation processing personal data of EU citizens. The UK is due to exit the EU under Brexit in 2020/2021; however, the UK will continue to comply with these regulations to cover the transfer period and to uphold the extraterritorial reach of GDPR afterwards, in order to do business within the EU.
E. INFORMATION WE COLLECT
We will only collect, record, process and store data which we legitimately need, to ensure we provide the best possible service to our web visitors, users, property owners, customers and service providers.
There are three categories of information we collect:
1. Essential information you give to us.
(a) Information necessary for use of the website required for the performance of our contract with you:
i) Account information – registration details such as first name, last name and email address. ii) Listing information (if you are an Owner) – such as your address, phone number, your property address and geo-location. iii) Payment Information – Payments are processed using our account Third Party Processors (TPPs) on their secure platforms and will include the method, date and time, amount, card expiry date, billing postcode, your address and other related information. Payment information is processed securely by us and/or our TPPs who are audited and certified as PCI (Payment Card Industry) Service Provider Members. iv) Communications – if you contact us or make use of any messaging service between us and third parties (eg. Property Owners) we may collect the information you choose to provide in that communication.
(b) Non-essential information you choose to give us. You can choose to give us additional information that is not essential for use of the site but will enhance your experience and help us provide a better service to you: i) Examples of this are usernames such via Facebook, Instagram and Twitter and other platforms and website.
ii) Review information – If you submit a review on the House Parties website, we will collect this information and any personal data you may include in the review and this may be publicly available on the website.
iii) Other information – If you fill out any form on our website or a third-party site, we may direct you to such as SurveyMonkey, you are choosing to give us this information.
2. Information we automatically collect from your use of our website.
We may collect personal data that other site users may submit to us when they use the website and communicate with us, or we may obtain information from other third parties as detailed below. We have no control how these third parties may themselves control or process this information and any information request relating to the data they might provide to us must be directed to that third party. (a) Third parties – if you login or connect to us using Facebook, they may send us information such as your registration and profile information. This information is controlled by Facebook and you authorise its processing by us when you connect using their service and via the privacy settings in your Facebook account. (b) Property Reviews on third-party sites – (this applies to those writing reviews as well as property owners). An online review about a property on a third party site may contain some personal information. If someone has written a review about your property on a third party site, or you have written a review on a website that also lists a property listed on our website, it may contain your personal data as you have agreed with that third party website. House Parties has no control over the data on such third party sites, and you must contact the third party website owner for any changes or deletions.
F. HOW WE USE THIS INFORMATION
G. THIRD-PARTY LINKS
H. WHO WE MAY SHARE YOUR DATA WITH
1. Other Site Users.
(a) Making an Enquiry- If you interact with the site to make a booking enquiry directly with us or with a property owner or agent, we may need to share with that owner/agent any information you need to provide such as your name, your email address, dates of your proposed stay, how many people are in your group. This is necessary for the adequate performance of our contract with you or your contract with the property owner. (b) Leaving a review – If you choose to leave a review on our website for a property you have stayed at, we may publish this information on the site and it will be visible to all site users and the general public. We will publish your “public name” which is your name as provided to us on registration or a pseudonym if you choose to change it (your “public name”). We will also publish the star rating and any other information you choose to provide. By leaving a review you acknowledge and agree that this information is provided and may be published with you consent. (c) Uploading Property Information – If you are a property owner or agent, your use of the site is governed by House Parties Owner Terms, to which you must agree in order to use our service to promote your property. Any information you choose to provide to be uploaded to the Owners Area may include your personal data and may be provided to the Web Users and the general public as displayed on your property listing with your consent. You always have the opportunity to review the listing and can request changes by contacting House Parties directly. (d) Responding to an Enquiry – If you are a property owner or agent, if you respond to an enquiry from a web user via our website, any information you submit (including personal data you choose to submit) will be provided to the enquirer and will be stored on our platform for review by that web user at any time. This information is provided by you with your consent. 2. Our Employees and Contractors.
I. TRANSFERS TO THIRD PARTY PROCESSORS (TPPs) OUTSIDE THE EU
Examples of TPPs we use hosted outside the EU include (but are not limited to) website hosting companies, Mailchimp and SaaS (software as a service) (eg. Stripe).
www.privacyshield.gov The EU-US Privacy Shield is a framework that protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes. Our TPPs are certified and comply with the EU-US-Swiss Privacy Shield Framework. Where appropriate we agree Data Processing Addendums with TPPs to be confident that any data from the EEA that is being transferred outside of the EEA will be subject to the same high levels of security, privacy control, and data protection that it would receive in the EU. J. YOUR RIGHTS The GDPR provides the following rights for individuals: 1. Right to be informed.
2. Right to rectification.
You have the right to ask us to have inaccurate personal data rectified, or completed if it is incomplete, where you cannot do this yourself.
3. Right to erasure.
You have a right to have your personal data erased. This is also known as the “right to be forgotten”. You can ask us to delete your data by emailing us at
firstname.lastname@example.org. We may ask for proof of identity and will respond to a request for erasure within one month.
4. Right to restrict processing.
In certain circumstances, you have a right to restrict the way we may process your personal data, as an alternative to erasing it, if you have a particular reason for wanting it restricted
5. Right to data portability.
Your right to data portability entitles you to obtain personal data you have provided to us – in a commonly used, structured format – and request that we send it to another service provider if technically possible.
6. Right to object or withdraw consent.
You have the right to object to our processing of your personal data where the use is based on our legitimate interests (including profiling), or where it is used for direct marketing. You may at any time ask us to stop the processing of your information for direct marketing purposes, by emailing us at email@example.com or by changing the email preference settings in your account/s.
K. HOW LONG WE MAY KEEP YOUR DATA
We generally retain your information for as long as your account is active or as long as necessary to provide you with our service and/or to meet legal and regulatory requirements. This varies according to the type of relationship we have with you. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements. Where data are no longer required, we will ensure that they are disposed of in a secure manner.
L. SENSITIVE DATA
We will not normally seek data on your racial or ethnic origins, sexual orientation, gender or political opinions, disability, religious or other beliefs, trade union membership, physical or mental health, disability, sex life or criminal convictions. When we do collect sensitive data, it will be limited to data which are required to be kept by law: needed for legal proceedings or to establish, exercise or defend legal rights (including protection against fraud), and/or clearly and strictly necessary to fulfil a contract between you and us or between you and a third party who requires this information.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.