Not A Hotel Logo

Privacy & Cookie use policy

Last updated: 30.08.2023

This Privacy Policy describes the privacy principles and practices adopted by NAHVL and shall apply to all relationships between NAHVL and the Client and the Guests related to the use of the Service and Website. Unless defined in this Privacy Policy, the terms used in Privacy Policy are used in the meaning given to them in NAHVL Terms and Conditions for NAHVL Services, available at https://bobw.co/terms and/or in the meaning given to them in Article 4 of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”).

Please read this Privacy Policy document carefully. As NAHVL is dedicated to protecting the privacy and personal data of our Clients and Guests, please do not hesitate to contact us, if you have any questions about how we process your Personal Data or if you wish to submit an application for exercising your rights related to processing your Personal Data.

1. DEFINITIONS

“Apartment” means the apartment booked by the Client by way of using the Service;

“NAHVL” or “we”, “us”; “our” means Not a Hotel Venture Limited, a company incorporated in Ireland, with the registry code 635034, address Floor 3, Block 3, Miesian Plaza, Dublin 2, D02 Y754, e-mail address hello@bobw.co, including any subsidiaries or other entities which Not a Hotel Venture Limited is in control of, providing the Services. List of NAHVL entities providing the Services is provided in  Section 11;

“Client” means any person who is using the Services of NAHVL who has made the Reservation or has concluded an Agreement with NAHVL;

“Cookie Policy” means the cookie policy in Section  8;

“Data Subject” Natural person who uses NAHVL Services or whose Personal Data is processed by NAHVL;

“Data Controller” or “Controller” natural or legal person, public authority, agency or other body which, alone or jointly with others,  determines the purposes and means of the processing of Personal Data. For the purposes of this Privacy Policy, NAHVL entity providing the Service in a specific jurisdiction is the data controller of its Clients' Personal Data.

“Data Processor” or “Processor” natural or legal person, public  authority, agency or other body which processes Personal Data on behalf of  the controller; for example, the service providers to NAHVL;

“Extra Service” means the extra services ordered  by the Client upon availability in accordance with the Terms and Conditions;

“Service” means the accommodation service  and related services provided to the Client by NAHVL;

“OTA” means the online travel agency or other  services provider who has listed Apartments through its services and thereby  mediates the Services by NAHVL;

“GDPR” defined in the preamble;

“Guest” or “Guests” mean the person or persons being  provided with the Service;

“Reservation” means a reservation for Service made by the Client;

“Website” means https://bobw.co/, its subdomains and/or other web pages used by NAHVL;

“Personal Data” any information relating to an  identified or identifiable natural person (data subject); an identifiable  natural person is one who can be identified, directly or indirectly, in  particular on the basis of such a record as the name, personal identification  code, place of location information or network identifier, or on the basis of  one or more physical, physiological, genetic, mental, economic, cultural or  social identities;

“Processing” any operation or set of operations  which is performed on Personal Data or on sets of Personal Data, whether or  not by automated means, such as collection, recording, organisation,  structuring, storage, adaptation or alteration, retrieval, consultation, use,  disclosure by transmission, dissemination or otherwise making available,  alignment or combination, restriction, erasure or destruction;

“Terms and Conditions” mean the Terms and Conditions for using NAHVL Services, available at https://bobw.co/terms.

“You” means the same as the “Data Subject”.

2. WHY WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS?

2.1          When you have opted to use NAHVL Services and you are the Client of NAHVL or Guest staying at our Apartment, we need to process your Personal Data to enable the Services to you (data subject).

2.2          We process Personal Data that is submitted to us directly by the Client or automatically obtained by NAHVL about the Client in the course of using our Services.

2.3          If you have ordered the Service through the OTA, we process Personal Data that is submitted to us by the relevant OTA. In such a case, the privacy terms of the OTA selected by you apply in addition.

2.4          If the Reservation for the Apartment is submitted by the Client for a third person being the Guest or co-Guest(s), we process Personal Data about such Guest or co-Guest(s) as submitted to us by the Client.

2.5          When submitting the Personal Data about a third person, the Client undertakes to ensure that he/she/it has the consent (s) of each Guest or other Data Subject to transfer his/her Personal Data to NAHVL.

2.6          We also process Personal Data that is submitted to us when you contact us with a query or question via Website or via any other channel (by sending an e-mail, for example). In such a case we process your Personal Data included in the inquiry to the extent that is necessary to respond to you.

2.7          Personal Data NAHVL processes in the course of providing the Services may include following data about you:

2.7.1   general personal information: first name; last name; citizenship, nationality, sex, date of birth; ID document data;

2.7.2   contact details: e-mail address; address; phone number;

2.7.3   data related to the ordered Service: any data disclose to us as through the use of the Service, including, for example, information related to the ordered Extra Services;

2.7.4   payment data: information concerning the payment for the Services, including the credit card details used;

2.7.5   technical data: to ensure smooth provision of the Services, we may process technical data, which may include your device’s Internet Protocol address (IP address), browser information, information about your device’s operating system, settings, language, date of device and other necessary information which may also be acquired through the use of cookies on our Website;

2.7.6   sensor data: NAHVL Apartments may be installed with certain sensors that process information in the Apartment, such as the temperature, noise level, motions (to automatically switch on/off electricity), humidity, air quality level, etc. Such sensors do not collect personally identifiable information and never record audio, photographs or videos. Please note that as the sensor data cannot usually be linked to any specific natural person, the sensor data is not generally considered as personal data. However, in order to be transparent in all data processing, we have also described in this Privacy Policy the use of sensors.

3. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?

3.1          We process Personal Data to provide the Services (please also read NAHVL Terms and Conditions). Legal basis for such data processing is GDPR Article 6-1-(b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

3.2          In certain situations, we might process your Personal Data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation or applicable tourism legislation. Legal basis for such data processing is GDPR Article 6-1-(c).

3.3          In certain specific situations we might also process your Personal Data where processing your Personal Data is necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment. For example, for the purpose of our legitimate interest we analyse how our Services and Website are used by our Clients so we can provide better service; when processing is necessary in connection with an investigation of suspected or actual fraudulent or other illegal activity or in connection with corporate sale, merger, reorganization, dissolution or similar event.

3.4          In certain specific situations we might also process your Personal Data based on your consent. Legal basis for such data processing is GDPR Article 6-1-(a). In such a case, you have the right to withdraw from your consent at anytime. For example, based on your consent we may send you marketing content from receiving of which you may unsubscribe at any time.

3.5 For a more specific overview, please see Section 5 below.

4. HOW LONG IS YOUR PERSONAL DATA RETAINED?  

4.1          NAHVL does not retain Personal Data longer than it is necessary for the purposes of processing Personal Data or pursuant to applicable law.

4.2          Personal Data related to contracts can be retained during the term of the contract and based on our legitimate interest pursuant to Article 6 (1)(f) of the GDPR until the end of the statutory limitation periods under applicable law. Accordingly, as a general rule NAHVL retains your Personal Data as long as it is necessary for the provision of the Services during the term of the contract concluded between you and NAHVL and for 3 years after the term of the contract.

4.3          Pursuant to the Accounting Act, we retain accounting documents for7 years.

4.4          Pursuant to Tourism Act, we retain registration data of the accommodation service user, which includes general personal information for2 years.

4.5          For a more specific overview, please see Section 5 below. Technical data collected by the use of the cookies, are retained as indicated in the Section “Cookies”.

5. OVERVIEW OF DATA PROCESSING

Personal data: First name, last name, e-mail address, phone number, address and information concerning the Services and  Extra Services ordered. Purpose of processing: Enabling provision of the  Services in accordance to Terms and Conditions and our legitimate interest to retain the related information until the end of applicable limitation periods. Legal basis: GDPR Art. 6 (1) (b); GDPR Art. 6 (1) (f). Retention period: 3 years

Personal data: First name, last name, date of birth, citizenship and address;  the name, date of birth and citizenship of the co-Guest(s); the period of provision of the accommodation Service; Purpose of processing: Fulfilling our legal obligation arising from tourism laws to register the recipient of accommodation service. Legal basis: GDPR Art. 6 (1) (c). Retention period: 2 years

Personal data: Accounting-related data such as invoices. Purpose of processing: Fulfilling your legal obligation arising from accounting laws to process supporting documents of the transactions. Legal basis: GDPR Art. 6 (1) (c). Retention period: 7 years

Personal data: Name, e-mail address. Purpose of processing: Sending marketing content. Legal basis: GDPR Art. 6 (1) (a). Retention period: Until the withdrawal of the consent. Personal data: Technical data.

Purpose of processing: Our legitimate interest to ensure security, continuity and/or improvement of the Portal Legal basis: GDPR Art. 6 (1) (f).

‍Retention period: Up to 2 years, please see Section  “Cookies” for more specific information. Personal data: Sensor data. Purpose of processing: Our legitimate interest to improve our Services- Legal basis: GDPR Art. 6 (1) (f). Retention period: 5 years

6. WHEN DO WE SHARE YOUR PERSONAL DATA?

6.1          To the extent this is necessary for the provision of our Services, we may share your Personal Data with certain third parties. For example, if you order food delivery as Extra Service in accordance with the Terms and Conditions, we need to process this order for Extra Service and related data and to forward it to such Extra Service provider, to fulfil your order.

6.2          We may also share your Personal Data with third party suppliers providing services to us, e.g. IT suppliers or other service providers. We do our best to select only the most trust-worthy service providers and to select service providers that provide a level of data protection in accordance with the conditions described in this Privacy Policy and on the level as required by the GDPR.

6.3          We retain your Personal Data in Google Cloud Platform located in Germany.  However, NAHVL may transfer Client Personal Data to third countries, i.e. countries outside the EU/EEA area, for the purposes explained in this Privacy Policy. When transferring Client’s Personal Data to third countries, NAHVL will ensure that the transfer is subject to appropriate safeguards under the GDPR and that Client’s rights are protected, such as the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses). Clients may request a copy of the safeguards we have put in place with respect to the transfer of Personal Data by contacting NAHVL via contact details below.

6.4          Please note that we might access your Personal Data also when you have booked our Apartment through OTAs. In such a case your Personal Data will also be processed in accordance with the privacy policies adopted by specific OTA selected by you and who shall act as a separate Data Controller of your Personal Data.

7. USE OF SECURITY CAMERAS

7.1          Please be noted that security cameras may be installed in public areas near the Apartment (outdoor areas, lobbies, etc). If the security cameras are installed, this is done by the security undertaking with whom NAHVL may have entered a service agreement.

7.2          The use of security cameras may be necessary in order to ensure security, prevent and process security incidents and ensure the safety of the property and people near the Apartment. The legal basis for the use of security cameras is legitimate interest under article 6(1)(f) of the GDPR.

7.3          Please be noted that security cameras are never installed inside the Apartment or in areas where complete privacy can be presumed.

7.4          When security cameras are used, there shall always be a sign informing of the use of a camera in the security camera’s surveillance area, i.e. a sign depicting a camera and/or the words “VIDEO SURVEILLANCE”. In the absence of a sign, camera are not used.

7.5          NAHVL does not have the general access to the security camera recordings. Security undertaking organising the security near the respective Apartment shall have access to security camera recordings. The sign informing the use of the security cameras shall also include the details of the security undertaking who has installed the security cameras and who is conducting the security.

7.6          Security camera recordings are stored by security undertakings. Security undertaking shall retain security camera recordings in accordance with the applicable law. For more details, you may contact the respective security undertaking.

8. HOW DO WE PROTECT YOUR PERSONAL DATA?

8.1          To protect your Personal Data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.

9. COOKIES

9.1          Our Website uses cookies. This section incorporates Cookie Policy that applies when you use the Website.

9.2          Cookies are small data files stored on your hard drive by a website. Cookies help us monitor and improve the functionality and usage of our Website and your experience on Website. We can use cookies to see which areas and features are popular and to count visits to our Website to recognise you as a returning visitor and to tailor your experience of the Website according to your preferences. We may also use cookies for targeting or advertising purposes.

9.3          We may use the following type of cookies on our Website:

9.3.1   Functional cookies that record information about choices you have made that allow us to tailor our Website to your needs. Functionality cookies remember choices you make.

9.3.2   Statistics cookies, that record information about the way our Website is used, to acquire knowledge on how often our Website is visited, where on our Website our visitors spend the most time, how often they interact with a page or part of a page, this allows us to make the structure, navigation, and content of our Website as user-friendly as possible.

9.3.3   Advertising cookies, to gather information from you on your device to display advertisements to you based on relevant topics that interest you.

9.4 The specific cookies that Portal uses are the following:  

Service provider: Google analytics Name of Cookie: _ga Type: Statistics Description: This cookie is installed by Google  Analytics. The cookie is used to calculate visitor, session, campaign data  and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. Expiration: 2 years

Service  provider: Google AdSense Name of Cookie: _gcl_au Type: Advertising Description: Used by Google AdSense for experimenting with advertisement efficiency  across websites using their services Expiration: 3 months

Service provider: Facebook Name of Cookie: _fbp Type: Advertising Description: This cookie is set by Facebook and used to store and track visits across the website for marketing purposes. Expiration: 3 months

Service provider: Google Analytics Name of Cookie: _gid Type: Statistics Description: This cookie is installed by Google  Analytics. The cookie is used to store information of how visitors use a  website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. Expiration: 1day

Service provider: Google Tag Manager Name of Cookie: SubscriberID Type: Advertising Description: Set to help identify ActiveCampaign and/or other e-mail marketing providers 'users' subscriber ID-s. Expiration: 365 days

Service  provider: Triptease Name of Cookie: triptease-identity-data Type: Advertising Description: User by Triptease to keep user logged in and track your progress  through the booking process Expiration: 5 hours

Service  provider: Triptease Name of Cookie: tt-domain-user-id Type: Advertising Description: User by Triptease to keep user logged in and track your progress  through the booking process Expiration: 5 year

Service provider: Elfsight Name of Cookie: _p_hfp_client_id Type: Statistics Description: Set by Elfsight to implement social platforms on the website. Expiration: 1 day

Service provider: Facebook Name of Cookie: datr Type: Advertising Description: Set by Facebook to identify the web browser being used to connect to  Facebook independent of the logged in user. Expiration: 2 year

Service provider: Facebook Name of Cookie: dpr Type: Statistics Description: Set by Facebook to deliver an optimal experience for user device's screen. Expiration: 7 days

Service  provider: Facebook Service  provider Name of Cookie: fr Type: Advertising Description: Set by Facebook to deliver, measure and improve the relevancy of ads,  with a lifespan of 90 days Expiration: 90 days

Service provider: Facebook Name of Cookie: m_pixel_ratio Type: Statistics Description: Set by Facebook to test the functionality of the site. Expiration: session

Service provider: Facebook Name of Cookie: sb Type: Functionality Description: Set by Facebook to help identify the user browser securely. Expiration: 2 years

Service provider: Elfsight Name  of Cookie: session_id Type: Statistics Description: Set by Elfsight to implement social platforms on the website. Expiration: 1 day‍

Service  provider: Triptease Name of Cookie: triptease-session-id Type: Advertising Description: User by Triptease to keep user logged in and track your progress  through the booking process Expiration: 1 day

Service  provider: Triptease Name of Cookie: triptease-user-id Type: Advertising Description: User by Triptease to keep user logged in and track your progress  through the booking process Expiration: 5 years

9.5          You can delete or block the use of the cookies through your browser settings at anytime. However, some cookies might be necessary for the functionality of Website. Therefore, you understand that when blocking or deleting the cookies some features of the Website might not function correctly.  

9.6          For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.

9.7          In case you have any question concerning the use of cookies, you may contact us via contact details provided below.

10. YOUR RIGHTS

10.1       NAHVL is dedicated to ensuring that all data subject rights arising under applicable law are always guaranteed to you. In particular, any data subject has:

10.1.1 the right to access the Personal Data that NAHVL processes about you;

10.1.2 the right to request that NAHVL rectifies any inaccurate Personal Data about you;

10.1.3 the right to request NAHVL to erase your Personal Data and/or restricts of processing of your Personal Data if we do not have valid legal basis for processing;

10.1.4 the right to receive your processed Personal Data in a structured, commonly used and machine-readable format and have the right to transmit your Personal Data to another Controller;

10.1.5 the right to object to the processing of your Personal Data.

10.2       If you believe that your rights have been infringed, you may contact and lodge a complaint to the supervisory authority applicable for your jurisdiction - you can find your data protection authority on the following website: https://edpb.europa.eu/about-edpb/board/members_en).

11. GOVERNING LAW AND JURISDICTION

11.1       This Privacy Policy shall be governed by the laws of the Ireland. Any disputes arising from these Privacy Policy shall be settled in the Dublin, Ireland, unless you have a right to turn to the court of your residence pursuant to statutory law.

12. CONTACTS

12.1       If you have any questions about this Privacy Policy or Cookie Policy or if you have any concerns about how we use your personal or if you want to exercise your rights as described above, you may contact us via e-mail or in writing using the following contact information:

Company Name: Not a Hotel Venture Limited
Address: Floor 3, Block 3, Miesian Plaza, Dublin 2, D02 Y754
E-mail address: hello@bobw.co