Privacy Policy - Bookalighthouse.com



GENERAL


Thank you for taking a look at our Privacy Policy. We are glad you are concerned about how we handle your information, it is important to us.


By using our services you agree to our privacy policy set out below. The English language is leading, translations are available for your comfort.


Before we start, some important values:

We promise to protect your data as if is our own.

We won’t sell your data for marketing purposes.

We won’t share your personal data with other parties without good reason.


When ‘we’, ‘us’, ‘our’,  or alike is mentioned in the text of this privacy statement, BOOKA RENTALS BV located in AMSTERDAM, the NETHERLANDS is meant. When we mention ‘websites’, the following domains are meant: Bookahouseboat.com, Bookalighthouse.com, Bookatreehouse.com, Bookaglamping.com, Bookafishingcabin.com, Bookarivertrip.com, Bookasailingship.com, Bookaweirdplace.com, Bookarentals.com, Booka.co.



INFORMATION WE STORE


We collect certain types of information:

  1. Personal information

  2. Information required by law (DAC7)

  3. Correspondence information

  4. Use of site information


1. Personal information

We only ask for personal data which we need it for business operational purposes or when required by law. All personal data we process is lawfully obtained and with a legal basis. The purpose for collecting the information is so we can continue and run our day-to-day business. We need personal information to give you the ability to fully use the services we offer, advertising your property (owner) or submitting booking requests / bookings via our platform (traveler). We request several types of personal information:

  1. Required account information (traveler)
    (Such as: Name, Email, Password, Phone, IP adres)

  2. Required account information (owner)
    (Such as: Name, Email, Password, Phone, IP adres, Address, Security question, Date of birth)

  3. Profile information (owner)

  4. Listing information (owner)

In order to be able to use our services you are requested to enter the required information on the sign-up forms of our websites when creating an account. Not required, but recommended info can be provided in the user's account on a voluntary basis, for example to complete the profile or make the account more secure.


Connected application information


FACEBOOK

A user can choose to create an account on our website via the Facebook connect button instead of via email. This can also be used for future log-ins to the website. The information we receive from Facebook is limited to the FB ID, first and last name, email, profile picture. We use the email address to allow communication with you. The profile picture is set as your account's profile picture. Your location is determined by your phone number's country. If no phone number is available to determine the country, the IP location is used. Any applicable VAT rates are defined by the country. The timezone is taken from your browser.


GOOGLE (API) SERVICES

Users may choose to connect their Google (calendar) account to our website in order to synchronize booking dates. We only use the Google Calendar (API) information retrieved from your connected calendar to: show the property's availability, add the dates of a booking made via our platform to the calendar, or remove these dates in case of a cancellation. We do not share information already present in the calendar before it was connected with other platforms. We store the dates (bookings) present in the calendar in our database to show the property's availability to our users. When you disconnect your Google account this data is removed from our database.


2. Information required by law (DAC7)


Please note: we are only required to share the information named in this section of hosts who have residence in, or rent accommodation in, the EU. You can read more about the European DAC7 Tax Legislation in this article.


DAC7 is new European legislation that will enter into force on 1 January 2023 and aims to create more tax transparency in the digital economy. The aim is to combat tax fraud, avoidance and evasion. Online platforms (such as Bookalighthouse.com) are obliged to share tax-related data with the national tax authorities. The Dutch tax authorities then share this information with the tax authorities of the other 26 member states.


The DAC7 legislation can be viewed here: EN / NL / DE / ES / FR


The information we are required to collect and share following this legislation is:


From the landlord (as a natural person):
  • First and last name
  • Main address
  • All TINs (Tax Identification Numbers) assigned to the lessor, and the Member States where they were issued
  • VAT identification number of the lessor, if available
  • Date of birth


Additional info when the landlord rents out as a business (such as sole proprietorship or private company) :
  • Official name
  • Main address
  • All TINs (Tax Identification Numbers) assigned to the lessor, and the Member States where they were issued
  • VAT identification number of the lessor
  • Company registration number (Chamber of Commerce number)


Financial information of the landlord that is shared:
  • Identification code (for example the account number) of the financial account to which the rent is paid or credited
  • If the account number is not in the name of the lessor:
    • The name of the holder of the financial account to which the rent is paid or credited
    • Their main address
    • All TINs (Tax Identification Numbers) assigned to the account holder and the Member States where they were issued
    • VAT identification number of the lessor, if available
    • Date of birth, or the Chamber of Commerce number if it concerns an entity
  • The total consideration paid or credited during each quarter of the reporting period
  • The number of relevant activities (bookings) for which it has been paid or credited
  • All fees, commissions or taxes withheld or levied by Booka Rentals BV during each quarter of the reporting period


If the Reportable Seller (landlord) rents out real estate, the following additional information is also shared:
  • The postal address of each rented accommodation
  • The municipal or national registration number of each accommodation (when applicable)
  • The total amount paid out or credited during each quarter of the reporting period
  • The number of relevant activities (bookings) made for each accommodation
  • The number of rental days for each property during the reporting period
  • The type of accommodation


3. Correspondence information

Correspondence information is information you share with us when opening a support ticket for example. We need a minimum amount of information in order to identify you and/or your booking to be able to help you out and give you an appropriate response. We use Zendesk (www.zendesk.com) to order and maintain these support requests. We are not responsible for how Zendesk handles the information you provide them via the ticket you submit through our contact form or when sending an email to support [a] Bookalighthouse.com.


Other correspondence information we store is that between you and the host / guest. The main reason therefor is to provide you an historic overview of what you have discussed with the other party. We also monitor these messages (automated) to detect possible misuse of the platform and to protect our users, against fraud for example. In no way is correspondence data used for marketing purposes. All sent and receive data can be seen per booking (request) in your account on the “Inbox” page.


4. Use of site information

We store anonymized information on how the site is used for internal statistics and trends. The information we store are ‘search queries’, these often contain: location, dates and number of people travelling. We also use Google Analytics to analyze anonymized information collected when using our websites.




USE OF DATA

How we use your data

Your data is used for the purpose it was entered into our system: either so you can book one of the listed properties or so you can advertise your property / properties successfully on our platforms. 


Other reasons to use your data could be, to be able to communicate with you or help you with any support questions you may have.


We infrequently use your information (name, email) with third parties tools (like mailchimp.com / mailjet.com) for marketing purposes, for sending you our newsletter, system updates or to show you relevant ads on (social) media channels like Facebook for example.


We share necessary information with third parties in order to keep our services and platforms in operation. An example is your email address with mandrillapp.com, which we use to send our transactional emails.


Our website contains links to other parties. We are not responsible for the way in which these parties handle their user’s privacy.


In case our company is sold or merges with another company your data will become available to this new entity. We will notify you hereof.


In case we are legally required to share your data your consent is not requested.


We might share (hashed) data with advertising parties, like Google, to show you ads.



Access / overview of your data

You have the right to view, update and remove the data we store belonging to you. You can do so by logging in to the website and accessing your ‘account’. The information you see on the different pages is almost all the info we store about you. Unless you’ve given us permission to create (certain parts of) your account for you, you have entered and provided the information yourself.


Beside the information that is visible to you from your account we store:

  • The IP address used to make a booking request / booking
  • Your payment method (Example: Visa, iDeal, PayPal)
  • The location from which you make a booking request / booking

Within our company only the people who need access to your data have access to it. This is mainly required to handle support quests you or your guests send us. Or to prevent fraud or other illegal activity. If our 'contact information'-filters are triggered the system alerts us and we can view the related messaging history of the thread which triggered the filter. If the situation requires it, related threads may be examined too.



Payment info

We use Adyen (www.adyen.com) to process the payments. We only store the payment result (paid, failed, pending, refused, ect). And which payment method was used (Example: Visa, iDeal, PayPal). Check Adyen’s privacy policy to see how they handle and store your payment details. Booka Rentals BV does not store any other payment information than just mentioned. To be very clear: we do not store a your credit card information and thus are also not able to update it.



Emails we send

We send account and service related emails when actions you have taken on the website or app require us to do so in order to make our service possible. Examples of emails we send are:

  • Account activation link emails
  • Booking related emails
  • Account related emails
  • Support related emails

We use www.mandrillappp.com and www.mailjet.com to send our transactional email. They store the emails our system sends for 30 days after which they are deleted. Mandrill and Mailjet provide us the ability to see statistics related to the sent emails such as: open rate, delivery rate, bounce rates, and so on. We use an external application such as Mandrill to deliver our emails because email delivery is a profession on its own and not our core business.



Short text messages (SMS)

We use MessageBird (www.messagebird.com) to send you short text messages in a few cases:

  • When a booking request is started but not submitted (traveler)
  • When a booking request is approved by the owner and a payment is required to secure the booking (traveler)
  • When a new (pre-paid) booking request is received (owner)
  • When a (pre-paid) booking request isn’t accepted in 24h, a reminder (owner)

The text messages, containing your first name (at most) and phone number are stored for 6 months on the MessageBird servers. After that period they are deleted. This enables us to check the correct sending of SMS’s every once in a while. Or to check if the messages are delivered. In case they aren’t the phone number provided is often incorrect and needs correction.


Revoke data used

Any user may revoke our access for the following linked application at any time:

  • For Facebook: on the application management tab of your Facebook account.
  • For Google: on the Google token management page or via our calendar management page.



Affiliates

We have the ability to sign up for certain affiliate / referral programs. Each user sign-up is voluntary and is not required to use our rental services. When you sign up for a referral program we create an account for you at Tapfiliate.com with the information you entered and send you the temporary login details of this account. On your first sign in you are required to change your password.

The data you enetred, which we send to Tapfiliate after your approval per confirmation email, is the minimum amount of data needed to create your account and track your conversions. This includes your first & last name and your email address. That is it. Please note that we do not send any data belonging to referred persons to Tapfiliate.com. We only use their information, which you provide us, to notify them of the service you invite them for.



Deletion of your data

You can login to the website to review the information we store from you. If information is not required you can delete it yourself. Although we do not advise you (as owner) to do so as it will remove valuable information for your listing and result in less bookings, you can remove it. If you would like to remove required information you can send us a request to delete your account. All information will be deleted which is not linked to a (future or historic) booking. The information we keep is required for our invoices and financial administration. We are required to keep financial information for our administration for 7 years by law.




PROTECTION OF DATA


How do we protect your data?

We protect your data and our websites (code) in several ways. Our websites use an SSL certificate to ensure a secure connection. We also use www.cloudflare.com to speed up and protect our websites and servers. Cloudflare analyzes our traffic and keeps bad actors out before they reach the websites. With it’s CDN of 150+ data centers worldwide it also helps speed up the delivery of our content in places further away from our server location. We also use a Web Application Firewall (WAF) to protect us from potential harm on the IP level. We can set rules to keep certain actors out of the door. We also monitor our websites’ traffic by using Cloudflare and Google Analytics. Our code is tested and reviewed on a regulatory basis and updated or improved where needed. And finally all passwords are stored hashed and slated. The chosen security question and answer, for the owner profile, are also stored encrypted.


Each time a user connects his Facebook account, logs in via Facebook or connects a gCalendar we receive a special token. This token can be used to retrieve some limited personal data, to create your account or post to your Facebook timeline. We only post to the timeline of users who voluntary choose to apply for a Facebook discount.


As each token can only be used for a very limited amount of time (about 20 minutes usually) we request offline access. This means we get another token which can be used to get a new access token for this user. These access tokens are stored encrypted as they can be used directly to fetch user data. The offline tokens aren't encrypted as they can't be used without our application secret code, which is stored separately on our side.



Where do we store your data?

At the moment we host our websites and its databases in The Netherlands. The databases are, of course, password protected, have brute force detection mechanisms and IP locks to prevent access from non-whitelisted IP addresses. Your password is stored hashed and salted, so in case of an very unlikely breach it won’t be backwards engineerable.




ANALYTICAL DATA


Google Analytics

Booka Rentals uses Google Analytics to analyze our websites and to measure how effective our AdWords campaigns are. This also shows use where our visitors come from and which pages they visited. The information therefore doesn’t contain any personal data and is not traceable to individual users.


To collect the Google Analytics data a piece of JavaScript is placed on the websites which sends information to Google’s servers around the world. Check Google privacy policy to see how they handle your privacy. To not be included in their analytics’ statistics you can opt-out using their browser plugin.



Storage duration

We store your personal information as long as you have an account on our website. When the account is deleted we also delete your personal information as long as it is not needed for invoices of our financial administration. Such information we need to store at least 7 years according to Dutch law.



Changes to this privacy statement

Booka Rentals BV may choose to update this privacy policy directly and without notice, therefore we advise you to review our privacy statement on a regular basis so you will be updated of any changes. For questions you can always contact us at: support@bookarentals.com.



Support