Effective date: 11 January 2021
DATA CONTROLLER AND ITS CONTACT DETAILS:
The Website is owned and operated by Hospitality B.V. located at Westplein 12, 3016BM Rotterdam, the Netherlands with the Chamber of Commerce registration number 81363257 (“we”, “us”, and “our”). We act as a data controller with regard to the personal data collected through the Website and the related electronic communications and connectivity services in the field of hospitality. You can contact us by using the following contact details:
Contact form: https://candra-hospitality.com/contact-us/
Address: Hospitality B.V., Westplein 12, 3016BM Rotterdam, the Netherlands
Phone number: +31 85 303 15 86
In most instances, we act as a data controller with regard to your personal data. If, within the scope of the services provided by us, we act as a data processor, we conclude a data processing agreement with our clients that ensures that your personal data is processed in accordance with the strictest data protection standards. To receive a copy of our data processing agreement for conclusion, please contact us by using the details mentioned above.
https://www.candra-hospitality.com Westplein 12, 3016BM, Rotterdam, the Netherlands, +31853031586
Personal data that we process
We process your personal data when you browse our Website, contact us, or use our services.We respect the data minimisation principle and, therefore, collect only a minimal amount of personal data that are necessary. Below, you can find an overview of the personal data we collect, the purposes for which we use them, and the legal bases on which we rely when processing them:
- When you submit a message through the contact form available on the Website, we collect your (i) name, (ii) email address, (iii) company name, (iv) phone number, and (v) any information that you decide to include in your message. When you contact us by email, we collect your (i) name, (ii) email address, and (iii) any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
- Service contract. When you conclude a service contract with us, we collect your (i) name, (ii) address, (iii) company name, (iv) email address, and (v) payment related data (e.g., your bank account number). We use such information to deliver you the requested services, fulfil our contractual obligations, maintain our business records, and contact you, if necessary. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (i.e., to administer our business).
When you subscribe to our newsletter through the form available on the Website, we collect your email address. We use it to deliver our newsletters and promote our business. The legal basis on which we rely is ‘consent’.
Minors. Our Website and services do not intend to collect data about persons who are younger than 16 years. However, we cannot check if a person is older than 16. We encourage parents to be involved in the online activities of their children, in order to prevent data about children being collected without parental consent. If you are convinced that we have collected personal data about a minor without this consent, please contact usand we will delete this information.
Personal data processed on behalf of our clients. When using our services, our clients may upload or submit third parties’ personal data for processing. We act as a data processor with regard to such service data – we do not own, control, or make decisions about the service data. Moreover, we do not intentionally access, manage, correct, delete, share, disclose or grant rights to the service data in any manner if it is not necessary for the provision of our services. Data controllers are solely responsible for the service data, including making sure that they were obtained in a lawful manner. The types of personal data processed by us depends on the information submitted or made available by our clients. The legal basis on which we rely when processing the service data is ‘performing a contract with our clients’.
Sensitive data. We do not collect or use any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.
Refusal to provide personal data. If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Website, receive our services, or get our response. Please contact us if you think that any personal data that we collect are excessive or unnecessary for the intended purpose.
Non-personal data That We Colllect
Analytics data. When you use the Website, we collect some technical data for service provision and analytics purposes. Such data does not allow us us to identify you in any manner. The non-personal data includes the following information:
- Your activity on the Website;
- Your browser type and version;
- Your operating system;
- URL addresses from which you access the Website;
- The date and time when you access the Website;
- Your internet service provider; and
- Your other online behaviour.
Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).
Purposes of non-personal data. We use non-personal data for the following purposes:
- To perform our contractual obligations;
- To maintain our business records;
- To analyse what kind of users use the Website and our services;
- To examine the relevance, popularity, and engagement rate of the content available on the Website;
- To investigate and help prevent security issues and abuse; and
- To develop and provide additional features to the Website and our services.
Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
We do not make decisions based on automated processing on matters that can have (significant) consequences for natural persons. These are decisions that are taken by computer programs or systems, without involving a person (for example, our employee).
How long we store personal data
We do not store your personal data for longer than is strictly necessary to realize the purposes for which your data are collected. After your personal data are no longer necessary for their purposes and there is no other legal basis for storing them, we will immediately securely delete your personal data from our systems. In instances when we are obliged by law to store your personal data for certain period of time (e.g., for business records or accountancy purposes), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
Sharing personal data with third parties
If necessary for the intended purpose of your personal data, we will disclose them to the service providers with whom we cooperate (our data processors). Your personal data may be shared with entities that provide technical support services to us, such as hosting and email distribution services. We do not sell your personal data to third parties and do not intend to do so in the future. The disclosure of your personal data is limited to the situations when they are required for the following purposes:
- Ensuring the proper operation of the Website;
- Ensuring the delivery of services requested by you;
- Responding to your enquiries;
- Pursuing our legitimate business interests;
- Enforcing our rights, preventing fraud, and security purposes;
- Fulfiling our contractual obligations;
- Law enforcement purposes; or
- If you provide your prior consent to such a disclosure.
Our data processors. We choose our data processors carefully and make sure that they ensure an adequate level of protection of personal data that is consistent with this Policy and the applicable data protection laws. The data processors that will have access to your personal data are:
- Our hosting service providers Siteground located in Bulgaria and TransIP located in the Netherlands;
- Our cloud storage service provider Microsoft Onedrive;
- Our bookkeeping software provider Jortt located in the Netherlands;
- Our newsletter service provider Mailchimp;
- Our analytics service provider Google Analytics located in the United States;
- Our email service provider Microsoft Office located in the United States; and
- Our independent contractors and consultants.
International transfers. If you reside in a country belonging to the European Economic Area (EEA), we may need to transfer your personal data outside the EEA. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).
Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the Website and our services.
Legal requests. If requested by a public authority, we will disclose information about the users of the Website and our services to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Policy.
Cookies, or similar techniques, that we use
Candra Hospitality B.V. uses only technical and functional cookies. And analytical cookies that do not infringe your privacy. A cookie is a small text file that is stored on your computer, tablet or smartphone when you first visit this website. The cookies we use are necessary for the technical operation of the website and your ease of use. They ensure that the website works properly and remember, for example, your preferences. We can also optimize our website with this. You can opt out of cookies by setting your internet browser so that it does not store cookies anymore. In addition, you can also delete all information previously saved via the settings of your browser.
View, modify or delete personal data
You have the right to view, correct or delete your personal data. In addition, you have the right to withdraw your consent to the data processing or to object to the processing of your personal data by Candra Hospitality B.V. and you have the right to data portability. This means that you can submit a request to us to send the personal data we have in a computer file to you or another organization mentioned by you. You can send a request for access, correction, deletion, data transfer, or request for cancellation of your consent or objection to the processing of your personal data to firstname.lastname@example.org. To ensure that the request for access has been made by you and protect your privacy, we may ask you to send us an identifying piece of data. We respond as quickly as possible, no later than four weeks, at your request.
We also wish to point out that you have the opportunity to file a complaint with your local data protection authority (in the Netherlands, its the Dutch Data Protection Authority:: https://autoriteitpersoonsgegevens.nl/nl/zelfdoen/privacyrechten/privacyklacht-indienen).
When we act in the capacity of a data processor with regard to the service data, we do not accommodate requests related to the access, rectification, deletion, or other rights with regard to the service data. The persons that would like to exercise their rights with regard to the personal data processed by us should contact the respective data controller with regard to that personal data. In case we receive a request related to the service data directly from a data subject, we do not take action and inform the respective data controller without undue delay.
How we protect personal data
We take the protection of your data seriously and implement appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. Our security measures include, without limitation, secured networks, encryption, strong passwords, limited access to your personal and data by our staff, and anonymization of personal data (when possible), If you have the impression that your data is not secure or that there are indications of abuse, please contact us.
Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
TERM, TERMINATION, AND AMENDMENTS
This Policy enters into force on the date indicated at the top of the Policy and remains valid until terminated or updated by us. We reserve the right to amend the Policy from time to time to address the changes in laws, regulations, and industry standards. We encourage you to regularly review our Policy to stay informed. For significant material changes in the Policy or, where required by the applicable law, we may seek your consent.