PRIVACY POLICY
Introduction
This Privacy Policy sets out how we, Dgstay OÜ («Company»), use and protect your personal data that you provide to us, or that is otherwise obtained or generated by us, in connection with your use of our cloud-based hotel services («Services»), published (available)
at http://www.dgstay.com and its subdomain sites (referred to herein as «Sites»).
For the purposes of this Privacy Policy, ‘we’, ‘us’, and ‘our’ refers to the Dgstay web platform that helps guests to order hotel services, and ‘you’ refers to you, the user of the Services.
We collect the only personal data that we need for service rendering purposes and reduce the list of unnecessary data as they are no longer needed for the purposes stated here.
Contact details:
Representatives in the EU and the UK:
Representative in the EU is Dgstay OÜ (16475596), located at the address: Vesivärava st. 50-201, Tallin. (State registration № 16475596).
Our due appointed representative in the UK is Prighter Ltd. located at the address: Kemp House 160 City Road London EC1V 2NX, United Kingdom that also will be acting on our behalf.
Data processing officer.
Our appointed DPO is Mr. Sergey Levin who is responsible for GDPR and the UK Regulation compliance at the Dgstay and committed to the safety of your data. In case of any questions related to GDPR as well the UK Regulation compliance of the Dgstay please contact our DPO via email: privacy@dgstay.com.
1.1 Privacy Principles
We have three fundamental principles when it comes to collecting and processing private data:
1.2. Terms used in this Policy
Policy – this Privacy Policy regarding the processing of user’s personal data by the Company
in compliance with General Data Protection Regulation (EU) 2016/679 («GDPR») and for the UK the Data Protection Act 2018 and the UK GDPR («the UK Regulation»).
Personal data – any information related directly or indirectly to a specific or identifiable individual (the subject of Personal data or the User in the context of this Policy) as its described
in the GDPR and the UK Regulation.
Processor – Dgstay OÜ (16475596), company incorporated under the law of the Estonian Republic and located at the address: Vesivärava st. 50-201, Tallin. (State registration № 16475596).
User – a natural person, an Internet user who uses any of the Processor’s websites and/or Services for their own purposes and give its proper consent as the data subject under article of 4 (11)
of GDPR and provisions of the UK Regulation.
The Processor’s Partner – legal entity or a natural person that receives from the Processor the Personal data of Users of the Sites and or Services under a separate agreement with the Processor and qualified as a sub-processor of the Personal data. Processor’s partner receives your Personal data only for purposes of Services rendering to you. We carefully monitor and protect your Personal data by concluding a non-disclosure agreement with Processor’s partner and by other legitimate means.
2. Legal Ground for Processing Your Personal Data
We process your Personal data on the ground that such processing is necessary to further our legitimate interests, including: (1) provision of effective and innovative Services to our users; and (2) to detect, prevent or otherwise address fraud or security issues in respect of our provision of Services) unless those interests are overridden by your interest or fundamental rights
and freedoms that require protection of Personal data.
3. What Personal Data We Use
Basic data
We use the Personal data only required for proper Service provision. Such Personal data include (1) company name, (2) full name, (3) email, (4) phone number.
4.Keeping Your Personal Data Safe
4.1. Storing Data
If you requested Services from the territory of the EU or the UK, your data is stored in data centers in local servers AWS. These are third-party provided data centers in which
the Company rents a designated space. We do not share your Personal data with other data centers. All data is stored heavily encrypted so that local Company engineers or physical intruders cannot get access to it. After the Company complete the services rendering all Personal Data will
be deleted within 30 days.
4.2. End-to-End Encrypted Data
Before the Personal data reaches our servers, it is heavily encrypted. While the Company servers will handle this end-to-end encrypted data to deliver it to the recipient, we have no ways
of deciphering the actual information.
4.3. Retention
Unless stated otherwise in this Privacy Policy, the Personal data that you provide us will only
be stored for as long as it is necessary for us to fulfill our obligations in respect of the provision of the Services.
5.The composition of User information, the purpose, the basis, and the period of its storage
6. Information processing conditions
The processing of User information is carried out by the Processor in accordance with
the following principles:
The User’s information is collected, including by the Processor, independently in the course of the User’s use of the Sites and/or Services, or when the User fills in special forms (order form
and/or feedback form).
7. Questions and concerns
If you have any questions about privacy and our data policies, or you want to receive
a copy of your Personal data, change or delete it, please contact us via email
at privacy@dgstay.com. We will be glad to assist you and respond as early as possible but no later than one month.