PRIVACY POLICY

Introduction

This Privacy Policy sets out how we, Dgstay OÜ («Company»), use and protect your personal data that you provide to us, or that is otherwise obtained or generated by us, in connection with your use of our cloud-based hotel services («Services»), published (available)
at http://www.dgstay.com and its subdomain sites (referred to herein as «Sites»).

For the purposes of this Privacy Policy, ‘we’, ‘us’, and ‘our’ refers to the Dgstay web platform that helps guests to order hotel services, and ‘you’ refers to you, the user of the Services.

We collect the only personal data that we need for service rendering purposes and reduce the list of unnecessary data as they are no longer needed for the purposes stated here.

Contact details:

Representatives in the EU and the UK:

Representative in the EU is Dgstay OÜ (16475596), located at the address: Vesivärava st. 50-201, Tallin. (State registration № 16475596).

Our due appointed representative in the UK is Prighter Ltd. located at the address: Kemp House 160 City Road London EC1V 2NX, United Kingdom that also will be acting on our behalf.

Data processing officer.

Our appointed DPO is Mr. Sergey Levin who is responsible for GDPR and the UK Regulation compliance at the Dgstay and committed to the safety of your data. In case of any questions related to GDPR as well the UK Regulation compliance of the Dgstay please contact our DPO via email: privacy@dgstay.com.

1.1 Privacy Principles

We have three fundamental principles when it comes to collecting and processing private data:

• We don’t use your data to send you ad letters.
• We only store the data that the Company needs to function as secure and feature-rich Services.
• We do not transfer data to third parties that are not participating in Services rendering
  to you as a final consumer of it

1.2. Terms used in this Policy

Policy – this Privacy Policy regarding the processing of user’s personal data by the Company
in compliance with General Data Protection Regulation (EU) 2016/679 («GDPR») and for the UK the Data Protection Act 2018 and the UK GDPR («the UK Regulation»).

Personal data – any information related directly or indirectly to a specific or identifiable individual (the subject of Personal data or the User in the context of this Policy) as its described
in the GDPR and the UK Regulation.

Processor – Dgstay OÜ (16475596), company incorporated under the law of the Estonian Republic and located at the address: Vesivärava st. 50-201, Tallin. (State registration № 16475596).

User – a natural person, an Internet user who uses any of the Processor’s websites and/or Services for their own purposes and give its proper consent as the data subject under article of 4 (11)
of GDPR and provisions of the UK Regulation.

The Processor’s Partner – legal entity or a natural person that receives from the Processor the Personal data of Users of the Sites and or Services under a separate agreement with the Processor and qualified as a sub-processor of the Personal data. Processor’s partner receives your Personal data only for purposes of Services rendering to you. We carefully monitor and protect your Personal data by concluding a non-disclosure agreement with Processor’s partner and by other legitimate means.

2. Legal Ground for Processing Your Personal Data

We process your Personal data on the ground that such processing is necessary to further our legitimate interests, including: (1) provision of effective and innovative Services to our users; and (2) to detect, prevent or otherwise address fraud or security issues in respect of our provision of Services) unless those interests are overridden by your interest or fundamental rights
and freedoms that require protection of Personal data.

3. What Personal Data We Use

Basic data

We use the Personal data only required for proper Service provision. Such Personal data include (1) company name, (2) full name, (3) email, (4) phone number.

4.Keeping Your Personal Data Safe

4.1. Storing Data

If you requested Services from the territory of the EU or the UK, your data is stored in data centers in local servers AWS. These are third-party provided data centers in which
the Company rents a designated space. We do not share your Personal data with other data centers. All data is stored heavily encrypted so that local Company engineers or physical intruders cannot get access to it. After the Company complete the services rendering all Personal Data will
be deleted within 30 days.

4.2. End-to-End Encrypted Data

Before the Personal data reaches our servers, it is heavily encrypted. While the Company servers will handle this end-to-end encrypted data to deliver it to the recipient, we have no ways
of deciphering the actual information.

4.3. Retention

Unless stated otherwise in this Privacy Policy, the Personal data that you provide us will only
be stored for as long as it is necessary for us to fulfill our obligations in respect of the provision of the Services.

5.The composition of User information, the purpose, the basis, and the period of its storage

• Purpose: To provide you with a Service, to satisfy your request, or to answer a question, including for the purpose of fulfilling the Public Offer («Agreement»).
• Basis: Agreement with you and in your interests; providing you with information by filling out the order form yourself.
• List of information: Last name, first name, patronymic of the User; Room number); Order data (delivery address, order composition).
• Purpose: Your use of the Sites, satisfaction of your request or response to a question.
• Reason: Independent provision of information by you, by filling out the special-order form.
• Goal: To understand the audience, learn about their preferences, and improve
  the Sites and/or Services.
• Reason: Legitimate interest in improving the Processor’s Websites and/or Services.
• Period: The Processor stores information about the User for as long as it is necessary
  to achieve the purpose of Services provision, or to comply with the requirements of GDPR and relevant provisions of UK Regulations.

6. Information processing conditions

The processing of User information is carried out by the Processor in accordance with
the following principles:

• Legality of the purposes and methods of processing user information.
• The Processor integrity.
• Compliance of the purposes of processing User information with the purposes defined
  in advance and declared when collecting it.
• Compliance of the composition, volume and nature of the User information, as well as
  the methods of its processing, with the stated goals of the Processor for processing User information.
• Accuracy and sufficiency (and, if necessary, topicality) of User information in relation
  to the stated purposes of information processing.
• Destruction of information about the User in order to achieve the processing goals in a way that excludes the possibility of their recovery.
• It is unacceptable to combine databases containing information about the User,
  the processing of which is carried out for purposes that are incompatible with each other.

The User’s information is collected, including by the Processor, independently in the course of the User’s use of the Sites and/or Services, or when the User fills in special forms (order form
and/or feedback form).

7. Questions and concerns

If you have any questions about privacy and our data policies, or you want to receive
a copy of your Personal data, change or delete it, please contact us via email
at privacy@dgstay.com. We will be glad to assist you and respond as early as possible but no later than one month.