Privacy policy

Name	Purpose	Duration
acceptedCookies	Stores the user’s cookie consent preferences.	7 days
acepta_cookie	Prevents the cookie banner from being displayed again once cookies have been accepted.	360 days
favoritos	Indicates that the user has saved accommodations as favorites.	365 days
bk_ambianceenterpri_favoritos_cupo[ID]	Stores the IDs of the accommodations saved as favorites by the user.	365 days
currency	Stores the currency code used to display accommodation prices.	360 days
PHPSESSID	Native PHP cookie that allows the website to store serialized user session data.	Session
guest_area_locale	Indicates the language in which the intranet is displayed.	Session

Name	Purpose	Duration
LAST_ACC_VISITED	Stores the last accommodations visited to feed the “Recently visited accommodations” widget.	1 day
LAST_SEARCHS	Stores the last searches performed by the user to feed the “Recommended searches” widget.	1 day
TOP_BANNER	Indicates whether the user has seen and closed the top banner.	1 day
BOTTOM_BANNER	Indicates whether the user has seen and closed the bottom banner.	1 day
exitintentClient	Indicates whether the user has seen the client exit-intent message.	7 days
exitintentOwner	Indicates whether the user has seen the owner exit-intent message.	7 days
idleTime	Defines the time it takes for the exit-intent message to appear.	7 days
popup_cookie	Indicates whether the user has seen the popup message.	1 day

Name	Purpose	Duration
NOTIFICATIONS_INFO	Stores the information required to trigger a notification when a guest reaches checkout but does not complete a booking.	1 day

PRIVACY POLICY

In compliance with the provisions of Regulation (EU) 2016/679 of the General Data Protection Regulation (GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD) of December 5, 2018, we hereby inform you as follows:

DATA CONTROLLER

Identity: YBA Gestion SL, with Tax ID (CIF) B56367030, hereinafter referred to as “the Controller”.

Postal address: Calle de Vicente Blasco Ibáñez, 39, 5D; 28050 – Madrid

Contact email: info@yourbestapartment.com

PURPOSE OF DATA PROCESSING

Depending on the commercial and/or professional relationship established or intended to be established between the user and the Controller, we inform you that personal data are processed for the purpose of managing the user registration process through a single account, as an interested party in the service for managing the rental of their property and maintaining the established contractual relationship, as well as attending to and responding to contact requests, information requests and/or enquiries received through the contact channels available on the website, and managing subscription to our Newsletter for the sending of periodic bulletins with company updates, information about its services and other content that may be of interest.

Online check-in process

The personal data provided by users when making a reservation are processed to manage the check-in process, as well as any procedures related to the reservation.

In order to guarantee and streamline the check-in process, the Controller may request an image of the user’s identity document and, where applicable, a selfie, through the systems enabled for online check-in, for the purpose of verifying the identity of the guest making the reservation and complying with the applicable legal obligations regarding traveller registration.

In accordance with the provisions of the GDPR, a record of processing activities is maintained which specifies, according to their purposes, the processing activities carried out and the other circumstances established in the GDPR.

The personal information provided by users will not be used for purposes other than those stated. Under no circumstances will decisions be made based solely on automated processing.

LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing carried out is based on:

· The consent granted by ticking the corresponding checkbox(es).

· The performance of a contract and/or service to which the User is a party and for which the User has provided personal data within the framework of a contractual or pre-contractual relationship, where such processing is necessary for the maintenance of said relationship.

· Compliance with legal obligations applicable to the Controller which require the processing of personal data in accordance with the services provided or those related to tax and accounting matters, in compliance with applicable regulations (commercial, fiscal, tax).

· In the case of data processing for the online check-in process, the legal basis shall be compliance with a legal obligation and the performance of the accommodation contract.

PERSONAL DATA PROCESSED AND SOURCE

Depending on the use made by the user of the website, the personal data processed may include identification data, contact data and browsing data.

Within the framework of the online check-in process, images of identity documents and, where applicable, facial images (selfies), as well as banking or payment details provided directly by the user, may also be processed.

The data collected are provided directly by the user when contacting the Controller, by completing the relevant form(s) or through other functionalities offered on the website.

The use of contact sections, completion of forms and/or functionalities offered on the website is voluntary. However, the completion of certain fields or the provision of certain data is necessary in order to properly attend to and manage the user’s request. Failure to provide the required information will prevent the Controller from properly attending to and managing the request.

The User guarantees that the data provided are truthful, accurate and complete. Data will be cancelled, deleted or blocked when they are inaccurate, incomplete or no longer necessary or relevant for their intended purpose, in accordance with applicable legislation. If the personal data provided belong to a third party, the User guarantees that they have informed said third party of this Privacy Policy and obtained their authorization to provide their data for the purposes indicated above. The User likewise guarantees that the data provided are accurate and up to date and shall be liable for any direct or indirect damage that may arise as a result of failure to comply with this obligation. The User undertakes and is responsible for the accuracy and correctness of the data provided and agrees to keep them duly updated.

LINKS AND SOCIAL MEDIA POLICY

The website may include links to third-party websites, such as social networks in which the Controller is present. Such third-party websites have not been reviewed and are not subject to control by this website or its owner, who shall not be responsible for the content freely published by users. Users should be aware that their publications will be visible to other users and therefore they themselves are primarily responsible for their own privacy.

DATA RETENTION PERIODS

The personal data provided by the User will be retained for as long as the User remains registered with the service, for the duration of the business relationship, until the User requests their deletion, or for the legally established period. Data may also be retained when necessary for compliance with a legal obligation or for the formulation, exercise or defence of claims.

In the case of data processed for the online check-in process, the images will be deleted within a maximum period of 24 hours after departure from the accommodation, unless a legal obligation requires otherwise.

If the User withdraws their consent or exercises their rights of objection or erasure, their data will be blocked and kept at the disposal of the judicial authorities for the legally established periods in order to address any potential liabilities arising from the processing of personal data. In no case will this affect the provision of the service and/or the execution of contracts with the Controller.

The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

CONFIDENTIALITY AND SECURITY OF PERSONAL DATA

The Controller undertakes to adopt the necessary technical and organizational measures, in accordance with the level of security appropriate to the risk of the data collected, to ensure the security of personal data and to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized disclosure of or access to such data.

Personal data shall be treated as confidential by the Controller, who undertakes to inform and ensure, through legal or contractual obligations, that such confidentiality is respected by its employees, partners and any persons to whom access to the information is granted.

DATA DISCLOSURES AND RECIPIENTS

Personal data may be disclosed to third parties where expressly required by applicable legislation, or where such disclosure is necessary to comply with legal obligations applicable to the Controller or to provide services strictly necessary for the development of its activity, such as banking institutions and payment gateways.

Some service providers act as data processors, with whom the Controller has entered into the corresponding agreements in accordance with Article 28 of the GDPR, ensuring at all times the security and confidentiality of the information.

In some cases, such providers or third parties may be located outside the European Economic Area (EEA), which may involve an international transfer of personal data.

In such cases, the Controller will ensure that the recipients provide adequate guarantees for the protection of personal data, in accordance with Regulation (EU) 2016/679 (GDPR).

USERS’ RIGHTS

What rights do you have when you provide us with your data?

The User has the right to obtain confirmation as to whether or not we are processing personal data concerning them. The User has the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected. In certain circumstances, the User may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defence of claims. In certain circumstances, and for reasons related to their particular situation, the User may object to the processing of their data, in which case the Controller will cease processing the data, except for compelling legitimate reasons or for the exercise or defence of possible claims. Where legally applicable, the User shall have the right to data portability, meaning the right to receive the personal data concerning them that we process and to store them on their own device.

The User may exercise, where applicable, the rights of access, rectification, objection, erasure, restriction of processing, data portability and the right not to be subject to automated individual decision-making by written communication, accompanied by a copy of their ID document to verify their identity, with the reference “GDPR Rights”, addressed to the email address info@yourbestapartment.com.

Likewise, users are informed that they may submit any complaint regarding personal data protection to the Spanish Data Protection Agency (Agencia Española de Protección de Datos) at www.aepd.es, the supervisory authority in Spain.