Privacy Policy

This Privacy Policy describes the privacy principles and practices adopted by Yovivo and shall apply to all relationships between Yovivo and the Client and the Guests related to the use of the Service and website. Unless defined in this Privacy Policy, the terms used in Privacy Policy are used in the meaning given to them in Yovivo Terms and Conditions for Yovivo, available at https://www.yovivo.com/terms and/or in the meaning given to them in Article 4 of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”).

Please read this Privacy Policy document carefully. As Yovivo is dedicated to protecting the privacy and personal data of our Clients and Guests, please do not hesitate to contact us, if you have any questions about how we process your Personal Data or if you wish to submit an application for exercising your rights related to processing your Personal Data.

DEFINITIONS

“Accommodations” means the property booked by the Client by way of using the Service; “Yovivo” or “we”, “us”; “our” means Yovivo, a company incorporated in the UK, with the registry code #13499892, address Unit 3 Meadow Barn, Great Tey, Brook Road, Colchester, CO6 1JG UK, e-mail address: yo@yovivo.com, or other entities in the group with Yovivo providing the Services.

“Client” means any person who is using the Services of Yovivo who has made the Reservation or has concluded an Agreement with Yovivo;

“Cookie Policy” means the cookie policy in Section 8;

“Data Subject” Natural person who uses Yovivo Services or whose Personal Data is processed by Yovivo;

“Data Controller” or “Controller” natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For the purposes of this Privacy Policy, the Yovivo entity providing the Service in a specific jurisdiction is the data controller of its Clients' Personal Data.

“Data Processor” or “Processor” natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the controller; for example, the service providers to Yovivo;

“Extra Service” means the extra services ordered by the Client upon availability in accordance with the Terms and Conditions;

“Service” means the accommodation service and related services provided to the Client by Yovivo;

“OTA” means the online travel agency or other services provider who has listed accommodations through its services and thereby mediates the Services by Yovivo; “GDPR” is defined in the preamble;

“Guest” or “Guests” mean the person or persons being provided with the Service;

“Reservation” means a reservation for a Service made by the Client;

“Website” means https://yovivo.com, its subdomains, and/or other webpages used by Yovivo;

“Personal Data” is any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of such a record as the name, personal identification code, place of location information or network identifier, or on the basis of one or more physical, physiological, genetic, mental, economic, cultural or social identities;

“Processing” is any operation or set of operations that are performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; “Terms and Conditions” mean the Terms and Conditions for using Yovivo Services, available at https://www.yovivo.com/terms.

You” means the same as the “Data Subject”.

WHY DO WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS? When you have opted to use Yovivo Services and you are the Client of Yovivo or Guest, we need to process your Personal Data to enable the Services to you (data subject).

We process Personal Data that is submitted to us directly by the Client or automatically obtained by Yovivo about the Client in the course of using our Services.

If you have ordered the Service through the OTA, we process Personal Data that is submitted to us by the relevant OTA. In such a case, the privacy terms of the OTA selected by you apply in addition.

If the Reservation is submitted by the Client for a third person being the Guest or co-Guest(s), we process Personal Data about such Guest or co-Guest(s) as submitted to us by the Client. When submitting the Personal Data about a third person, the Client undertakes to ensure that he/she/it has the consent(s) of each Guest or other Data Subject to transfer his/her Personal Data to Yovivo.

We also process Personal Data that is submitted to us when you contact us with a query or question via Website or via any other channel (by sending an e-mail, for example). In such a case we process your Personal Data included in the inquiry to the extent that is necessary to respond to you.

Personal Data Yovivo processes in the course of providing the Services may include following data about you: general personal information: first name; last name; citizenship, nationality, sex, date of birth; ID document data; contact details: e-mail address; address; phone number; data related to the ordered Service: any data disclose to us as through the use of the Service, including, for example, information related to the ordered Extra Services; payment data: information concerning the payment for the Services, including the credit card details used; technical data: to ensure smooth provision of the Services, we may process technical data, which may include your device’s Internet Protocol address (IP address), browser information, information about your device’s operating system, settings, language, date of device and other necessary information which may also be acquired through the use of cookies on our Website; sensor data: Yovivo properties may be installed with certain sensors that process information in the premises, such as the temperature, noise level, motions (to automatically switch on/off electricity), humidity, air quality level, etc. Such sensors do not collect personally identifiable information and never record audio, photographs or videos. Please note that as the sensor data cannot usually be linked to any specific natural person, the sensor data is not generally considered as personal data. However, in order to be transparent in all data processing, we have also described in this Privacy Policy the use of sensors.

WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA? We process Personal Data to provide the Services (please also read Yovivo Terms and Conditions). Legal basis for such data processing is GDPR Article 6 (1)(b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

In certain situations, we might process your Personal Data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation or applicable tourism legislation. Legal basis for such data processing is GDPR Article 6 (1)(c).

In certain specific situations we might also process your Personal Data where necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6 (1)(f). In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment. For example, for the purpose of our legitimate interest we analyse how our Services and Website are used by our Clients so we can provide better service; when processing is necessary in connection with an investigation of suspected or actual fraudulent or other illegal activity or in connection with corporate sale, merger, reorganization, dissolution or similar event.

HOW LONG IS YOUR PERSONAL DATA RETAINED?  

Yovivo does not retain Personal Data longer than it is necessary for the purposes of processing Personal Data or pursuant to applicable law.

Personal Data related to contacts can be retained during the term of the contract and based on our legitimate interest pursuant to Article 6 (1)(f) of the GDPR until the end of the statutory limitation periods under applicable law. Accordingly, as a general rule Yovivo retains your Personal Data as long as it is necessary for the provision of the Services during the term of the contract concluded between you and Yovivo and for 3 years after the term of the contract.

Pursuant to the Accounting Act, we retain accounting documents for 7 years.

Pursuant to Tourism Act, we retain registration data of the accommodation service user, which includes general personal information for 2 years.

OVERVIEW OF DATA PROCESSING

Personal data: First name, last name, e-mail address, phone number, address, and information concerning the Services and Extra Services ordered. Purpose of processing: Enabling provision of the Services in accordance with Terms and Conditions and our legitimate interest to retain the related information until the end of applicable limitation periods. Legal basis: GDPR Art. 6 (1)(b); GDPR Art. 6 (1)(f)(1). 

Retention period:

3 years Personal data: First name, last name, date of birth, citizenship, and address; the name, date of birth and citizenship of the co-Guest(s); the period of provision of the accommodation Service; if the Client is not a citizen of a Member State of the European Economic Area or Switzerland then also a copy of the travel document and the state which issued it. Purpose of processing: Fulfilling our legal obligation arising from tourism laws to register the recipient of accommodation service. Legal basis: GDPR Art. 6 (1) (c).

Retention period:

2 years Personal data: Accounting-related data such as invoices. Purpose of processing: Fulfilling your legal obligation arising from accounting laws to process supporting documents of the transactions. Legal basis: GDPR Art. 6 (1)(c).

Retention period: 7 years

Personal data: Name, e-mail address. Purpose of processing: Sending marketing content. Legal basis: GDPR Art. 6 (1) (a). Retention period: Until the withdrawal of the consent. Personal data: Technical data.

Purpose of processing: Our legitimate interest to ensure security, continuity, and/or improvement of the Portal Legal basis: GDPR Art. 6 (1) (f). Retention period: Up to 2 years, please see Section “Cookies” for more specific information. Personal data: Sensor data. Purpose of processing: Our legitimate interest to improve our Services- Legal basis: GDPR Art. 6 (1) (f). Retention period: 5 years

WHEN DO WE SHARE YOUR PERSONAL DATA?

To the extent this is necessary for the provision of our Services, we may share your Personal Data with certain third parties. For example, if you order food delivery as Extra Service in accordance with the Terms and Conditions, we need to process this order for Extra Service and related data and to forward it to such Extra Service provider, to fulfill your order.

We may also share your Personal Data with third-party suppliers providing services to us, e.g. IT suppliers or other service providers. We do our best to select only the most trustworthy service providers and to select service providers that provide a level of data protection in accordance with the conditions described in this Privacy Policy and on the level as required by the GDPR.

We retain your Personal Data. Yovivo may transfer Client Personal Data to third countries, i.e. countries outside the EU/EEA area, for the purposes explained in this Privacy Policy. When transferring the Client’s Personal Data to third countries, Yovivo will ensure that the transfer is subject to appropriate safeguards under the GDPR and that the Client’s rights are protected, such as the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses). Clients may request a copy of the safeguards we have put in place with respect to the transfer of Personal Data by contacting Yovivo via contact details below.

Please note that we might access your Personal Data also when you have booked through OTAs. In such a case your Personal Data will also be processed in accordance with the privacy policies adopted by the specific OTA selected by you and who shall act as a separate Data Controller of your Personal Data.

 

USE OF SECURITY CAMERAS

Please be noted that security cameras may be installed in public areas near the accommodations (outdoor areas, lobbies, etc). If the security cameras are installed, this is done by the security undertaking with whom Yovivo may have entered a service agreement.

The use of security cameras may be necessary in order to ensure security, prevent and process security incidents and ensure the safety of the property and people near the properties. The legal basis for the use of security cameras is a legitimate interest under Article 6(1)(f) of the GDPR.

Please be noted that security cameras are never installed inside the accommodations or in areas where complete privacy can be presumed.

When security cameras are used, there shall always be a sign informing of the use of a camera in the security camera’s surveillance area, i.e. a sign depicting a camera and/or the words “VIDEO SURVEILLANCE”. In the absence of a sign, cameras are not used.

Yovivo does not have general access to the security camera recordings. Security undertaking organizing the security near the respective accommodations shall have access to security camera recordings. The sign informing the use of the security cameras shall also include the details of the security undertaking who has installed the security cameras and who is conducting the security

Security camera recordings are stored by security undertakings. Security undertaking shall retain security camera recordings in accordance with the applicable law.

HOW DO WE PROTECT YOUR PERSONAL DATA?

To protect your Personal Data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organizational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, and controlling and limiting access to documents and buildings.

GOVERNING LAW AND JURISDICTION

This Privacy Policy shall be governed by the laws of the UK. Any disputes arising from this Privacy Policy shall be settled in the UK unless you have a right to turn to the court of your residence pursuant to statutory law.

CONTACT US If you have any questions or concerns, please email our customer service team at yo@yovivo.com

UPDATES We may update this statement in response to changing laws or technical or business developments. You can see when this was last updated by checking the 'last updated date displayed at the top of this statement.

©2022 Yovivo. All rights reserved.