S
StayEase

GDPR Compliance

Last updated: May 2, 2024

1. Introduction

At StayEase, we are committed to protecting the privacy and security of your personal data. This GDPR Compliance Statement explains how we comply with the General Data Protection Regulation (GDPR) and outlines your rights under this regulation.

The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.

2. Data Controller

StayEase acts as a data controller for the personal data we collect and process. This means we determine the purposes and means of processing personal data. As a data controller, we are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that our processing activities comply with the requirements of the GDPR.

3. Lawful Basis for Processing

Under the GDPR, we process your personal data based on one or more of the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

4. Your Rights Under GDPR

The GDPR provides you with several rights regarding your personal data. These rights include:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
  • Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us at privacy@stayease.com.

5. Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures
  • Measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Staff training on data protection and security

6. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will also notify the affected individuals without undue delay.

7. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements. You can contact our DPO at dpo@stayease.com.

8. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules, or other legally accepted mechanisms.

9. Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact us at privacy@stayease.com.