GDPR Compliance Policy

Introduction

This General Data Protection Regulation (GDPR) Policy explains how HostFinn ("we", "our", or "us") collects, uses, and protects personal data in accordance with the GDPR standards. This policy applies to all users of our services within the European Economic Area (EEA).

Data Controller Information

HostFinn is the data controller for personal information collected through our website and services. If you have any questions about our GDPR compliance, please contact us at:

Email: contact@hostfinn.com

Your Data Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of your personal data that we hold.
  • Right to Rectification: You can request that we correct any inaccurate data we hold about you.
  • Right to Erasure: You can request that we delete your personal data (subject to certain conditions).
  • Right to Restriction of Processing: You can request that we restrict the processing of your personal data.
  • Right to Data Portability: You can request that we transfer your data to another controller.
  • Right to Object: You can object to our processing of your personal data.
  • Right to Not Be Subject to Automated Decision-making: You can request human intervention for decisions based solely on automated processing.

To exercise any of these rights, please contact us at contact@hostfinn.com. We will respond to your request within one month.

Data We Collect

We collect the following categories of personal data:

  • Account Information: Username, email address, and password (encrypted).
  • Profile Information: Name, contact details, preferences, and settings.
  • Property Information: Details about properties you manage through our platform.
  • Guest Information: Data about guests staying at your properties.
  • Financial Information: Income, expenses, and payment details related to your properties.
  • Usage Data: Information about how you use our platform, including log data and analytics.

Lawful Basis for Processing

We process your personal data on the following legal grounds:

  • Contract: Processing necessary for the performance of our contract with you.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services.
  • Consent: Processing based on your specific consent, such as for marketing communications.
  • Legal Obligation: Processing necessary to comply with our legal obligations.

Data Sharing and International Transfers

We may share your personal data with:

  • Service providers who help us deliver our services.
  • Third-party payment processors to facilitate payments.
  • Legal and regulatory authorities when required by law.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods vary based on data type:

  • Account information: For the duration of your active account plus 2 years after account closure.
  • Financial records: 7 years as required by tax regulations.
  • Property and guest data: For the duration of your active account plus 2 years, unless longer retention is required by law.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or damage. These measures include:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

We would, however, appreciate the chance to address your concerns before you approach a supervisory authority, so please contact us first at contact@hostfinn.com.

Changes to This Policy

We may update this GDPR Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and, where appropriate, by email.

Last updated: April 15, 2025