Privacy Policy
1) Data Processor
IKAM OÜ
Registration code: 17031524
E-mail: kuressaarestays@gmail.com
Phone: +372 545 833 60
2) What personal data is collected?
Booking details
- arrival and departure date, number of nights
- number of guests
- reservation ID, reservation date
- additional requests/comments
Contact details
- first and last name
- phone number
Payment and billing information
- payment status
- amount
- invoice and transaction information. NB! Bank card details are not stored if the card payment is made through a payment service provider.
Technical data
- IP address
- device and browser information
- site usage logs to ensure security and functionality
3) What the data is used for
Personal data is used to
-
manage reservations and communicate about the reservation
-
provide accommodation services and provide check-in instructions
-
fulfill legal obligations (including visitor card requirements)
-
ensure security, prevent fraud and resolve disputes
-
keep accounting and issue invoices when necessary
4) Legal basis
Personal data is processed on the basis of GDPR
-
performance of the contract (reservation and accommodation service)
-
legal obligation (e.g. visitor card)
-
legitimate interest (security, fraud prevention, customer communication, dispute resolution)
-
consent (e.g. non-essential cookies/analytics, if used)
5) Visitor card and ID document
The accommodation provider has the right to ask the guest to present a valid identification document for identification purposes.
Photo of a document in case of contactless check-in: If the arrival is contactless, the accommodation provider may ask for a photo or copy of a document for identification purposes. In such a case, the copy will be deleted as soon as possible after check-out (except in cases arising from the law or in the event of a dispute).
6) To whom the data is transferred
Data will only be transferred to the following recipients if necessary:
-
IT and web hosting service providers (server, email, backup)
-
reservation system and payment solution service providers
-
accounting and auditing
-
public authorities (in cases arising from the law)
7) Data retention
-
Visitor cards: are kept for 2 years from the date of issue.
-
Accounting source documents and transaction-related documents: are kept for 7 years from the end of the relevant financial year.
8) Data security
Reasonable technical and organizational measures are used to protect personal data (access restrictions, password protection, updates, backups).
9) Transfer of data outside the EU/EEA
If service providers whose servers or subcontractors are located outside the EU/EEA are used, the lawfulness of the transfer is ensured (e.g. standard contractual clauses and other GDPR safeguards).
10) Visitor rights
The visitor has the right to:
- get access to your data
- correct inaccurate data
- in certain cases, request erasure or restriction of processing
- object to processing based on legitimate interest
- withdraw consent (if processing is based on consent)
For complaints and questions, please contact: kuressaarestays@gmail.com.
11) Complaints
If the visitor finds that his/her data has been processed incorrectly, he/she has the right to contact the Data Protection Inspectorate:
E-mail: info@aki.ee
Address: Tatari 39, 10134 Tallinn
Hotline: 5620 2341
12) Cookies
This site uses cookies and similar technologies:
-
essential cookies
-
statistics/analytics cookies
-
functional cookies
If necessary, it is possible to restrict cookies in the browser settings (cookie banner/consent).
13) Changes
The Privacy Policy may be updated and changed. The current version is always published with the “Last Updated” date.