data processing agreement
DATA PRIVACY AGREEMENT
These Data Privacy Guidelines (the "Guidelines") set forth the terms and conditions under which BookOnlineNow Private Company ("Bookonlinenow") provides its service to and for the benefit of Accommodation Providers, including accommodation partners (hereafter “Accomodation Provider”). By using the BookOnlineNow services, the Accomodation Provider agrees to and accepts the following Guidelines.
1. SCOPE, DEFINITIONS AND INTERPRETATION
1.1 These Guidelines form an integral part of the agreement ( the "Agreement") between the Accomodation Provider and BookOnlineNow ( the "Parties") and must be read in conjunction therewith. Except as otherwise provided for herein, the terms and conditions of the Agreement remain unchanged and in full force and effect. If there is conflict between this Guideline and the Agreement, the terms of the Guidelines will prevail.
1.2 Unless defined otherwise in these Guidelines, capitalized terms have the same meaning as set out in the Agreement.
2. ACCOMMODATION PROVIDER END USERS - DATA PRIVACY AGREEMENT
2.1 BookOnlineNow offers an extranet facility to the Accomodation Provider (the “Extranet”) and provides unique access credentials to each Accomodation Provider End User. The Accomodation Provider End User shall safeguard and keep their user ID and password confidential and secure, and shall not disclose them to any other person other than those who need to have access to the Extranet to fulfill their job responsibilities. The Accomodation Provider shall notify BookOnlineNow at support@bookonlinenow.net within 24 hours of any actual or suspected breach of security or confidentiality involving the user ID and password used to access the BookOnlineNow Extranet.
2.1 According to GDPR law, and with regard to the processing of personal data of End Users using Bookonlinenow Extranet, both Parties agree that:
- The Data Controller is Bookonlinenow Private Company
- End Users data are processed for the purposes relating to the realization of agreements concluded by the controller, promotion of its services, as well as to allow the controller to contact with its customers.
- The Processing of End Users data is related to the realization of the legitimate interest of Bookonlinenow being the running of the commercial activity and the broadening of the market for its services.
- End Users data will be processed for the period of time of the relevant agreement with Bookonlinenow being in force and further on for the period of the statute of limitation arising out of this agreement unless it will be necessary to process them longer due to the circumstances such as bringing of an action, court verdict. Such an extension will include the time of the procedure and the statute of limitation of the claim covered by the verdict if any.
- End Users have the right to request the access to their data from Bookonlinenow, as well as to their rectification, erasure, restriction of their processing, the right to object to the processing and the right to data portability.
- End Users have the right to lodge a complaint with a supervisory authority, if End Users consider that the processing of their personal data infringes GDPR. The supervisory authority is the Inspector General for the Protection of Personal Data.
- The provision of End Users data is voluntary.
- Bookonlinenow will not profile End Users data, as well as it will not make automated decisions.
3. ACCOMMODATION PROVIDER’ GUESTS DATA - DATA PRIVACY AGREEMENT
3.1 According to GDPR law, and with regard to the processing of all aggregated data or personal data of Accommodation Provider’ guests (the "Data"), both Parties agree that:
- The Accommodation Provider is the Data Administrator (Controller)
- BookOnlineNow Private Company is the Data Processor.
3.2 Specification of the purpose
The processing of the Data is entrusted for the following purposes:
- collection of the Data from the Guest who makes the reservations of the hotel rooms for and in the name of the Controller;
- transfer of the data to the Controller, and
- rendering of the technical assistance to the Controller relating to the Processor services
The Processor may extend the scope of the processing of the Data beyond the frames specified above only following the documented request of the Controller in that respect.
3.3 The Processor ensures that the persons authorized to process the data will be bound with the non-disclosure obligation.
To the possible extent and taking into account the nature of the processing, the Processor will assist the Controller in realization of its duties to respond to the requests of data subjects in relation to the execution of their rights specified in section III of GDPR through adequate technical and organizational measures. The Processor will make available to the Controller all the information necessary to prove that the obligations specified in art. 28 of GDPR are fulfilled and will enable the Controller or the auditor authorized by the Controller to make audits including the inspections. In that respect the Processor assists the Controller.
The Processor declares that it has implemented the adequate safety measures aiming at the processing of the Data complies with the law. The Processor is obliged to keep in secret any information received in relation to its access to the Data and their protection against any unauthorized access. In particular, the Processor will not process the Data in a way which contradicts with the law add it will not reveal and make them available to unauthorized persons.
3.4 External services - In the event of the use of a third party services in relation to the processing of the Data, the Processor will observe the requirements specified in art. 28 items 2 and 4 of GDPR.
3.5 Winding up of the processing - Following the winding up of the services relating to the processing, the Processor will transfer the data to the Controller and destroys any existing copies thereof. This action will be performed separately in relation to each portion of the Data transferred to the Controller.
3.6 Each Party shall take reasonable steps to protect personal data (i.e., information that relates to an identified or identifiable natural person) processed in the context of the Agreement against loss and unauthorized access, use, deletion and disclosure; and, as required by applicable laws, process personal data in a manner that ensures appropriate confidentiality and security of the personal data.
3.7 The Accomodation Provider acknowledges that it is responsible for the handling and security of the personal data it holds and processes within the context of the Agreement and BookOnlineNow Private Company acknowledges that it is responsible for the handling and security of the personal data it processes within the context of the Agreement. Accomodation Provider shall provide personal data to BookOnlineNow Private Company only if such disclosure is permitted under applicable laws. BookOnlineNow Private Company shall be a data controller (i.e. determines the purposes and means of the data processing) for any personal data it processes. Accomodation Provider shall become data controller upon receipt of the personal data of the guest. The Parties shall, if required by applicable laws, cooperate in good faith and provide assistance in the event data subjects wish to exercise their rights of access, correction, erasure or portability, or in case of requests from competent authorities to demonstrate compliance with obligations applicable to the Party.
3.8 Accomodation Provider shall process personal data that Accomodation Provider received from BookOnlineNow Private Company as part of the Services under the Agreement only so far as necessary to perform the requested reservation services, or as otherwise agreed to between the Parties in writing, in accordance with applicable law, including (if applicable) Directive 95/46/EC and 2002/58/EC (as amended or replaced by subsequent legal acts) on the processing of personal data and the protection of privacy or the EU General Data Protection Regulation or if Accomodation Provider has obtained explicit consent from the guest to any other use of guest’s personal data.
3.9 The accommodation provider is the sole owner of the reservations’ personal data received from BookOnlineNow as part of the Services under the Agreement, neither BookOnlineNow nor any reseller or agent has the right to own the reservations’ personal data. BookOnlineNow do not use any guest information for marketing or any similar purposes.
This policy is effective as of 24 May 2018
Take charge of your bottom line
Find out how BookOnlineNow can take your Direct Bookings and Online Sales Strategy to the next level.
Europe – Greece (Headquarters):
Address : 124 Ionias ave, Alimos,GR 17456, Athens,Greece
Phone: +30 210 9920411
Turkey:
Address : Kemankeş Karamustafapaşa Mah. Tophane İskele Cad. No:12/49-50-51, Beyoğlu/İstanbul, Turkey
Phone : +90 850 885 00 28
Czech Republic:
Address : Churchill Square I. (4. patro), Italská 2581/67, 120 00 Praha 2 , Czech Republic
Phone : +420 734 445 530
Latin America:
Address: Olga Di Giorgio Geracci 40, Campinas, Sao Paulo, Brazil
Phone: +55 19 3342 4247
Egypt:
Address: 36 Heliopolis Gardens, Sheraton, El-Nozha, Cairo, Egypt
Phone: +20 1030 240 204
Bulgaria:
Address: 46, Akad. Stefan Mladenov Str., fl. 4, office 11A, 1700 Sofia, Bulgaria
Phone: +359 888 599 075 +359 895 588 802
All Rights Reserved by BookOnlineNow Private Company. Member of Epsilon Net Group of Companies