Apartment booking process

In the context of the apartment booking process – whether this takes place online or you will contact with us through our website– we process your Personal Data for the purpose of enabling you to reserve a apartment in the place of your choice; verifying the availability of the apartment and to administer the booking; sending you a booking confirmation; and sending you pre-arrival emails. You may unsubscribe from pre-arrival emails at any time by clicking on the unsubscribe link in the emails sent to you.

Processed data categories

Address, Booking details (including reservation number), Date of arrival and departure, Email address, First name / Last name, First name / Last name of adult co-guest(s), Payment card type, number and expiration date, Telephone number, Title

Source of data

Depending on the booking mechanism used:

– Directly from you through the online ESTonishing booking form
– Through the email you used to make the booking
– From our call superhost

Ground for processing
Processing is necessary to take steps to enter into and perform a contract.
            
Recipients of data
– IT service providers involved in the (online) booking process
– IT service providers
– Email communications service provider

Guest satisfaction surveys
 We may send you guest satisfaction surveys by email during or after your stay to enable us to                     measure the performance of our hotels. You may unsubscribe from our guest satisfaction survey emails at any time by clicking on the unsubscribe link in the emails sent to you.

Processed data categories
Country of residence, Date of arrival and departure, Email address, First name / Last name, Nationality, Loyalty program membership number, Stay details

Source of data

Depending on the booking mechanism used:

– Directly from you through the online ESTonishing booking form
– Through the email you used to make the booking
– From our call superhost

Ground for processing

Processing is necessary to ensure and follow up on the good performance of the contract you have with us.

Recipients of data
– Guest satisfaction survey provider

Service emails Analytics

In the context of service emails, which includes guest satisfaction survey emails and any pre-arrival emails concerning your booking, we may process and collect your Personal Data, and notably whether you have opened and actioned a service email, for analytical purposes in order to measure the click-through rate and improve the content of our service emails. You may unsubscribe from our service emails at any time by clicking on the unsubscribe link in the service emails sent to you.

The information below describes the types of data we process for this purpose; where we get your data from, the ground we rely on to carry out the processing, and who we may share your data with.

Processed data categories

Email address, Email clicking behavior, Email opening behavior, First name / Last name, Loyalty Program membership number

Source of data

From our email analytics service provider

Ground for processing

It is in ESTonishing legitimate interest as a business to understand the email clicking behavior of its guests in order to determine whether improvements are needed. In this context, ESTonishing business interests prevail over yours.

Recipients of data

– IT service providers
– Email analytics service provider

ESTonishing Guests

1. Check-in and check-out

When staying at the apartment of your choice, we will collect and process your Personal Data for the purposes of registering your arrival and departure at the apartment; assigning you a key card to your apartment; obtaining a credit card guarantee to ensure payment of your stay; managing (and archiving) your apartment registration card; (v) creating or updating your profile in our apartment management system; managing payment of your stay; establishing, printing or sending an invoice for your stay.

Processed data categories

Address, Bookings, Date of arrival and departure, Email address, First name / Last name, First name / Last name of adult co-guest(s), Payment card type, number and expiration date, ESTonishing Loyalty program membership number, Telephone number, Title

Source of data

Depending on the booking mechanism used:

– Directly from you through the online ESTonishing booking form
– Through the email you used to make the booking
– From our call superhost

Ground for processing

Processing is necessary to perform the contract you have with us.

Recipients of data
– IT service providers

2. Credit limit reports

To ensure payment for all guests staying in a apartment, each apartment guest is asked for a credit card or deposit upon arrival.

Processed data categories

Date of arrival and departure, First name / Last name, Payment card type, number and expiration date.

Source of data

Depending on the booking mechanism used:
– Directly from you through the online ESTonishing booking form
– Through the email you used to make the booking
– From our call superhost

Ground for processing

Processing is necessary to ensure the performance of the contract you have with us.

Recipients of data
– IT service providers

3. Apartment stay

When you stay in one of our apartments, we endeavor to make your stay as pleasant as possible. This requires processing your Personal Data for the purposes of providing specific services during your apartment stay. These services include housekeeping and maintenance; returning lost or forgotten items to you; and/or managing your and your co-guests’ preferences, such as dietary requirements and pillow preferences, in order to provide you with a better service during your stay with us.

Processed data categories

Address, Consumption habits, Date of arrival and departure, Email address, First name / Last name, First name / Last name of adult co-guest(s), Other preferences, Payment details (for the purpose of returning lost or forgotten items), Telephone number

Source of data

Depending on the booking mechanism used:
– Directly from you through the online ESTonishing booking form
– Through the email you used to make the booking
– From our call superhost

Ground for processing

It is in ESTonishing legitimate interest as a business to organize its day-to-day hotel maintenance activities, to personalize the services it provides, and/or to be able to identify the owner of a lost or forgotten item. Taking into account the limited Personal Data processed and shared for such purpose(s).

Recipients of data

– ESTonishing Apartment personnel, including housekeeping, maintenance, front desk, and/or other apartment personnel concerned
– IT service providers
– Delivery or courier service providers (for the purpose of returning lost or forgotten items)

Additional services and facilities

In many of our apartments you can benefit from additional services and facilities, such as laundry services, parking, taxi requests, free Wi-Fi, etc. In the event you make use of additional services or facilities at one of our apartments, your Personal Data may be processed to manage the booking and use of such additional hotel services and/or facilities; administer any advance bookings of additional services and/or facilities to your file; personalize returning guests’ arrival to the apartment and the choice of apartment amenities and room features; and manage the expenses incurred for such additional services and/or facilities.

Processed data categories

Consumption habits, Date of arrival and departure, Dietary requirements, Email address, First name / Last name, First name / Last name of adult co-guest(s), Payment card type, number and expiration date, ESTonishing Loyalty program membership number, Title

Source of data

Depending on the booking mechanism used:
– Directly from you through the online ESTonishing booking form
– Through the email you used to make the booking
– From our call superhost

Ground for processing
Processing is necessary to take steps with a view to entering into a contract and/or to perform the contract.

Recipients of data

– ESTonishing apartment personnel, including front desk, room service, and/or other hotel personnel concerned
– IT service providers

Loyalty Program

1. ESTonishing Stay Loyalty program

ESTonishing Loyalty program is a rewards program applicable throughout the apartments of the ESTonishing Stay apartments that is available to guests staying in our apartments, and to professional partners irrespective of whether the professional partners stay as guests or book on behalf of others. ESTonishing Stay Loyalty program provides you with a number of benefits during your stay at our apartment.

Source of data
Directly from you when claiming or redeeming your benefits.

Ground for processing

Processing is necessary to take steps at your request with a view to perform the contract you have with us as well as to perform the contract you have with our recognized partner(s).

Recipients of data

– IT service providers

– Relevant partner company

Gift Cards

We provide the opportunity to purchase physical or e-gift cards

1. Purchasing a gift card

When you purchase a gift card at one of our hotels or online, we process your and, if applicable, the gift card recipient’s Personal Data for the purposes of managing and successfully completing your purchase of the gift card. If you are purchasing the gift card for another person, we will process additional Personal Data for the purpose of delivering the gift card to the recipient by email or by post.

Processed data categories

– First name / Last name, Payment card type, number and expiration date
– If a gift card is purchased online, in addition to the above, we will process your Address, Connection logs, Email address, and IP address
– If you purchase the gift card for someone else and depending on the mode of delivery, we will also process the Address of the recipient, Email address of the recipient, First name / Last name of the recipient, Telephone number of the recipient.

Source of data

Directly from you when purchasing the gift card at the hotel or online

Ground for processing

Processing is necessary to take steps at your request with a view to enter into and perform a contract.

Recipients of data

– IT service providers
– Gift card platform provider
– Gift card manufacturer
– Payment service provider

2. Registering your gift card

As a recipient of one of our gift cards, you may choose to register your gift card online in order to protect the remaining value on the card in case it is lost or stolen. Should you decide to register your gift card, we will process your Personal Data for the purpose of processing such registration.

Processed data categories

Address, Date of birth, Email address, First name / Last name, Telephone number, Title

Source of data

Directly from you during the online registration of the gift card

Ground for processing

Ad hoc consent obtained during the registration of the gift card

Recipients of data

– IT service providers

– Gift card platform provider

Subscription to Our Newsletters

1. Newsletters and marketing communications

If you have explicitly consented to receive our newsletters or marketing communications, including in relation to ESTonishing Stay Loyalty Program, we may, from time to time, contact you with information about our services and latest offers and process your Personal Data for this purpose.

If you no longer want to receive our newsletters or marketing communications, please let us know by sending us an email at stay@estonishingstay.ee. You can also unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails sent to you.

Processed data categories

– Address, Date of birth, Email address, First name / Last name, Gender, Hobbies and interests, Telephone number, Hotel stay history, Country of residence

Source of data
– Directly from you when subscribing to our newsletter or later when completing your account

Ground for processing
– Ad hoc consent obtained during the subscription to our newsletter

Recipients of data

– IT service providers

– Email communications service provider

Newsletters and marketing communications analytics

In the context of our newsletters and marketing communications, we may also process and collect your Personal Data, and notably whether you have opened and interacted with one of our communications, for analytical purposes in order to measure the click-through rate and improve the content of our newsletters and marketing communications.

Processed data categories

– Email address, Email clicking behavior, Email opening behavior, First name / Last name,

Source of Data
– From our email analytics service provider

Grounds for Processing

– It is in ESTonishing Stay Apartments legitimate interest as a business to understand the click-through rate of its emails in order to determine whether improvements are needed. In this context.

Recipients of Data

– IT service providers

– Email analytics service provider

Website Forms

Should you have a particular query or feedback, including the exercise of one of your rights under the GDPR, you may contact us through the contact forms available on our website(s). In such context, we may process your Personal Data for the purposes of handling and providing an answer to your query or request or to follow up on your feedback. We also provide other forms on our websites which may assist you in requesting a particular service from us, such as the best online rate guarantee form.

The information below describes the types of data we process for these purposes, where we get your data from, the ground we rely on to carry out the processing, and who we may share your data with.

Processed data categories

– Address, Email address, First name / Last name,, Stay details, Telephone number, and any other data you may decide to share with us in open comment boxes.

Source of data
– Directly from you through the form

Ground for processing
– Ad hoc consent obtained through the contact form

Recipients of data
– IT service providers

Analytics

We may use any data you provide to us for analytical purposes to optimize your experience, enhance our marketing, business and operational efficiency, create segments of our customers based on their Personal Data and tailor our offers and promotions to your preferences and consumption habits. In the context of such analytics, we analyze and may combine different data we hold about our guests, including responses to guest satisfaction surveys; communications guests have with us; click-through rates for our marketing communications; our guests’ behavior on our website; bookings; and any information we receive via our ESTonishing Stay Loyalty program.

Processed data categories

– Apartment stay details, Address, Bookings (apartment, restaurant, event, theatre, etc.), Date of arrival and departure, Title, First name / Last name, First name / Last name of adult co-guest(s), Email address, Telephone number, Payment card type, number and expiration date, redemption history

Source of Data

– Directly from you when signing up to ESTonishing Stay Loyalty program.
 – Directly from you through the online booking form
– Through the online booking channel you used to make the booking
– From our call center
– From our email analytics provider
– Directly from you when making your additional service/facility request with the superhost.

Ground for processing

– It is in ESTonishing Stay Loyalty program legitimate interest as a business to understand its guests’ preferences and consumption habits.

Recipients of data

– IT service providers
– Analytics service provider
– Providers of targeted advertisements

Social Media and Online Reviews

We may process your Personal Data obtained through social media platforms (including Facebook, Instagram, LinkedIn, Weibo and Twitter) or online reviews (including on TripAdvisor) concerning our ESTonishing Stay Apartments for the purposes of addressing your questions or complaints; monitoring our online reputation; and (iii) improving our services and identifying opportunities on which we can focus.

Some of our social media pages allow users to submit their own content. Please remember that any content submitted to one of our social media pages can be viewed by the public, and you should be cautious about providing certain personal information (e.g., financial information or address details) via these platforms. We are not responsible for any actions taken by other individuals if you post personal information on one of our social media platforms (e.g., Facebook or Instagram). Please also refer to the respective privacy and cookie policies of the social media platforms you are using.

Processed data categories

– Any Personal Data you may decide to share with us or published on social media or in other online reviews about us.

Source of Data

– Directly from you through publicly accessible social media pages, online booking channels or other (review) websites
– From our online reputation monitoring service provider

Ground for processing

– It is in ESTonishing Stay legitimate interest as a business to process the Personal Data you have chosen to address to us or make publicly available on social media platforms, online booking channels or other (review) websites in order to improve our services and identify business opportunities.

Recipients of data

– Online reputation monitoring service provider

Social media contests

From time to time, we may organize a contest on one of our social media pages. If you choose to participate in such contest, we will process your Personal Data for the purpose of organizing and managing the social media contest and picking the winner(s).

Processed data categories

– This depends on the data fields in the contest concerned, but almost always includes the following categories of data:
Address, Email address, First name / Last name, Telephone number

Source of Data
– Directly from you through our social media pages

Ground for processing
– Processing is necessary to take steps to enter into and perform a contract as you accept the terms and conditions of the contest.

Recipients of data
– IT service provider

Your Rights – Under EU Privacy Law

If you are in the EU, EU Privacy Law grants specific rights, summarized below, which you can in principle exercise free of charge, subject to statutory exceptions. These rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. To exercise any of your rights, you can file a request via email at stay@estonishingstay.ee.

Should you have unresolved concerns, you have the right to lodge a complaint with a Supervisory Authority where you live or where you believe a breach may have occurred. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Supervisory Authority.

1. Right to withdraw consent

Wherever we rely on your consent, you will be able to withdraw that consent at any time you choose and at your own initiative by logging in to your account on our website (if you have one) or by contacting us at stay@estonishingstay.ee . The withdrawal of your consent will not affect the lawfulness of the collection and processing of your data based on your consent up until the moment where you withdraw your consent. Please note that we may have other legal grounds for processing your data for other purposes, such as those set out in this Privacy Policy.

2. Right to access and rectify your data

You have the right to access, review, and rectify your Personal Data. You may be entitled to ask us for a copy of your information, to review or correct it if you wish to rectify any information like your name, email address, passwords and/or any other preferences, you can easily do so by logging in to your account on our website (if you have one) or by contacting us at stay@estonishingstay.ee. You may also request a copy of the Personal Data processed as described in this Privacy Policy.

3. Right to erasure

In accordance with EU Privacy Law, you have the right to erasure of your Personal Data processed by us as described in this Privacy Policy in case it is no longer needed for the purposes for which the Personal Data was initially collected or processed or in the event you have withdrawn your consent or objected to processing as described in this Privacy Policy and no other legal ground for processing applies. Should you wish to have your Personal Data erased, please file a request via email at stay@estonishingstay.ee .

4. Right to restriction of processing

Under certain circumstances described in EU Privacy Law, you may ask us to restrict the processing of your Personal Data. This is for example the case when you contest the accuracy of your Personal Data. In such event, we will restrict the processing until we can verify the accuracy of your data.

5. Right to object to processing

Under certain circumstances described in EU Privacy Law, you may object to the processing of your Personal Data, including where your Personal Data is processed for direct marketing purposes.

6. Right to data portability

Where you have provided your data directly to us and where the processing is carried out by automated means and based on your consent or the performance of a contract between you and us, you have the right to receive the Personal Data processed about you in a structured, commonly used and machine-readable format, and to transmit this data to another service provider.

Your Rights – Non-EU Users

Depending on where you are located you will have different rights in respect of your Personal Data and we will comply with the relevant requirements of applicable laws and this Privacy Policy.

California Privacy Rights

If you reside in California, you have the right to ask us one time each year if we have shared Personal Data with third parties for their direct marketing purposes. To make a request, please send us an email at stay@estonishingstay.ee or write to us at the address listed below. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry. In addition, you have the rights set forth in our California Privacy Policy.

Nevada Residents

Notice to Nevada Residents: we do not sell your information as defined by Nevada law.

Russian Citizens

In accordance with Russian Federal Law “On Personal Data” No. 152-FZ we collect, record, systematize, accumulate, store, update (renew and modify), and extract Personal Data about Russian citizens using databases located in the territory of the Russian Federation. If you indicate that you are a Russian citizen of the Russian Federation, we will process your Personal Data in compliance with this requirement and your profile will be maintained on databases in the Russian Federation. If you do not indicate that you are a citizen of the Russian Federation, we are not able to process and maintain your Personal Data under these requirements and will not be liable for that. You are solely responsible for indicating the country of your citizenship. Information containing Personal Data of Russian citizens may be transmitted from the Russian Federation to countries that ensure an adequate level of protection for Personal Data, including member states of the European Union and other countries which Russian law recognizes as ensuring adequate to protection, and also to other countries that may not ensure adequate level of protection for Personal Data. By submitting information to us on our sites and apps, submitting forms to us, or registering on our sites, programs and apps, or making reservations, you grant us consent to process your Personal Data.

Security Measures

Appropriate technical and organizational measures are implemented in order to ensure an appropriate level of security of your Personal Data, including but not limited to encryption techniques, physical and IT system access controls, obligations of confidentiality, etc.

In the event Personal Data is compromised as a result of a Personal Data Breach we will make the necessary notifications, as required under applicable laws.

How Is Your Personal Data Shared with Third Parties?

We only share or disclose information as described herein, including with Third Parties.

Your Personal Data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the Controller(s) legitimate interests in compliance with applicable laws. In addition, we may share your Personal Data and other information with a successor to all or part of our business, where this is in our legitimate interests in facilitating a business sale and in this context our business interests prevail over yours. For example, if parts of our business or assets are sold, we may disclose user information as part of that transaction, subject to applicable law.

How Long Will We Keep Your Personal Data?

We retain your Personal Data for as long as is required to fulfil the activities set out in this Privacy Policy, for as long as otherwise communicated to you or for as long as is permitted by applicable law. For example, we may retain your Personal Data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation, or as otherwise needed to enforce this Privacy Policy and prevent fraud and abuse.

To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

What Happens If We Make Modifications to This Policy?

We reserve the right to modify and update this Privacy Policy from time to time. We will bring these changes to your attention should they be indicative of a fundamental change to the processing or be relevant to the nature of the processing or be relevant to you and impact your data protection rights.