Privacy Policy
We collect several types of information from and about users of our Website, including:
Identity Data includes first name, last name, username or similar identifier.
Contact Data includes billing address, delivery address, email address, and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, and browser plug-in types and versions.
Data We Collect About You
Webstays is the data controller and is responsible for your data (collectively referred to as "Webstays", "we", "us", or "our" in this policy).
Introduction
Webstays is committed to protecting the privacy and security of your personal information. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our Website www.webstays.com including any other media form, social media channel, mobile Website, or mobile application related or connected to it. It also explains your rights under the General Data Protection Regulation (GDPR) and how the law protects you.
Controller
Obligations of Safeguarding Privacy
Ensuring Lawful, Fair, and Transparent Processing
Lawfulness: Data must be processed lawfully, meaning that there must be a legitimate basis for its processing (e.g., consent, contractual necessity, legal requirements, or legitimate interests).
Transparency: Information about data processing practices must be communicated to users in a clear, understandable way, typically through a privacy policy or data protection notice.
Limiting Purpose, Data Minimization, and Accuracy
Purpose Limitation: Personal data should be collected for specified, explicit, and legitimate purposes and not further processed in an incompatible manner.
Data Minimization: Only the data necessary for the purposes for which it is processed should be collected and maintained.
Accuracy: Reasonable steps must be taken to ensure that personal data is accurate, up-to-date, and kept only for the duration necessary for the purposes for which it is processed.
Securing Personal Data
Data Security: Implement technical and organisational measures to ensure security appropriate to the risk. This could include encryption, anonymisation, and ensuring confidentiality, integrity, availability, and resilience of processing systems.
Breach Notification: There are strict reporting and notification requirements in the event of a data breach. For instance, the relevant supervisory authority must typically be notified within 72 hours unless the breach is unlikely to risk the rights and freedoms of natural persons.
Respecting User Rights
Access to Information: Users have the right to access their personal data and obtain information about how it is processed.
Rectification and Erasure: Users can request correction or completion of their data if it is inaccurate or incomplete. They also have the "right to be forgotten," meaning they may request the deletion of personal data when it is no longer necessary or if processing it is unlawful.
Restriction of Processing and Data Portability: Users can request a restriction on the processing of their personal data and have the right to receive their data in a structured, commonly used, and machine-readable format.
Objection and Automated Decision Making: Users have the right to object to processing their personal data and not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them.
Accountability and Compliance
Documentation: Maintain comprehensive records of all data processing activities.
Data Protection Impact Assessment (DPIA): Conduct DPIAs where processing operations present high risks to individuals' privacy rights.
Data Protection Officer (DPO): If required, a DPO will be appointed, responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
Engagement: Regularly engage with and respond to inquiries from supervisory authorities promptly.
These obligations are foundational to GDPR compliance and are crucial for maintaining the trust and confidence of users.