Legal documents
This privacy notice explains how Webonweb B.V (the corporation behind TwikPMS), process personal data in as per the General Data Protection Regulation (GDPR) and other relevant data protection and privacy laws applicable.
We deeply value the privacy and security of our users' information. Our dedication to safeguarding personal data is unwavering, driven by a commitment to uphold the highest standards of data protection. We are fully compliant with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR), ensuring that your personal information is handled with the utmost care and respect.
We employ advanced security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Our team continuously monitors and updates our security practices to address emerging threats and vulnerabilities. Moreover, we believe in transparency and are committed to keeping you fully informed about how your data is used, shared, and protected.
Your trust is fundamental to our mission. We pledge to maintain the confidentiality of your personal information and to use it solely for the purposes outlined in our Privacy Policy.
We are committed to ensuring that your rights are respected and facilitated without undue delay.
We usually handle personal data related to potential or current clients, visitors to our website, and those we engage with for vendor and partnership collaborations.
We may process personal data when you:
Providing personal data is optional, but without it, we're unable to offer our services to you.
We do not engage in renting, purchasing, or selling personal data to or from third parties, nor do we employ automated decision-making or profiling with your personal data. Additionally, we do not process any sensitive data categories as outlined in GDPR Article 9.
We process your personal data with clear purposes in mind, grounded on legitimate legal bases, and only for as long as necessary. Here’s how these elements are defined:
We will hold onto your data strictly for the period mandated by relevant legal requirements, including those related to accounting, tax, labor laws, or any other applicable regulations.
This section highlights the specific instances and methods through which we handle your personal data, including our purposes for processing, the legal basis for such actions, and the duration for which we retain your data.
Regardless of your status (potential or existing customer, vendor, or other), we process your personal data whenever you get in touch with us via email, phone calls, text messages, or social media. The types of data processed might include your name, contact information, IP address, and any additional details you provide. To manage this data, especially for potential and existing customers, we utilize a customer support system.
The goal is to effectively address your queries and, in certain instances, maintain records for handling complaints or legal claims. Our legal ground for this processing is based on our legitimate interest in responding to your inquiries and potentially keeping records for handling complaints or legal claims.
We occasionally send surveys to collect feedback, entirely voluntary. Personal data processed includes your name, contact details, and other voluntary information. Anonymous surveys do not involve personal data processing.
The goal is to improve our products and services, with consent as the legal basis. Data from surveys is assessed during GDPR audits and deleted as appropriate, but no later than two years post-response.
Entering an agreement with us as a vendor, partner, or data processor involves processing personal data like your name, contact details, and correspondence to manage our relationship.
Legal bases include contract execution, legal obligations related to business operations, and legitimate interests in effective communication. We retain this data for the duration of our business relationship and up to 6 years afterward for legal purposes.
Your IP address and user agent are processed when using our website. Post-DDoS attack, we maintain partial access logs for security with tracking specific page views.
The purposes are to safeguard against cyberattacks and optimize our website, based on legitimate interests in business protection and efficiency.
To ensure the smooth operation and security of our services, it's sometimes necessary for us to share your personal information with trusted third parties, including:
We insist that all such parties adhere to stringent data protection standards, aligning with the safeguards detailed in this Privacy Notice. Our approach includes rigorous vetting of vendors and data processors, and we establish formal data processing agreements/addendums to ensure compliance and protection of your data.
Our data processors are engaged for specific tasks, such as:
In the operation of our business at TwikPMS.com, there may be occasions when it is necessary to transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA). Such transfers are conducted with the utmost care and in accordance with legal requirements to ensure your data remains protected.
We conduct risk assessments for every data processor we use in our business. In addition, where your personal data is transferred outside the EU/EEA, we conduct an additional risk assessment. We review, in particular, the data processor's technical and organizational security measures, reputation and safeguards for international transfers of personal data.
Our approach to international data transfers is designed to maintain the integrity and security of your personal data, aligning with our overall commitment to privacy and data protection.
Should you have any further concerns or questions, please don't hesitate to reach out to us.
We prioritize information security on par with privacy, committing ourselves to protect your personal data with the utmost diligence. To this end, we employ robust security measures, including the use of strong passwords, data encryption, two-factor authentication, and various other protocols to safeguard our data. These measures are designed to prevent unauthorized access, alteration, deletion, or any form of compromise to the data we hold, including your personal details.
Access to your personal data is strictly limited, permitted only under our direct instructions and solely for necessary reasons, such as essential IT support scenarios.
Moreover, we have established a comprehensive IT security policy outlining our technical and organizational safeguards, along with procedures for managing data breaches. In the event of a personal data breach that results in a risk of accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data, and if this risk is medium to high for those impacted, we commit to notifying the relevant national data authority within 72 hours. Should there be a high risk to the individuals affected, we aim to inform them directly, whenever feasible, to ensure transparency and responsibility in our data handling practices.
As you use twikPMS at your property, we act as a data processor for the guest information that stays at your property. In this scenario, you hold the position of data controller, while we process the data under your direction. We fulfill the obligations outlined in GDPR Article 28, ensuring:
Additionally, we may utilize other (sub)processors without your consent but will keep you informed of any potential changes regarding these (sub)processors, allowing you the opportunity to object to such changes if they do not align with your preferences.
For a comprehensive understanding of the data flow when using twikPMS on your site, we invite you to review the detailed Data Journey which will be made publicly available shortly.
Should you have any inquiries about this Privacy Policy or wish to access your information, please reach out to us through the following means:
We're here to assist with any questions or concerns you may have.
This privacy policy was last updated: 31 March 2024