YAYS Privacy Policy.

YAYS is managed by YAYS Operations B.V. (“YAYS”, “we”, “us”, “our”). This privacy notice explains how we use any personal data we collect about you when you use this website or stay at our hotels and serviced apartments, herein referred to as “aparthotels”.

Topics covered in this notice:

What information do we collect about you
How will we use the information about you and legal bases to do so
When and how we share information with others
Transfers outside the European Economic Area
Keeping your information
How we secure your information
Marketing
Cookies
Your rights
Changes to our privacy policy
How to contact us

What information do we collect about you

At various times, we will ask you, as a YAYS guest, for information about you and/or members of your family, such as:

Contact details (for example, last name, first name, telephone number, email);
Personal information (for example, date of birth, nationality);
Information relating to your children (for example, first name, date of birth, age);
Your credit card number (for transaction and reservation purposes);
Your membership number to your Reward Club affiliations;
Your arrival and departure dates;
Your preferences and interests (for example, preferred location and/or apartment, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests);
Your questions/comments, during or following a stay in one of our aparthotels; and/or
Information we automatically collect when you visit our website (e.g., IP address and other unique identifiers for the computer, your user behaviour), such in accordance with our privacy and cookie notice.

The information collected in relation to persons under 18 years of age is limited to their name, nationality, and date of birth, which can only be supplied to us by an adult.

How will we use the information about you and legal bases to do so

We use your information in a number of different ways for different purposes, primarily to fulfil a contract and also provide excellent service to our guests — what we do depends on the information. The tables below set this out in detail, showing what we use the information we collect for.

We only process your personal data when we have a legal basis to do so. This depends on the purpose of the processing; we use the following lawful basis to process your data:

Contractual

To allow us to fulfil our contract with you. We need to collect and process your personal data to supply and administer for services. Objecting to providing this information may mean we will be unable to provide services to you.

Compliance

We will sometimes need your personal data to comply with existing legal or regulatory requirements.

Legitimate Interests

We may process your personal data for our legitimate (business or legal) interest to provide the services you requested, customise such services, guarantee the best customer experience, manage bookings or to allow us to manage and protect our business interests and supply.

Consent

We may request your consent to process your personal data, you will always be able to withdraw this consent. If you withdraw your consent, we will stop any processing your personal data.

What we use it for	Legal basis
To manage the reservation of rooms and accommodation requests and other aparthotels services; to manage your stay at the aparthotels, room lists, restaurant bookings, special requests, and services; to monitor your use of aparthotels services; to manage invoicing and payment records	To perform our contract with you To comply with legal obligations For our legitimate interest in providing you aparthotels stays and services at your request, to manage the use of our services, etc.
To improve aparthotels services, to input to our marketing programme, to assist promotion of our services, and adapting our products	For our legitimate interest in assessing, improving and adapting and to promote our services and products With your consent
Limited to name, nationality and date of birth supplied by legal representative, used to manage stay	To perform our contract with you To comply with legal obligations
To guarantee bookings and to take payment	To perform our contract with you For our legitimate interest in providing the requested booking
To record use of services and supply rewards	For our legitimate interest in monitoring the use of our services and providing rewards to guests
To manage your aparthotels booking	To perform our contract with you For our legitimate interest in guaranteeing the bookings are correctly managed
To enhance guests’ stay at our aparthotels and to customise and improve the services we offer	For our legitimate interest in providing the adequate and customised services
To manage the provision of services at our properties that you may wish to connect to, such as: Wi-Fi, room TVs	For our legitimate interest in providing the services you request
To collect feedback to improve our services and monitor customer experience	For our legitimate interest in monitoring and improving the customer experience
To record use of our website and understand user behavior	For our legitimate interest in reviewing user behavior and improving our websites

When and how we share your information with others

We may share your information with other third parties (such as data processors engaged by us) for the purposes described below. We will only disclose your personal data to those with a legitimate business need and after we have taken steps to ensure that your personal data is processed in a manner consistent with this privacy notice. We require a written data protection agreement with third parties and ensure they respect the security of your data and treat it in accordance with the law. Examples of third parties would include the following:

Our affiliated entities and group companies: For the purpose of providing you with the services about our affiliates or subsidiaries we may disclose personal data that you provide to them.
Our service providers: Your personal data may be disclosed to our service providers who perform services on our behalf. Our service providers are subject to contractual obligations to safeguard your personal data and to only process the personal data as instructed. These include, for instance, payment partners and property management system providers.
Other third parties when necessary pursuant to regulatory obligations: We may disclose your personal data with third parties to comply with court orders or other legal obligations (such as with other organizations for fraud prevention and detection).

The above list is not exhaustive and may be subject to change.

We do not sell personal data to anyone and only share it with third parties when this is necessary.

Transfers outside the European Economic Area

The Personal Data transferred may also be processed in a country outside the European Economic Area (the “EEA”), which covers the EU Member States, Iceland, Liechtenstein and Norway. Non-EEA countries may not offer the same level of Personal Data protection as EEA countries.

If your personal data is transferred outside the EEA, we will put suitable safeguards in place to ensure that such transfers are carried out in compliance with the applicable data protection rules. These include, for instance, relying on adequacy decisions or standard contractual clauses issued by the European Commission together with binding and enforceable commitments by the recipient.

Keeping Your Information

We will not retain your personal data longer than necessary in relation to the purposes for which the data are processed. We’ll hold on to your information for as long as you have a booking with us, and for as long as is necessary to provide support-related reporting.

We may also hold on to your information for longer if reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions. We may also keep hold of some of your information as required, even if it is no longer needed to provide the services to you.

How we secure your information

To allow us to fulfil our contract with you. We need to collect and process your personal information to supply and administer services. Objecting to providing this information may mean we will be unable to provide services to you.

YAYS takes data security seriously, and we use appropriate technologies and procedures to protect personal data. Our information security policies and procedures are aligned with widely accepted international standards, and we apply the controls detailed in the Payment Card Industry Data Security Standard to all environments storing personal data. These standards are applied and are reviewed regularly and updated as necessary to meet our business needs, changes in technology and regulatory requirements.

For example:

Policies and procedures:

We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data;
We have a Business Continuity and Disaster Recovery strategy that is designed to safeguard the continuity of our service to our clients and to protect our people and assets;
We place appropriate restrictions on access to personal data;
We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely; and
We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies.

Training for employees and contractors:

We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal data and other sensitive data; and
We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions.

Vendor risk management:

We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal data with which they are entrusted in accordance with our security policies and procedures.

Marketing

We would like to send you information about products and services of ours and other companies in our group which may be of interest to you. If you have consented to receive marketing messages, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes or from giving your information to other affiliates of YAYS Operations B.V. by withdrawing your consent. You can do so by clicking here.

Cookies

We use cookies when you visit our site. Here’s how and why we use them.

YAYS uses functional, analytical and tracking cookies. A cookie is a small data file that can be placed on your device (computer, tablet or smartphone) when you visit certain internet sites. YAYS uses cookies with a purely technical functionality. These make sure that the website is working properly and that, for example, your preferred settings are remembered. These cookies are also used to properly update the website, let it work and optimize it. In addition, we place cookies that keep track of your surfing behaviour so that we can create customized content and offer advertisements. On your first visit to our website, we have already informed you about these cookies and we have your permission asked for its placement. You can opt out of cookies by setting your internet browser so that it does not store cookies anymore. In addition, you can also delete all information previously saved via your browser settings.

Third-party cookies

Additional third-party cookies are placed when you use the services. These are for example to track how long you stay on our website and which region you come from. These services use cookies to help us analyse how you use the Websites:

Google Analytics
Google Tag Manager
Facebook Pixel
Hotjar

Your Rights

You have rights relating to your personal data:

The right to be informed about how your personal data is being used (like this notice!);
The right to request access the personal data we hold about you;
The right to request the correction of inaccurate personal data we hold about you;
The right to request that we delete your data, or stop processing it or collecting it, in some circumstances;
The right to stop direct marketing messages, and to withdraw consent for other consent-based processing at any time (see also under ‘Marketing’ below);
The right to request that we transfer or port elements of your data either to you or another service provider.

If you want to exercise your rights, have a complaint, or just have questions, please contact us, details in the ‘contact us’ section.

You can also lodge a complaint with the local data protection regulator.

Changes to our privacy notice

We may change this page from time to time, to reflect how we are processing your data. If we make significant changes, we will make that clear on our website, or by some other means of contact such as email, so that you are able to review the changes before you continue to use our services.

How to contact us

If you:

Have any questions or feedback about this notice;
Would like us to stop using your information; and/or
Want to exercise any of your rights as set out above or have a complaint.

You can contact our privacy team by emailing us at: gdpr@yays.com

Or if you’d like, you can write to us at:

YAYS Data Protection Officer

YAYS Group
Herengracht 451
1017BS Amsterdam
The Netherlands