Privacy policy
This privacy policy describes how thefabstay.com and the fabstay.it collect, use, processes, and disclose your personal information. Some of the programs we facilitate may require users to create an account on The Fab Stay Platform or to make use of an existing account. When you use The Fab Stay Platform as part of our programs, the ways in which your information is collected, used, processed and disclosed is described in The Fab Stay Privacy Policy. From 25 May 2018 onwards, you and your personal data will be protected by the EU General Data Protection Regulation (which is otherwise known as GDPR) and by the art. 13 of the European Regulation 679/2016 of the EU Parliament. The policy complies with the provisions of Legislative Decree 196/2003 and subsequent amendments of the Italian Government, to the Provision of the Data Protection Authority n. 229 of 8 May 2014, and the Directive 2002/58/EC of the European Parliament.
We will only process your personal data as set out in our privacy policy or otherwise notified to or agreed by you or as we are otherwise permitted to do in accordance with data protection laws.
For the purposes of data protection laws, we, The Fab Stay Limited, are a data controller in respect of the personal data you provide us with.
Personal data and information we collect
When we refer to personal data, we mean any information which relates to an identified or identifiable individual. Where we refer to process or processing, we mean anything which we may do with your personal data including collecting, storing, using, disclosing to third parties and erasing it.
We collect personal data from and about you whenever you use our services, or if you are in touch with us in any way, whether this is directly or indirectly. You may, for example, make your booking or booking enquiry through a third party involved in your travel plans such as a local service supplier. We also collect data from publicly available sources which we use to profile clients internally for marketing purposes. When you book on our websites, you and The Fab Stay will share certain information with us including your name, email address, date of birth, phone number, other details of your booking, information in respect of any medical condition, disability or reduced mobility which may affect any person travelling – this comes within special categories of personal data, your group composition; the ages of people in your group, their dates of birth, gender, nationality and passport information, copies of documents such as passport or driver’s licence, your feedback on our service, including from third parties. It may include CCTV footage used to keep properties secure. Also, we collect personal information such as when you fill in a form, add information to your account, respond to surveys, post to community forums, participate in promotions, communicate with our customer care team and other Members, or share your experience with us. This may include health information if you choose to share it with us.
For an enquiry or a booking, the personal data we will need to process is likely to include the name and contact details of the person making the enquiry and include the Payment Transaction Information, such as payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, PayPal email address, IBAN information, your address, and other related transaction details. For a booking or booking enquiry, we will process your personal data (other than any data which comes within special categories of personal data) on the basis that this is necessary for the performance of your contract with us or to enable us to take steps at your request prior to your entering into a contract with us. We may also need to do so to comply with a legal obligation to which we are subject or in order to protect your vital interests (for example, in an emergency situation).
Special categories of personal data
Personal data which concerns your health or which reveals your racial or ethnic origin or your sexual orientation are special categories of personal data. Other information also comes within special categories but this is unlikely to be relevant to the booking and provision of travel arrangements.
Generally speaking, the processing of special categories of personal data requires your explicit consent.
Accordingly, information concerning any disability, medical condition, restricted mobility or other health-related issues which may affect your travel arrangements (and related requirements) as well as dietary restrictions which disclose your religious beliefs or a health issue are special categories of personal data. We will ask for your consent to our processing this information at the time you make your booking or your booking enquiry.
To who we may provide your personal data
Where you make a booking, appropriate personal data will be passed on to the relevant suppliers of your chosen arrangements (such as the owners of the accommodation, caretakers, experience providers, or any others service providers requested) together with any other third party (such as banks and/or credit card companies) who need this information. The information may also be provided to government / public authorities such as customs or immigration if required by them, or as required by law. Certain information may also be passed on to security or credit checking companies.
We may also make personal data available to other companies who provide services on our behalf, such as mailing brochures and marketing material.
Accordingly, information concerning any disability, medical condition, restricted mobility or other health-related issues which may affect your travel arrangements (and related requirements) as well as dietary restrictions which disclose your religious beliefs or a health issue are special categories of personal data. We will ask for your consent to our processing this information at the time you make your booking or your booking enquiry.
We only provide third parties with the personal data they require in order to deliver their services. Other than in relation to government / public authorities (over whom we have no control), we will take appropriate steps which are intended to ensure that anyone to whom we pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services and does not collect any personal data from you in the course performing their services.
Where we will process your personal data
Your personal data may be processed within Italy and/or any other country(ies) of the European Economic Area (EEA). EEA countries are all member states of the European Union together with Norway, Iceland and Liechtenstein.
We may also process personal data outside the EEA. Data protection laws may not be as strong outside the EEA as they are in the EEA. Personal data will not be transferred to a country outside the EEA unless (1) the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection or (2) the personal data is transferred to a company which is required by our contract with them only to deal with the data in accordance with our instructions and to maintain appropriate security to protect the personal data which we are satisfied they have or (3) we are obliged to provide the personal data to a government / public authority.
How we protect your personal data
We take appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, which is appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.
How we use your personal data
We will only retain and use your personal data for marketing purposes where you have specifically consented to our doing so or, in relation to e-mail marketing, where we comply with the Privacy and Electronic Communications Regulations 2003 (PECR). PECR permits us to send you e-mail marketing where you have previously provided us with your e-mail address in the course of entering into a contract with us for the organisation of the service requested or negotiations for such arrangements and we wish to e-mail you marketing material about our similar services or products. You will, of course, be given the opportunity to opt-out of receiving such e-mail marketing communications when you first provide us with your e-mail address and whenever we send you any e-mail marketing.
You may provide your consent by opting to receive marketing material either online or by telephone. You may also choose in what ways you are happy to receive communications from us. You may, for example, be happy to receive information and offers by post and e-mail but not by telephone. You can withdraw your consent to receiving marketing material or other communications from us, either generally or in any particular way, at any time by emailing us at marketing@thefabstay.com. You are entitled to ask us (by letter or email) what personal data of yours is being held or processed, for what purpose and to whom it may be or has been disclosed. We respond to your request without delay and in any event within 1 month unless the request is complex or you have made numerous requests in which case we may be able to extend our response time by a further 2 months.
We will not process your personal data in a form which enables you to be personally identified for any longer than is necessary in order to fulfil the purpose for which it was originally collected or for any other legitimate business purpose. Where your personal data has been provided for the purpose of your booking requested arrangements or other services you have contracted, we are entitled to retain this data for a period of at 6 years after those arrangements have been completed. In certain limited circumstances, we may be able to retain it for a longer period. If you have consented to receive marketing communications from us, we may continue to use your personal data for this purpose until you withdraw your consent or otherwise for as long as we reasonably consider your consent remains valid and effective.
You can ask us to erase your personal data in certain circumstances, for example where you have withdrawn your consent to further marketing material where the data in question has only been processed for this purpose.
We may need to make changes to this privacy policy. These may be required as a result of changes in data protection laws or in the guidance issued by regulators such as the Data Protection Authority or where we make changes to our procedures.
If you have any complaint about the way in which your personal data has been dealt with, please let us know by email to marketing@thefabstay.com. We will investigate and respond to you as soon as we reasonably can.