We are delighted that you have shown interest in Bestay Platform (hereafter “Bestay Platform” and/or “Bestay” and/or “We”), which is Bestay PTE. LTD. (the Company). Data protection is of a particularly high priority for us. We use 256-bit SSL encryption (the same encryption used for online banking) to protect sensitive information online. We also have security procedures in place to protect our servers and networks that store personal information.
The use of our Website (https://bestay.io, hereafter the “Website”) is possible without any indication of personal data; however, if you want to use services via our Website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as self-portraits, the name, address or telephone number of a data subject shall always be in line with the EU General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Company. By means of this data protection declaration, our Company would like to inform the general public of the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this Website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, for example by telephone.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. By visiting https://bestay.io/ (Our website) you are accepting and consenting to the practices described in this policy.
1. Name and Address of the controller
Controller for the purposes of the GDPR, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Bestay PTE. LTD.
15 Changi Business Park Central 1, Singapore 486057
3. Collection of general data and information
The Website collects a series of general data and information when a data subject or automated system calls up the Website. This general data and information are stored in the server log files. When using these general data and information, we do not draw any conclusions about the data subject. Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of Bestay Platform, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. Registration on our Website
You have the possibility to register on the Website with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes. The controller may request transfer to one or more processors that also uses personal data for an internal purpose which is attributable to the controller. By registering on the Website, the IP address, date, and time of the registration are also stored. The storage of this data is necessary to secure the Company as controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution. The Company provides information upon request to you as to what personal data are stored about you. Also, we correct or erase personal data at the request or indication of you, insofar as there are no statutory storage obligations. The Data Protection Officer is available to you in this respect as contact person.
5. Contact possibility via the website
The Website contains information that enables a quick electronic contact to Bestay Platform, as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts us by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
6. Subscription to our newsletter
On the Website, users are given the opportunity to subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller. The Company informs its customers and business partners regularly by means of a newsletter about enterprise offers. The Company’s newsletter may only be received by you if (1) you have a valid e-mail address and (2) you register for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by you for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter. During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller. The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by you at any time. The consent to the storage of personal data, which you have given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter.
7. Routine erasure and blocking of personal data
We will process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which Bestay Platform is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
8. Rights of the data subject
Each data subject shall have the following rights granted by the European legislator in the GDPR:
- Right of confirmation
- Right of access
- Right to rectification
- Right to erasure (Right to be forgotten)
- Right to data portability
- Right of restriction of processing
- Right to object
- Automated individual decision-making, including profiling
- Right to withdraw data protection consent
If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may at any time directly contact our Data Protection Officer.
9. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our Company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
10. Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
11. Provision of personal data as statutory or contractual requirement
We clarify that the provision of personal data is partly required by law (for example tax regulations) or can also result from contractual provisions (for example information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when we sign a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
12. Existence of automated decision-making
We may analyze your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. If you wish to exercise your rights stated in paragraph XI. concerning automated individual decision-making, you may at any time directly contact our Data Protection Officer.
The Site is not intended for use by children, especially those under eighteen years of age. No one under eighteen years of age is allowed to use the Site, provide any personal information or receive our email distributions. If you believe that a minor has disclosed Personally Identifiable Information to Bestay Platform, please report this to us immediately by contacting us through the contact form.
We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy Notice at any time. Any changes or updates will be effective immediately upon posting to our Site. You should review this Privacy Notice regularly for changes and can determine if changes have been made by checking the Effective Date below. Your continued use of our Site following the posting of any changes to this “Privacy Notice” means you accept such changes. Please note If there are any material changes to how we handle personal information, we will send you a notice email and/or place a temporary notice on our website.
15. Effective date
This Privacy Notice was last updated on June 27, 2019.