Day Dream Hub.com LLC Privacy Statement
Effective Date: [June 2, 2024]
Introduction
This Privacy Statement applies to Day Dream Hub.com LLC (hereinafter referred to as “we” or “our”). Our registered office is located at Georgia, Tbilisi, Nadzaladevi district, Kursebi St., N 15.
This Statement explains the information we collect, use, disclose, and protect when the Guest visits our website https://daydreamhub.com/ and uses our services.
If you have any questions or concerns about this policy or our practices, please contact our Data Protection Officer (DPO) at customer@daydreamhub.com.
1. Data Collection
1.1 Information Provided by You:
- Contact Information: We collect your name, email address, phone number, language preference, and credit card information necessary for reservations when the Guest makes a booking via form submission.
- Communications: We collect and process communications with the Guest via email or telephone.
- Travel Information: We collect travel itinerary information from the Guest as needed.
- Reference Information: We may collect reference information and background check data from third parties with the Guest’s consent. This includes credit checks and past travel history.
- Financial Information: We collect bank information and account numbers from the Guest for payment processing. Additionally, bank information or account numbers may be provided for cashback campaigns.
1.2 Information Collected Automatically:
- Technical Data: When the Guest visits our site, we automatically collect data such as IP address, browser type, device settings, operating system, and browsing history through cookies and server logs. This data is used to enhance site performance, improve security, and optimize the user experience.
- Usage Data: We collect information on how the Guest uses our site, including pages visited, time spent on the site, and navigation patterns. This data is used for site functionality improvements and marketing analysis. This data is retained for two years and then deleted.
2. Purpose of Information Use
We use the collected information for the following purposes:
- Service Provision and Management: Managing applications, processing reservations, and providing services.
- Communication: Responding to inquiries, providing customer support, and sending marketing communications.
- Payment and Financial Management: Processing payments and refunds.
- Verification and Background Checks: Verifying information and conducting due diligence.
- Impact Measurement: Measuring program impact and creating reports.
- Marketing and Promotion: Using information for promotional activities and marketing purposes.
- Analysis and Improvement: Analyzing data, conducting research, and improving services.
- Security and Fraud Prevention: Ensuring service security and preventing fraud.
- Legal and Compliance: Complying with legal obligations and handling legal disputes.
3. Legal Basis for Data Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing data is necessary for the performance of a contract with the Guest, such as processing reservations and providing services.
- Legitimate Interests: Processing data for our legitimate business interests, such as service improvement, fraud prevention, and security enhancement. Specific examples include:
- Service Improvement: Analyzing usage data to enhance user experience and develop new features.
- Fraud Prevention: Monitoring and analyzing transaction data to detect and prevent fraudulent activities.
- Security Enhancement: Utilizing access logs and technical data to strengthen system security.
- These processes respect the Guest’s privacy rights and aim to minimize any impact on their interests.
- Legal Obligations: Processing data to comply with legal requirements, such as tax filings or responding to legal claims.
- Consent: Obtaining the Guest’s consent before processing personal data for direct marketing purposes where required by law. Consent is obtained through methods such as checkboxes on our website or email confirmations.
4. Data Sharing
We may share information with the following parties:
- Affiliates: Sharing data with affiliates or subsidiaries to support programs and services. For example, to assist with customer support or marketing campaigns. Shared data includes contact information and usage data.
- Third-Party Service Providers: Sharing data with service providers that support our business operations, such as payment processors, IT service providers, and marketing agencies. Shared data includes contact information, payment information, and usage data.
- Government Agencies: Disclosing data to comply with legal obligations or legitimate requests from authorities, such as responding to legal claims or investigations.
- Business Transfers: Transferring data in the event of a merger, acquisition, or sale of assets, which may include transferring the entire customer database.
- Aggregated Data: Sharing aggregated data that does not identify individuals, for purposes such as industry analysis and demographic profiling. This data is used for marketing strategy development and service improvement.
5. International Data Transfers
Your data may be transferred and processed in countries other than your residence country, including the United States and some European Union countries. We take appropriate measures to ensure the protection of your data in compliance with applicable data protection laws. This includes adopting standard contractual clauses (SCCs) and international data transfer certification frameworks. Our service providers are also required to adhere to similar data protection standards.
6. Security Measures
We implement reasonable security measures to protect your data from unauthorized access and misuse. Specific measures include:
- Data Encryption: Your data is encrypted during transfer and storage using TLS (Transport Layer Security) protocols for communication encryption and AES (Advanced Encryption Standard) for database encryption.
- Access Control: Data access is managed based on strict access control policies, with authorized employees only having access to necessary data for job-related purposes. Access logs are regularly audited to ensure no unauthorized access.
- Network Security: We use firewalls and intrusion detection systems (IDS) to enhance network security. Regular security assessments and vulnerability tests are conducted to ensure system safety.
7. Data Retention
We retain your data for the period necessary to fulfill the purposes for which it was collected. Specific retention periods are based on the nature of the data and processing purpose, including:
- Reservation Information: Retained for five years post-completion for contract fulfillment and legal obligations.
- Communication Data: Email and telephone communication records retained for five years for support purposes.
- Financial Information: Retained for seven years as required by law for payment and accounting processes.
- Marketing Data: Retained until consent is withdrawn or for two years post-last use for marketing purposes.
8. Your Rights
You have the following rights regarding your data:
- Right of Access: Request a copy of the data we hold about you. Requests are handled via email and typically responded to within 30 days.
- Right to Rectification: Request correction of inaccurate or incomplete data. Requests are handled via email and typically responded to within 30 days.
- Right to Erasure: Request data deletion under certain conditions. Requests are handled via email and typically responded to within 30 days.
- Right to Restrict Processing: Request restriction of data processing. Requests are handled via email and typically responded to within 30 days.
- Right to Object: Object to data processing for specific purposes. Requests are handled via email and typically responded to within 30 days.
- Right to Data Portability: Request transfer of data to another organization. Requests are handled via email and typically responded to within 30 days.
To exercise these rights, please contact us at customer@daydreamhub.com. Responses are typically provided within 30 days, though complex requests may take longer, in which case the reason for the delay will be explained.
9. Changes to the Privacy Statement
We may update this Privacy Statement as necessary. When significant changes are made, we will notify you via announcements on our website and through email notifications. We recommend reviewing this Statement periodically to stay informed about our data protection practices.
10. Contact Us
If you have any questions or concerns about this Privacy Statement or our data handling practices, please contact us at:
Day Dream Hub.com LLC
Georgia, Tbilisi, Nadzaladevi district, Kursebi St., N 15
customer@daydreamhub.com