Information notice on the processing of personal data

This Information Notice ("Notice") is intended to inform you about how BUNGALOW NET collects and processes your personal data that you provide to us, including any data that you give us when, for example, you subscribe to our newsletter or browse our website.

This Notice applies everywhere you find us online. In particular, we are present through the website and its subdomains or affiliated sites (which we will hereinafter collectively refer to as the "Site"), as well as all media profiles/pages associated with this brand, including but not limited to Facebook, Instagram.

The platform is not intended for children under 18, we do not knowingly collect and do not intend to collect data on minors. To this end, we take all reasonable steps to verify that the person providing the data to us is not a child as defined below - the liability for any information provided to us in circumvention of these provisions rests entirely with the person providing the data to us or the guardian in the case of minors.

According to the law, in relation to you we are a personal data controller. As such, we also have a number of obligations, including informing you about what data we process, how we do it, what rights you have and how you can exercise those rights.

Platform type Link

1. Who are we?

Below you will find our identification details:

Name: Bungalow.Net Holidays BV
Head office:  Antwerpsesteenweg 51 1, 2350 Vosselaar, Belgium
Trade register number:  BE0779.678.476
Unique identification code:  0779.678.476

2. Who are you?

According to the law, you, the natural person receiving our services, the representative or contact person of a company or the person in any kind of relationship with our company, are a "data subject", i.e. an identified or identifiable natural person. In order to be fully transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller and you, as the data subject.

3. Third-party links

This Notice does not cover other third-party apps and websites that you may reach by accessing links on our website (including when you go, for example, to our social media community pages such as Facebook, Instagram). At the same time, we are not responsible for any links from our commercial partners including those on social media profiles. When you click on those links, third parties may collect or share data about you. We do not control these third-party sites nor are we responsible for their processing, privacy and security policies. When you leave our site, we encourage you to review the Privacy Policy/Information Notice and the Terms of Use of any site and/or application before providing personal data to them.

4. The data we collect from you

Personal data or personal information means any information about an individual that can help identify that person. This does not include data where identity has been removed (anonymized data).

Depending on the products, services or functionalities that you wish to benefit from and that we have developed, we may need to collect, use, store or transfer certain personal data, which will generally be grouped into the following categories as appropriate:

Category Data included
Identification data first name, last name, company name, company registration number, unique identification code, username or similar identifier, job title, date of birth, gender, language in which you wish to interact with us, country, etc.
Contact data billing address, delivery address, e-mail address, telephone number
Financial data payment or card/bank account information, purchase information
Trading data details of payments to and from you and other details of products and services you have purchased from us
Technical data your Internet Protocol (IP) address, login details, browser type and version, location and time zone settings, browser plug-ins and versions, operating system, operating platform and other technologies on the devices you use to access this site
Profile data username, password, orders placed by you, your interests and preferences, feedback provided, survey responses
Use of data Information about how you use our website, products and services

We also collect, use and share Aggregate Data, such as statistical or demographic data, for any purpose. Aggregate Data may be derived from your Personal Data but is not considered Personal Data for purposes of the law as this information does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific functionality of the Site. However, if we combine or correlate Aggregated Data with your Personal Data in such a way that we can directly or indirectly identify you, we will treat the resulting combined data as Personal Data that will be used as described herein.

We DO NOT collect any Special Categories of Personal Data about you (this includes details of your racial or ethnic origin, political opinions, religious denomination or philosophical beliefs or trade union membership and the processing of genetic data, biometric data to uniquely identify you, health data or data about your sex life or sexual orientation). We also do not collect information about criminal convictions and offences.

5. If you do not provide us with the data

When we ask you to fill in your personal data in order to provide you with access to certain features or services of the site, we will mark some fields as mandatory, as this is information we need in order to provide you with the good/service or to give you access to that feature.

Please note that if you choose not to provide us with this information, you may not be able to complete your user registration or benefit from these services or features. In such a case, we may have to limit your access to a product or service you want from us, but we will notify you at that time if this happens.

For example, if you want to download certain material on the Platform, we will ask you for your e-mail address; if you do not provide us with a valid e-mail address, we will not be able to provide you with that material.

Also, if at the time you send us a request via the contact address or form on the Platform or by any other means indicated and we are unable to verify your identity, we reserve the right not to respond to that request.

6. How do we collect your personal data?

Your personal data generally comes from you through direct interaction, but there will be situations where we obtain data about you indirectly (such as from third parties, other persons, etc.) or using technology.
Thus, we use different methods to collect data about and from you, such as:

a. Direct interaction

You will be able to directly provide us with data about yourself (such as Identification Data, Contact Data and Financial Data) by filling in the fields on the website, email, phone or other method we provide you. This includes the personal data you provide to us when:

  • you want to buy/benefit from one of our goods or services;
  • you make an account with us on our website;
  • request promotional & marketing materials;
  • enter a competition or promotion, fill in a questionnaire, etc.;
  • give feedback etc.

b. Automated technologies or interactions

As you use our site, we may automatically collect: Technical data about the equipment you use, how you browse and various patterns. We will collect this information through the use of cookies, server logs and other similar technologies. Please read our cookie policy for further details.

c. Third parties or publicly available information

We may receive personal data about you from various third parties (or public sources), such as:

  • Technical data from the following third parties;
  • Analytics providers (such as Google Analytics);
  • Advertising networks (such as Optimonk which are in the EU, Facebook Ads and Google Ads);
  • Search information providers (such as Google Search Console);
  • Information providers about your interaction with the Platform (such as Hotjar, which is in the EU).

For example, we will receive personal data about you when:

  • subscribe to the newsletter;
  • send us a private message via social media;
  • send us an e-mail;
  • leave a comment on social media;
  • tag us in posts/photos on social networks;
  • distribute our content etc.

7. How do we use your personal data?

In general, we will use the information we receive about you, either directly or indirectly, for the following purposes:

  • for the purpose of entering into or performing a contract between you and us;
  • to answer your questions and requests;
  • for marketing purposes, but only where we have your prior consent;
  • to provide and improve the services and products we offer;
  • to diagnose or fix technical problems;
  • to defend against cyber-attacks;
  • for creating and/or maintaining accounts;
  • to comply with legislation;
  • to establish or claim a right in court;
  • to verify your identity (e.g. when you return to the site and are already logged in);
  • to personalize your experience on our site;
  • to improve the design and style of the site;
  • to inform you about products, services or promotional offers that may be of interest to you if you have chosen to receive these types of communications;
  • to send you automated messages about your subscription or account registration, for example if you have clicked on a password reset link;
  • to publish and reply to a comment you have sent to us, on the blog, website etc.;
  • to allow you to share content on the site with others using social media (Facebook, Instagram) or email;
  • to administer competitions and inform you if you have entered a promotion;
  • for compiling customer reviews;
  • to deal with any request/complaint/complaint or suggestion you send us;
  • to send you push notifications via our Platform if necessary;
  • to generate surveys to improve the quality of the services we offer you.

In short, we will use the data you provide to us (either directly or indirectly) to:

  • enter into or perform a contract with you;
  • to achieve our (or a third party's) legitimate interest when it is in your best interests and your fundamental rights and freedoms are not affected;
  • comply with a legal or statutory obligation;
  • In general, we do not rely on consent to process your personal data, but when we do, we will expressly ask for it.

8. Access to your personal data by others

In some cases, other third parties will also have access to personal data, such as:

  • Facebook;
  • Instagram;
  • LinkedIn;
  • Online chat platforms etc.

9. International transfers

At this time, we do not transfer and do not intend to transfer your personal data or any part of it to other companies, organizations or individuals in third countries or to international organizations.

If we need to transfer your data to any of the above destinations, we will send you a new information notice beforehand.

The transfer of personal data to a third State may only take place if the State to which the transfer is intended ensures an adequate level of protection.

The transfer of data to a State whose legislation does not provide for a level of protection at least equal to that offered by the General Data Protection Regulation is only possible if there are sufficient guarantees with regard to the protection of the fundamental rights of the data subjects.

These safeguards will be established by us through contracts concluded with the providers/service providers to whom your personal data will be transferred.

Some of our service providers may be located outside the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data outside the EEA, we will ensure that a similar level of protection is in place through one of the following safeguards:

  • We will transfer your personal data to countries where it has been demonstrated by the European Commission to provide an adequate level of security for personal data.
  • When we use certain service providers, we will be able to use certain model contracts provided and approved by the European Commission which offer the same protection to personal data as they do in Europe.
  • When we use US providers, we will be able to transfer the data if they offer similar terms of protection for data shared between the EU and the US.

10. Data security

We understand how important the security of personal data is and we take the necessary measures to protect our customers and others whose data we process from unauthorized access to personal data, as well as from unauthorized modification, disclosure or destruction of the data we process in our day-to-day business.

We have implemented the following technical and organizational personal data security measures:

Dedicated policies. We adopt and constantly review our internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from unauthorized access or other possible security threats. These policies are subject to constant review to ensure that we comply with legal requirements and that systems are functioning properly.

Data minimization. We ensure that the personal data we process is limited to that which is necessary, appropriate and relevant for the purposes stated in this Notice.

Restricting access to data. We try to restrict access to the personal data we process as much as possible to the minimum necessary: employees, collaborators and other persons who need to access this data in order to process it and carry out a service. Our partners and collaborators are subject to strict confidentiality obligations (either by contract or by law).

Specific technical measures. We use technologies to ensure the security of our customers, always striving to implement the most optimal data protection solutions. We also make regular back-ups of data in order to be able to recover it in the event of an incident and have regular audit procedures in place regarding the security of the equipment used. However, no website, no application and no internet connection is completely secure and unreachable.

Ensuring the accuracy of your data. Sometimes we may ask you to confirm the accuracy or currency of your data to ensure that it reflects the truth.

Staff training. We constantly train and test our employees and collaborators on legislation and best practices in the field of personal data processing.

Data anonymization. Where we can, we try as far as possible to anonymize/pseudonymize the personal data we process so that we can no longer identify the individuals to whom it relates.

However, while we constantly strive to ensure the security of the data you entrust to us, we may also experience less happy events and security incidents/breaches. In these cases, we will strictly follow the security incident reporting and notification procedure and take all necessary steps to restore the situation to normal as soon as possible.

11. Data storage

Please note that at this time we will not process and store all of the data elements identified below, but we are constantly working on developing the Platform by introducing new products, benefits and services and have considered future implementations to be fully transparent with you.

Purpose Further information
Register as a User We will keep your data until you decide to stop being a user (delete your account).
Conclusion and execution of the sales or service contract you conclude with us We will process your data for as long as necessary to manage the purchase of the products or services you purchase, including any returns, complaints, warranties or claims related to the purchase of that product or service.
Requests or enquiries made via Customer Service/Support We will process the data for as long as necessary to fulfil the request or application.
Marketing We will process the data until you unsubscribe from the newsletter/other marketing methods.
Improving services We will process the data on a one-off basis, only for the duration of the respective action (i.e. survey, feedback form etc.)

In short, we will retain your personal data for as long as necessary to fulfil the purposes for which we have collected it, including for the purposes of meeting any legal, accounting or reporting requirements.

In determining the appropriate retention period for your personal data, we consider the value, nature and sensitivity of your personal data, the potential risk of harm caused by unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means and applicable legal requirements.

We are required by law to retain basic information about our clients, contract partners and sponsors (including contact details, identity, financial and trading data) for 5 years after they are no longer clients for tax purposes.

In certain circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for scientific, historical or statistical research purposes, in which case we may use this information indefinitely without prior notice to you.

Please note that in certain expressly regulated situations, we store data for the period required by law.

12. Your rights

In certain circumstances, you have some rights to your personal data under the law. To exercise them, please contact us at the email address in section 1.

We have also set out these rights in detail below. But in short, under the law in force, you have the following rights:

Right to withdraw consent - when the processing has been based on your consent and there is no other basis for processing. Please note that withdrawal of consent does not affect the processing that has taken place up to that point.

The right to be informed about the processing of your data - which is done through this Information Notice.

Right of access to data - you have the right to receive a copy of the data we process about you. Additional copies may be provided against payment.

The right to rectify inaccurate or incomplete data - you have the right to ask us to amend/complete the data we process about you when you believe we should do so.

Right to erasure ("right to be forgotten") - this right allows you to request that, in certain circumstances, when we have no other basis for processing your data, we erase your data and no longer process it in the future.

The right to restrict processing - where we process your data to fulfil our public interest tasks or legitimate interests (or those of a third party) and there is something about your particular situation that makes you want to object to the processing. You also have the right to ask us to restrict processing when we process your data for direct marketing purposes.

The right to transfer data we hold about you to another controller - where your data is in a format that allows us to transfer it to another controller in an automated, easily accessible and machine-readable format.

The right to object to data processing - when we process your data to fulfil a public interest or pursue our legitimate interests or those of a third party.

The right not to be subject to a decision based solely on automated processing, including profiling

The right to seek justice

The right to lodge a complaint with a Supervisory Authority, contact details of which can be found below:

Please note that:

You can withdraw your consent to direct marketing at any time by following the unsubscribe instructions in each email/SMS or other electronic message.

If you wish to exercise your rights, you can do so by sending a written, signed and dated request to the following e-mail address:

The rights listed above are not absolute. There are exceptions, so each request received will be examined to decide whether it is justified or not. To the extent that your request is justified, we will make it easier for you to exercise your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of your rights to lodge a complaint with the Supervisory Authority and to take legal action.

Deadline. We will try to respond to your request within 30 days. However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a reasonable time.

What we might need from you. In order for us to respond to your requests exercising your rights, we may need additional information from you to confirm your identity. If, despite our best efforts, we are unable to identify you, and you do not provide us with additional information to identify you, we are not obliged to comply with your request.

Fee. You will not have to pay any fee for exercising your right of access to data (or any other right). However, you may have to pay a reasonable fee if your request is unfounded, excessive or repetitive. Alternatively, we may refuse to comply with your request in these circumstances.

13. Changes to this Notice

We may occasionally update this Notice and will notify you via the Platform or by email of the latest version. All updates and changes to this Notice are effective immediately upon notification, which we will make by posting on the Site and/or email notification. Even if you do not receive a notification, we encourage you to periodically access and read this Notice to stay up to date with the latest versions.

Note updated on 3 June 2024.