PRIVACY POLICY
for eviivo limited
We are committed to ensuring that your privacy is protected and We understand the need for appropriate protection of all Personal Information provided by You to Us. This Privacy Policy has been created in order that You understand the importance that we attach to this issue and Our commitment to ensure that we comply with UK legislation and the General Data Protection Regulations (‘GDPR’).
This Privacy Policy (“Privacy Policy”) describes the treatment of any personal data provided to or collected by eviivo Limited, a company registered in England and Wales under number 5002392 with offices at 154 Pentonville Road, London, N1 9JE (eviivo, We, Us,Our).
- Definitions
Accommodation Provider refers to an entity or a person renting temporary accommodation such as a Bed and Breakfast, a short-term rental, a hotel, a hostel, a guest house and other such establishments, as may be displayed and made available from time to time via eviivo’s Booking Service.
Booking(s) refers to the reservation of accommodation with a specified Accommodation Provider.
Booking Confirmation refers to the notification issued by eviivo, to confirm a Booking made with an Accommodation Provider.
Booking Service refers to the accommodation search facility operated by eviivo which may be used to search for, book and pay for accommodation.
Channel Partner refers to a travel agency, a tourism board, a regional association or a community whose website is connected to eviivo’s Website or Booking Service.
Communication Facility refers to any bulletin boards, chat rooms, web-based forms, or other messaging or communication facilities between You and Us (if any), as may be available from time to time on any Website or Booking Service operated by eviivo. Communication Tools Provider refers to any third party providing eviivo with communications tools and technology.
Content refers to business contact information, ratings, reviews, comments, photographs or other information and material, including personal information which may include, without limitation, Your name, address, town, postcode, country, email and phone number as well as billing information or payment card details (‘Personal Information’) which You consent to share with Us when you submit a Form, a Booking or a Guest Review.
Form refers to a web-based or an email-based data entry form designed or made available by eviivo and used to help Us collect information about You.
eviivo refers to eviivo Limited, a company registered in England and Wales under the number 05002392 and having its registered offices at 154 Pentonville Road, London, N1 9JE. eviivo’s VAT number is 877374571. eviivo operates the www.toprooms.com and www.eviivo.com Websites and the eviivo Booking Service, which includes the processing of online payments for bookings made via the Booking Service.
Intellectual Property Rights refers to all patents, copyright, database rights, design rights, moral rights, registered designs, trademarks or service marks, trade names, or know-how (whether registered or not and including any applications or rights to apply for registration) and all rights or forms of protection of a similar nature whether subsisting now or at any time in the future anywhere in the world.
Software refers to software that is developed and marketed by eviivo including without limitation any software marked under the brands and trademarks eviivoTM, eviivo suiteTM, eviivo startTM, eviivo everythingTM, eviivo portalTM, eviivo soloTMor eviivo connectTM, what’s onTM or toproomsTM.
You (and related expressions like “Your” and “Yours” and “Yourself”) refers to you, a user of the Website or the Booking Service or the Communication Facility operated by eviivo.
We (and related expressions like “us” and “our” and “ours” and “ourselves”) refers to eviivo as the operator of the toprooms Website and Booking Service.
Website refers to a website operated by eviivo, which includes a Communications Facility or a Booking Service operated by eviivo. The Website may refer to any website using a domain or sub-domains owned by eviivo including but not limited to eviivo.com, toprooms.com, bookdirectrooms.com, and on.eviivo.com or to a website operated by eviivo on behalf of an Accommodation Provider or a Channel Partner.
- Your consent
When using this Website, or the Booking Service or Guest Review Service operated by eviivo on the Website, and providing your personal details, We collect, use and retain Your Personal Information for the sole purpose of fulfilling our services to You or completing a Booking transaction (contractual obligation), including the sharing of any necessary Personal Information with the relevant third parties (for example an Accommodation Provider, a Channel Partner ora) where this is necessary to allow Us to fulfil Our obligations to You.
Where You have expressly provided consent online when asked to do so, We may also use Your Personal Information to communicate information to You about eviivo’s products and services and to improve Our understanding of the needs of potential and existing users of our services.
- Collection, use & retention of Personal Information
We collect, use and retain Personal Information about You only to the extent that is reasonably required to conduct our business effectively.
The information collected by eviivo varies depending on the service You request from Us.
We may collect personal details such as but not limited to Your name, address, accommodation details, credit/debit card number and expiry date, billing details and telephone numbers (“Personal Information”) either when You use Our Communication Facility, or when You use Our Booking Service. Your credit/debit card details are only used to process the transaction You have requested and Your card details are NOT stored or used in any other way by eviivo.
We may also collect Personal Information directly from You when You speak to Us over the telephone or send Us correspondence or submit a Guest Review or a review of Our services.
We use Personal Information to complete transactions on Your behalf and to ensure that we can efficiently manage and track transactions that are processed through Our system. We also use Personal Information to monitor Our system’s efficiency and usability, and to test and develop enhancements and changes to the way We do business.
We may also collect Your Personal Information when we undertake market research or ask a third party to undertake market research on Our behalf, in accordance with the terms of this Privacy Policy. When You agree to participate in any such market research and give us consent to Use Your Personal Information where asked to do so, Your Personal Information shall remain confidential in compliance with the terms of this Privacy Policy and shall be used for the sole purpose of improving Our services to You, or analysing, compiling and publishing general market trends. For the avoidance of doubt, published market trend information shall be provided at aggregate level only and shall not disclose any Personal Information.
The Personal Information that We collect is stored securely on servers in our United Kingdom and processed by our staff based in the United Kingdom and in the European Union. The Personal Information we collect may also be accessed by staff outside the European Economic Area (EEA) who work for us, including our affiliated subsidiary in Tunisia.
The Personal Information we collect may also be shared with third parties where this is necessary to process and complete Bookings or payments or other transactions on Your behalf, to fulfil Our contractual obligation to You, or allow the relevant third parties to fulfil their obligations to You in providing the services You requested. Such third parties may be located outside the EEA and may store the data we share with them outside the EEA. Such third parties may include without limitation: -
- an accommodation provider that You selected via the Booking Service, a third party operating the Website which made the Booking Service available to You (for example: an online travel agency, or regional and local tourism organisations or other Channel Partners), or a payment processor (for the processing of card payments) (“Booking Partners”).
- one of our contracted suppliers (for example: the data centre hosting Our Software, a market research company handling surveys on Our behalf or a Communication Tools Provider) (“Suppliers”).
Booking Partners and Suppliers operating under a contractual agreement with Us are either bound by the terms of this Privacy Policy or required to comply with current applicable data protection regulations.
Although this Privacy Policy applies to Personal Information about You that may have been shared with third parties under the terms of this Privacy Policy, or provided to Us by third parties, We are not responsible for the privacy policies of those third parties or the operators of the websites that offer eviivo’s Booking Service, and We will not be liable for those third parties’ data protection policies and practices.
If You are an Accommodation Provider or business partner concerned with the protection of Your Personal Information, We recommend that you use a distinct separate business email, business address, business phone line and business bank account rather than use Your Personal Information.
Should You, as an Accommodation Provider or Business Partner, choose to provide Personal Information to Us in response to a specific request for business contact details (for example a business email, business address, and business phone number), You understand and agree that any Personal Information provided to eviivo in this context shall be deemed to be Your business contact data, and You consent to its use as business information and You accept that this data will NOT be protected by the provisions of this Privacy Policy and GDPR. You understand and agree that when you provide business contact data and business Content to Us, You give us the right and an unrestricted license to use and publish said business Content and contact data via the internet, via email, and/or share it or publish it via Our Channel Partners and travel distribution partners.
- Protection of Personal Information
We maintain appropriate security standards and procedures in relation to the collection, use and retention of Your Personal Information in order to prevent unauthorised access or disclosure.
We are compliant with the Payment Card Industry security standard (PCI-DSS Level 1). We are audited annually by an independent expert on behalf of the card schemes, including a full review of our systems and procedures, and the relevant penetration tests, to ensure that we provide the highest level of card payment security. Card details processed on eviivo.com, toprooms.com or via on.eviivo.com are encrypted and fully tokenised and are not held beyond the scope of the Booking duration. eviivo cannot be held liable for the security of any card information that You may have passed on to an Accommodation Provider or a travel agency by means other than Our Website or Our Booking Service.
- Disclosure to third parties
Personal Information is shared with our group companies, contractors, data processing companies including operators of global distribution systems and payment clearing houses, banks and professional advisers. We share only the Personal Information necessary to deliver any supply of products and/or services by Us to You or in order to ensure the successful completion of a transaction processed through our system or for other related purposes. We may also disclose Your Personal Information when necessary to protect against fraud or any other crime (usually by providing such information to a reputable information reporting organisation) or in the event that we sell our business then to the purchaser of that business.
Your Personal Information will also be processed by Our Merchant Bank Ingenico Financial Solutions SA/NV, for the sole purpose of being able to process your card payment where applicable. The processing of Your card payment includes fraud monitoring and fraud management and other checks related to the fight against money laundering and the financing of terrorism. Ingenico’s privacy policy is available at https://www.ingenico.com/epayments/legal/account-holder
We may in addition from time to time share non-personal, non-individual information in aggregate form with third parties for business purposes, for example we may tell our Booking Partners including regional tourism agencies and commercial distributors the number of customers or level of bookings in certain demographic groups. The sharing of aggregate data does not involve the disclosure of Personal Information which can identify any particular individual.
Third parties, including Our Channel Partners, may publish or use Your Personal Information if you have expressly provided this Personal Information to Us as your business contact information, as part of the Content You supply when advertising Your accommodation on certain travel sites, to ensure that potential guests and other third parties are able to contact You.
- Employee access to Personal Information
Your Personal Information is disclosed to our employees, agents and representatives on “a need to know” basis and we confirm that all such persons understand the importance of client confidentiality and privacy.
We, and our business partners, may use Your Personal Information in order to contact You to perform the fulfilment or payment of any Bookings made via the Booking Service, or to respond to or follow-up any enquiries You have made via the Website(s) we operate.
- Share facility
If you use any social media share facility on our Website and give us details of another person (e.g. their name and email address), You are responsible for making sure that the other person agrees to share their personal information with Us and receive information from Us. We will only use their data for the purpose of sharing information via email or social media.
- Updating, maintenance and accuracy of your information
We do our best to ensure that all information held relating to You is kept up-to-date, accurate and complete.
Data populated by You (including your personal details entered in any fields) is Your sole responsibility and any changes to any aspect of Your personal data should be updated directly by You.
If you have any questions or comments about our Privacy Policy, please contact us on privacy@eviivo.com and we will endeavour to respond as soon as possible. All of our processes and data storage methods have been approved by the Information Commissioner’s Office (www.informationcommissioner.gov.uk) and our registration number is Z1431368.
- Cookies and other non-personal information
Cookies are tiny files placed onto the hard drive of Your device when You register or fill-out a Form or subscribe and cookies enable Our server to recognize who You are each time You return. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Our Website uses cookies to store certain information and this includes both session and persistent cookies, and We may automatically use cookies to collect non-personal information about You, such as the type of internet browser You use, the website from which You have come to Our Website. Cookies also allow us to collect Your IP address (the unique address which identifies Your computer on the internet and classifies as Personal Information) which is automatically recognised by Our web server.
This information is only used to assist Us in providing an effective service on the Website and to collect broad demographic information for aggregate use. We may make limited use of cookies to deliver content specific to Your interests, retain Your personal preferences or hold session information in order to improve the Website’s usability, analyse how Our Website is being used, administer the Website, prevent fraud and improve the security of the Website, or personalise the Website for each user. We use Google Analytics to analyse cookies.
We ask You to consent to our use of cookies in accordance with the terms of this policy when you first visit Our Website. By using Our Website and agreeing to use cookies when asked to do so, You consent to Our use of cookies in accordance with the terms of this policy.
We may use third-party advertising companies to serve ads on Our behalf. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is completely anonymous. If You would like more information about this practice and Your choices, please visit the Network Advertising Initiative website (//www.networkadvertising.org).
Facebook. Our Websites may use plugins from the Facebook social network, 1601 South California Avenue, Palo Alto, CA 94304, USA. When you visit our Website, the Facebook plugin may establish a direct connection between your web browser and the Facebook server. Facebook is then notified that your IP address has visited our website. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link our web content with your Facebook profile and this enables Facebook to verify your visit to our web pages on your user account. We have no knowledge of the content of the transferred data and of how Facebook uses it. Please refer to the Facebook privacy statement. If you do not want Facebook to be able to assign your visit to our Website to your Facebook user account, log out of Facebook when using our Website.
Google Analytics. Our Website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, that track your use of this Website (including your IP address) and these are generally transferred to and saved on a Google server in the USA. Google processes this data to evaluate your use of this Website, compile reports about the Website’s activity on Our behalf and render other services connected with Website use. Google may also forward this data, if applicable, to third parties, when this is legally required or if these third parties use the supplied data on behalf of Google. Under no circumstances will Google use your IP address in connection with other data supplied by Google Inc. You can prevent the capturing of data generated by the cookie referring to your utilisation of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing a special plugin using the following link: tools.google.com/dlpage/gaoptout
You can erase or block cookies from Your device if You want to (Your device manual or Help information for Your browser should tell You how to do this). If You block or delete cookies, you may not be able to use all the features of Our Website or you may find the Website less usable.
Finally, we may disclose your Personal Information to the relevant competent authorities (for example police, customs, central banks and tax authorities) at any time and where required to do so by law or to comply with any legal obligation or requirement, such as an order of the court.
- Your rights
You have the right to request a copy of the Personal Information we hold about You, and you have the right to request that Your Personal Information be rectified, transferred elsewhere, and/or deleted from our systems. You also have the right to withdraw any consent previously given to Us with regard to the collection and processing of Your Personal Information.
To the extent that We have a legal obligation to hold Your Personal Information – for example the requirement to hold invoice information for up to seven (7) years and the requirement to provide guest registration information to the local health & safety or police authorities – the minimum information required, including Personal Information, shall be held until the legal requirement expires and this minimum required Personal Information shall be passed to the relevant authorities.
Our security procedures mean that we may request proof of identity before we are able to disclose any Personal Information to You.
- Complaints Procedure
Where applicable, if as part of our Booking Service and under the terms of this Privacy Policy, we have passed Your Personal Information to an Accommodation Provider or to a Channel Partner for the sole purpose of completing a Booking or a payment or some other transaction on Your behalf, You may need to direct your request to these third parties also.
If You wish to make a complaint about eviivo’s data protection and privacy policy, including the rights given to You under GDPR, you may contact us by telephone, email, letter or fax. We do not require complaints to be made in writing. Wherever possible, complaints will be dealt with promptly, and you will receive a response under thirty (30) working days.
If you are dissatisfied with the outcome of your complaint, you may choose to escalate the complaint internally by contacting our Customer Service Director via the Help button in eviivo suite, or, if Your complaint is specific to data protection by writing to Us at privacy@eviivo.com. A response to an escalated complaint will be made within a further ten (10) working days.
Our contact details are as follows:
eviivo Limited
Address: 154 Pentonville Road,
London N1 9JE
Telephone & Fax: +44 (0) 844 880 3000
Accommodation Providers: click on the Help button in eviivo suite, then on ‘Chat with an expert’.
General enquiries: info@eviivo.com
Specific Data Privacy complaints:privacy@eviivo.com