DATA PRIVACY AND MESSAGING GUIDELINES
(according to "General Data Protection Regulation")

DATA PRIVACY AND MESSAGING GUIDELINES

These Data Privacy and Messaging Guidelines (the "Guidelines") set forth the terms and conditions under which Hotel Availabilities Ltd provides its service to and for the benefit of Accomodation Providers, including accommodation partners (hereafter “Accomodation Provider”). By using the Hotel Availabilities Ltd services, the Accomodation Provider agrees to and accepts the following Guidelines.

1. SCOPE, DEFINITIONS AND INTERPRETATION
1.1 These Guidelines form an integral part of the agreement between the Accomodation Provider and Hotel Availabilities Ltd (including any applicable general delivery terms (the "GDTs") and collectively with the agreement, the "Agreement") and must be read in conjunction therewith. Except as otherwise provided for herein, the terms and conditions of the Agreement remain unchanged and in full force and effect. If there is conflict between this Guideline and the Agreement, the terms of the Guidelines will prevail.
1.2 Unless defined otherwise in these Guidelines, capitalized terms have the same meaning as set out in the Agreement.

2. DATA PRIVACY
2.1 Each Party shall take reasonable steps to protect personal data (i.e., information that relates to an identified or identifiable natural person) processed in the context of the Agreement against loss and unauthorized access, use, deletion and disclosure; and, as required by applicable laws, process personal data in a manner that ensures appropriate confidentiality and security of the personal data.
2.2 The Accomodation Provider acknowledges that it is responsible for the handling and security of the personal data it holds and processes within the context of the Agreement and Hotel Availabilities Ltd acknowledges that it is responsible for the handling and security of the personal data it processes within the context of the Agreement. Accomodation Provider shall provide personal data to Hotel Availabilities Ltd only if such disclosure is permitted under applicable laws. Hotel Availabilities Ltd shall be a data controller (i.e. determines the purposes and means of the data processing) for any personal data it processes. Accomodation Provider shall become data controller upon receipt of the personal data either directly or indirectly through a connectivity partner. Unless agreed otherwise, connectivity partners handle personal data on behalf of a Accomodation Provider. Each Party shall be solely responsible for the processing of personal data by itself or on its behalf in accordance with applicable data protection laws. The Parties shall, if required by applicable laws, cooperate in good faith and provide assistance in the event data subjects wish to exercise their rights of access, correction, erasure or portability, or in case of requests from competent authorities to demonstrate compliance with obligations applicable to the Party.
2.3 To the extent Hotel Availabilities Ltd processes personal data that is not guest data in association with the Agreement, such personal data shall be processed by Hotel Availabilities Ltd in accordance with the Hotel Availabilities Ltd Privacy Statement applicable to Accomodation Providers , which can be found on https://hotelavailabilities.com. The Accomodation Provider warrants that it has, as required by applicable laws, duly and diligently informed (and as required by applicable laws, obtained consents from) its staff members, agents, representatives and other individuals about the processing of their personal data by Hotel Availabilities Ltd and the cross-border transfer of their personal data to countries that do not provide for adequate protection of rights of personal data subjects.
2.4 Accomodation Provider shall process personal data that Accomodation Provider received from Hotel Availabilities Ltd as part of the Services under the Agreement only so far as necessary to perform the requested reservation services, or as otherwise agreed to between the Parties in writing, in accordance with applicable law, including (if applicable) Directive 95/46/EC and 2002/58/EC (as amended or replaced by subsequent legal acts) on the processing of personal data and the protection of privacy or the EU General Data Protection Regulation or if Accomodation Provider has obtained explicit consent from the guest to any other use of guest’s personal data.
2.5 If the Accomodation Provider will or intends to notify guests or other parties (e.g., competent data protection and/or government authorities) of a data breach (any discovered or suspected incident resulting in accidental, unlawful, or unauthorized destruction of, loss of, alteration of, access to, disclosure of, or use of personal data) involving personal data received by the Accomodation Provider from Hotel Availabilities Ltd, and the notification will reference Hotel Availabilities Ltd, Accomodation Provider shall first, to the extent permitted by law, provide any draft notification and related correspondence to Hotel Availabilities Ltd and reasonably cooperate with Hotel Availabilities Ltd in finalizing such notification and correspondence and other communication that may follow with the guests or authorities. Accomodation Provider acknowledges that Hotel Availabilities Ltd retains the right to voluntarily inform its users about any such data breach. For the avoidance of doubt, Accomodation Provider shall not notify guests or other parties of a data breach involving personal data that Hotel Availabilities Ltd hosts on the Extranet (defined in 4.2) without prior written authorization from Hotel Availabilities Ltd.
2.6 In case the party contracting with Hotel Availabilities Ltd is not directly processing personal data of guests under its own control (e.g. as may be applicable in case of chains, property management companies etc.), this Clause 2 shall be read to apply to the Accomodation Provider ultimately processing the personal data of guests. In such case, either contracting party and/or Accomodation Provider may be considered the (sole) data controller of any guest data processed in the context of the Agreement.
2.7 The accommodation provider is the sole owner of the data imported by the channels (OTAs, etc), neither Hotel Availabilities Ltd nor any reseller or agent has the right to own the reservations’ personal data. We only cache the guest data, to ensure smooth communication between the hotel, CM and OTA. We do not use any guest information for marketing or any similar purposes. Our employees or resellers or agents have no access to personal data. According to GDPR law, the accommodation provider is the Data Administrator (controller) and Hotel Availabilities Ltd is the Data Processor.

3. MESSAGING TOOLS
3.1 Hotel Availabilities Ltd may from time to time as part of its service to the guest and Accomodation Provider facilitate the communication between the guest and the Accomodation Provider (the "Messaging Service") using tools provided by Hotel Availabilities Ltd. Hotel Availabilities Ltd will process communications sent via the Messaging Service (the “Communications”) in accordance with the Hotel Availabilities Ltd Privacy and Cookies Statement applicable to Accomodation Providers available on https://hotelavailabilities.com. The Accomodation Provider hereby irrevocably and unconditionally agrees and consents to the processing of Communications by Hotel Availabilities Ltd (including any processing, storage, receipt, access, insight and screening of communications by Hotel Availabilities Ltd) and states that it has duly and diligently informed (and as required by applicable laws, obtained consent from) the Accomodation Provider’s employees, agents, representatives, staff members and other individuals of/for/when using the Communication Service for or on the Accomodation Provider’s behalf (including the processing, receipt, insight, storage, screening and access of such communications by Hotel Availabilities Ltd).

4. USE OF HOTELAVAILABILITIES.COM ONLINE SERVICES
4.1 Notwithstanding anything to the contrary in the Agreement, Accomodation Provider agrees to comply and have individuals acting on its behalf, comply with the Hotel Availabilities Ltd Business Partner Account Terms of Use, as made available on www.HotelAvailabilities.com.
4.2 Hotel Availabilities Ltd may offer an extranet facility to the Accomodation Provider (the “Extranet”). The Accomodation Provider shall safeguard and keep the user ID and password confidential and secure, and shall not disclose the user ID and password to any person other than those who need to have access to the Extranet to fulfill their job responsibilities. The Accomodation Provider shall notify Hotel Availabilities Ltd at [email protected] within 24 hours of any actual or suspected breach of security or confidentiality involving the user ID and password used to access the Hotel Availabilities Ltd Extranet.
4.3 The Accomodation Provider agrees not to use the Messaging Service to send unsolicited electronic communications to any individual. Accomodation Provider will fully indemnify Hotel Availabilities Ltd for any claims of third parties or fines resulting from unlawful or unauthorized use of the Messaging Service by Accommodation Supplier for its own purposes.

5. PAYMENT CARD SECURITY
5.1 To the extent, the Accomodation Provider processes payment card information obtained by the Accommodation Supplier through the Hotel Availabilities Ltd reservation services, the Accomodation Provider is required to comply and to have its service providers comply on an ongoing basis with the requirements, compliance criteria and validation processes set forth in the current Payment Card Industry (PCI) Data Security Standard issued by the major credit card companies.