PRIVACY POLICY
1. Introduction
At Bear Hotel (“we,” “our,” or “us”), accessible via https://bear-hotel.com, we are firmly committed to safeguarding your privacy and ensuring the protection of your personal data. We recognize the importance of transparency, individual rights, and ethical handling of personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to your use of bear-hotel.com and any related services, platforms, or communications that reference this policy. Bear Hotel acts as the “Data Controller” with respect to the personal data collected from users, meaning we determine the purposes and means of processing your personal information. If you have any questions or concerns regarding this policy or your data, please contact us at [email protected].
3. Categories of Personal Data We Process
We may collect, use, store, and transfer the following categories of personal data:
a. Usage Data
Includes information about how you use our website such as IP addresses, browser types, access times, pages viewed, referring URLs, and session data. This information helps us monitor and improve website performance.
b. Account Data
Includes personal identifiers you provide when creating an account or purchasing services from us, such as full name, billing/shipping address, email address, and phone number.
c. Profile Data
Includes preferences, saved accommodations, historical bookings, loyalty status, and behavior patterns related to your interactions with the Bear Hotel platform.
d. Communication Data
Includes messages or inquiries sent via contact forms, customer service interactions, emails, chat history, and other communication records.
e. Technical Data
Includes information about the device used to access our site such as device model, operating system, mobile network, unique device identifiers, and technical configuration data.
f. Transaction Data
Includes payment information (excluding full credit card details), transaction history, authorization confirmations, accommodation stay dates, and delivery instructions.
g. Preference Data
Includes your marketing and communication preferences, opted-in subscriptions, interests related to offerings, and participation in surveys or promotions.
4. Legal Bases for Processing
We rely on the following legal grounds to process personal data under the GDPR and, where applicable, the CCPA:
– Performance of Contract: When we need to process your data to fulfill our service commitments to you, such as room bookings.
– Consent: When you have freely given your specific consent, such as for receiving marketing communications.
– Legitimate Interests: Where processing is necessary to pursue our legitimate business objectives, including improving our website and services, provided that such interests are not overridden by your fundamental rights and interests.
– Legal Obligation: When processing is required for us to comply with legal or regulatory requirements.
5. Your Rights
Subject to local data protection laws—such as the GDPR (for EU residents) and CCPA (for California residents)—you may have rights that include:
– Right of Access: You may request a copy of your personal data held by us.
– Right to Rectification: You may ask us to correct or complete inaccurate or incomplete personal data.
– Right to Erasure (“Right to be Forgotten”): You may request deletion of your personal data, subject to certain legal obligations.
– Right to Restrict Processing: You may request that we limit the processing of your personal data where allowed by law.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
– Right to Opt Out: Under the CCPA, you have the right to opt out of the sale of personal information, although Bear Hotel does not sell personal data to third parties.
To exercise any of these rights, please email us at [email protected]. We may need to verify your identity before fulfilling your request.
6. Security Measures
We implement robust physical, technical, and administrative safeguards designed to secure your personal data, including:
– Encryption of data during transit and at rest
– Secure access controls with role-based permissions
– Regular security audits and system monitoring
– Firewalls and intrusion detection systems
– Ongoing privacy and cybersecurity training for staff
– Secure data backup procedures performed regularly
Despite these measures, no system is immune to security incidents. Should any data breach occur, we will notify affected individuals and relevant authorities as required by law.
7. International Transfers
We may transfer and store your personal data in jurisdictions outside of your country of residence, including countries not deemed to have equivalent data protection laws. In such cases, we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses approved by the European Commission
– Binding corporate rules (where applicable)
– Transfer mechanisms approved or validated under applicable regulations
We are committed to ensuring all international data transfers are compliant with applicable privacy legislation.
8. Data Retention
We retain personal data no longer than is necessary to fulfill the purposes for which it was collected, including compliance with legal, regulatory, or contractual obligations. Our general retention periods include:
– Account Data: retained for as long as your account remains active, plus up to 7 years for audit and compliance purposes
– Transaction Data: retained for up to 7 years for legal and tax obligations
– Communication and Support Data: retained for up to 3 years following the end of the user relationship
– Analytics and Usage Data: retained for 12 to 24 months following collection
– Preference and Marketing Data: retained until the user withdraws consent or unsubscribes
Upon the end of retention periods, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance your experience and analyze usage. These include:
– Essential Cookies: Required for the operation of bear-hotel.com. They enable functions like secure login and booking.
– Functional Cookies: Allow personalization features such as remembering language or region.
– Analytics Cookies: Help us understand how users engage with our website, enabling improvements and user-friendly design.
– Performance Cookies: Track behavior anonymously to measure site efficiency and loading times.
Cookies may be first-party (set by Bear Hotel) or third-party (set by our partners, such as analytics providers).
10. Cookie Management and Compliance with GDPR and CCPA
Upon first visit to bear-hotel.com, you are shown a cookie banner allowing you to manage preferences in accordance with GDPR and CCPA requirements. You may accept or decline non-essential cookies. Additionally, you may reset your cookie consents at any time through our Cookie Settings menu or adjust your browser settings to refuse some or all cookies. However, blocking certain cookies may negatively impact website functionality.
Under the CCPA, California residents may also opt out of tracking technologies by using the relevant Do Not Sell My Information link provided on our website, although we do not sell user data.
11. Special Protections for Children Under 13
Our website is not intended for children under the age of 13. We do not knowingly collect personal data from children under the age of 13 without verifiable parental consent. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] so we may initiate prompt deletion.
12. Policy Updates and User Notification
This Privacy Policy may be periodically updated to align with legal, regulatory, technological, or operational changes. Substantive amendments will be posted on this page and, where appropriate, communicated via email or website notification. Continued use of bear-hotel.com confirms your acceptance of the policy in effect at that time.
13. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us via:
Email: [email protected]
You may also use this email to exercise your data rights under applicable laws.
We are dedicated to upholding the highest standards of privacy and data stewardship. If you believe your data protection rights have been violated, you may also have the right to lodge a complaint with your local data protection authority.
Bear Hotel remains fully committed to compliance with the GDPR, CCPA, and all applicable privacy laws. Please contact us at [email protected] with any privacy-related inquiries or concerns.