This Privacy Policy is edited by The Guest House, a company having its registered office at 3230 Northeast 55th Ave. Silver Springs, FL 34488 and registered with the State of Florida under the number 81-3445962 (hereafter, the “Data Controller”).

The Data Controller offers a platform called The Guest House Ocala app (hereafter, the “Platform”) to its users who have subscribed to the Platform and, as such, have a user account (hereafter, the “Users”). The Platform is available in the Apple App Store and Google Play Store.

The Data Controller uses a solution called “Hivebrite,” which enables the import and export of user lists and data, the management of content and events, the organization of emailing campaigns and opportunity research and sharing, as well as the management of funds and contributions of any kind.

In this regard, the Data Controller collects and processes User’s personal data in accordance with the Privacy and Cookie Policy.

The Data Controller is particularly aware and sensitive with regard to the respect for its Users’ privacy and personal data protection. The Data Controller is committed to ensuring the compliance of the processing it carries out as data controller in accordance with the Data Protection Law.

Data Protection Law refers to the laws and regulations that apply to the processing of personal data in relation to the use of the app, including but not limited to the Florida Information Protection Act and the Health Insurance Portability and Accountability Act (HIPAA).

The Data Controller has put in place an appropriate Privacy and Cookie policy to be fully transparent on how the personal data of Users is processed within the use of the Platform and services provided.

This privacy policy is intended for the Users of the Platform of the Data Controller.

Date of last update: 5/10/2023 (dd/mm/yyyy)

1. COLLECTED PERSONAL DATA

1.1 When subscribing to the Platform

When subscribing to the Platform, the User is informed that the following personal data is collected for the purpose of creating a user account:

Mandatory data

      • First name;
      • Last name;
      • Email address;
      • Device data

Optional data:

      • Location; 
      • Usage data;
      • Third-party social media profiles

The User is informed that it is not possible to access the Platform without providing the mandatory data strictly necessary to create an account and authenticate the User.

1.2 During the use of the Platform

The User may validly publish, at their own initiative, any content on the Platform which shall be kept by the Company:

      • Posts; 
      • Events; 
      • Comments

The User is aware that when using the Platform, the User may decide to provide « sensitive data » within the meaning of Data Protection Law, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, concerning sexual orientation, etc. By providing such sensitive data, the User agrees to their processing by the Platform in the conditions set forth in this Privacy Policy.      

2. THE PURPOSE OF THE DATA PROCESSING

The Data Controller and its subcontractors process personal data that is freely transferred by the User when accessing the services proposed by the Platform for the following purpose:

Purpose Legal basis 
Creation and management of a user account For the purpose of the creation and management of a user account and providing the User with all functionalities of the Platform, the legal basis is performance of a contract as it is necessary to provide the services requested by the User.

 

For the purpose of sending invitations for events organized by the Data Controller or other Users, sending offers from the Data Controller or its partners, and inviting the User to events organized by the Platform, the legal basis is consent as the User has the choice to accept or decline such communications.

For the purpose of management of data subjects’ rights according to the Personal Data Legislation and storage of User personal data, the legal basis is compliance with legal obligations as it is necessary to comply with applicable laws and regulations regarding the processing of personal data.

Providing the User with all functionalities of the Platform, meaning: 

 

  • Sending invitations for events organized by the Data Controller or other Users, if the User has accepted to receive such invitations;
  • Sending offers from the Data Controller or its partners if the User has accepted to receive such offers.
  • Invite the User to events organized by the Platform 
Management of data subjects’ rights according to the Personal Data Legislation.
Storage of User personal data
Management of prospection operations:

 

  • Sending email prospect campaigns in the Name of The Guest House and/or its commercial partners 
  • Sending newsletters in the Name of The Guest House and/or its commercial partners 
Making statistics in order to: 

 

  • Improve the quality of the services proposed by the Platform
  • Improve the usage functionalities of the Platform
Making statistics regarding the effective use of the Platform 
Making statistics regarding the different levels of activity on the Platform
Enable the synchronization of the User’s Facebook/Google/LinkedIn profile

3. DATA RETENTION PERIOD

The Data Controller informs the User that the personal data related to the User Account is retained only during the length of the User’s subscription on the Platform.

Following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform shall be deleted after a period of three (3) years.

4. DATA TRANSFERS

The Users’ data is stored by the Data Controller and its trusted service providers. However, depending on the processing, the Users’  data may also be transferred to a country outside the United States to our trusted service providers and partners.

When transferring data outside the United States, the Data Controller ensures that the data is transferred in a secure manner and with respect to Data Protection Laws. When the country where the data is transferred does not have protection comparable to that of the United States, the Data Controller uses “appropriate or suitable safeguards.” 

When the service providers to whom personal data is transferred are located in the United States, these transfers are governed by the standard data protection clauses adopted by the Commission. 

5. COMMITMENT OF THE DATA CONTROLLER

The Data Controller commits to process User’s personal data in compliance Data Protection Laws and undertakes to notably, respect the following principles:

  • Process User’s personal data lawfully, fairly, and in a transparent manner;
  • Only collect and process the Users’ data for the strict purpose as described under Article 2 of the present privacy policy;
  • Ensure that the personal data processed is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • Make the best efforts to ensure that the personal data processed is accurate and, if necessary, kept up to date; and take all reasonable steps to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
  • Keep personal User’s data for no longer than is necessary for the purposes for which it is processed;
  • Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and resilience of the process systems and services;
  • Limit the access to the User’s data to the persons duly authorized to this effect;
  • Guarantee to the Users their rights under the Data Protection Law in relation to the processing of their data and make the best efforts to satisfy any request, where this is possible.

6. EXERCISE OF THE USER’S RIGHTS

The User is duly informed that it disposes at any time, depending on the legal basis of the processing, a right to access, to rectification, to erasure, to restriction of processing, to data portability, and to object.

When processing is based on User’s consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

The User can exercise its rights by sending an email to [email protected] or by mail at the following address provided that the User justifies his/her identity: 3230 Northeast 55th Ave. Silver Springs, FL 34488

In addition, in the event the User considers that its rights have not been respected, the User of which the personal data is collected can lodge a complaint before the competent supervisory authority. For any additional information, you can review your rights on the websites of the competent authorities. 

Information on competent supervisory authorities can be found on the following website:

https://www.ftc.gov/news-events/topics/protecting-consumer-privacy-security 

7. COOKIES

The Data Controller informs the User that Hivebrite, as well as its subcontractors, uses a tracking technology on its terminal, such as cookies, whenever the User navigates on the Platform subject to the conditions described in the Data Controller Cookie Policy. 

8. RECIPIENTS AND PERSONS AUTHORIZED TO ACCESS THE USER’S DATA

Only authorized persons working for the Data Controller can access your personal data. The Data Controller makes its best effort to ensure that these groups of people remain as small as possible and maintain the confidentiality and security of the User’s personal data.

The Data Controller also uses trusted service providers to carry out a set of operations on its behalf for hosting. The Data Controller can also use service providers in the tech industry, and editors of specific tools integrated into the Platform for technical purposes.     

The Data Controller only provides service providers with the information they need to perform the service and asks them not to use your personal data for any other purpose. The Data Controller does its best to ensure that all these trusted service providers only process the personal data on our documented instructions and provide sufficient guarantees, in particular in terms of confidentiality, expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing. 

The Data Controller may be required to disclose or share your personal data to comply with a legal obligation, to enforce or apply our terms of use/sale or any other conditions you have accepted, or to protect the rights, safety or property of The Guest House, its customers or employees.

List of the main service providers:

Service Provider Service You can consult the privacy policy by clicking on the following link:
KIT UNITED

 

44 Rue La Fayette 

75009 Paris

France

HIVEBRITE solution https://hivebrite.com/privacy-policy 
Google Cloud Platform

 

Gordon House, 4 Barrow St, 

Dublin, Ireland

Hosting of all data and content produced / provided by the User, as well as images, profile pictures and backups https://cloud.google.com/security/privacy/ 
Amazon AWS

 

38 Avenue John F. Kennedy, 

L-1855, Luxembourg

https://aws.amazon.com/compliance/gdpr-center/
Sentry

 

132 Hawthorne Street 

San Francisco, CA 94107

USA

 

Production and storage of error logs enabling our developers

 

to correct the code

https://sentry.io/privacy/ 
Sendgrid

 

375 Beale Street, Suite 300,

San Francisco, CA 94105

USA

Sending of emails from the Platform https://api.sendgrid.com/privacy.html 
Hivebrite, Inc.

 

16 Nassau St, 

New York, NY 10038,

USA

Customer support for the Platform