Privacy Policy

1. Data Controller and Scope

This Privacy Policy describes how EazyAL (“we”, “us”, “our”) processes personal data in connection with:

  • The website: www.eazyal.com

  • The EazyAL platform (app.eazyal.com)

  • Guest check-in forms generated by hosts using EazyAL

For the purposes of the General Data Protection Regulation (GDPR):

  • EazyAL acts as Data Controller for:

    • website users

    • platform users (hosts)

  • EazyAL acts as Data Processor for:

    • guest data collected on behalf of hosts

📧Contact: info@eazyal.com

2. Categories of Data Subjects

We process personal data relating to:

  • Hosts / Users (account holders)

  • Guests (individuals submitting check-in forms)

  • Website visitors

3. Categories of Personal Data

3.1 Host Data

We may process:

  • Name

  • Email address

  • Account credentials

  • Property and unit details

  • Booking-related metadata

  • Communication history

3.2 Guest Data (submitted via check-in forms)

Processed on behalf of hosts:

  • Full name

  • Date of birth

  • Nationality

  • Country of residence

  • Identification document type and number

  • Document issuing country

  • Stay details (arrival/departure dates, unit)

3.3 Technical Data

Automatically collected:

  • IP address

  • Browser type and version

  • Device information

  • Access timestamps

  • Usage data

4. Purposes of Processing

We process personal data for the following purposes:

Platform Operation

  • Account creation and management

  • Providing access to EazyAL features

  • Customer support

Compliance Support (Core Service)

  • Facilitating guest data collection

  • Assisting hosts with legal obligations (e.g. SIBA, INE/IPHH)

  • Organising and structuring guest data

⚠️ Important:
EazyAL does not automatically submit data to authorities without explicit user action or confirmation.

Communication

  • Sending service-related messages

  • Responding to enquiries

  • Providing onboarding and support

Product Improvement

  • Analytics and usage insights

  • Platform optimisation

Legal Obligations

  • Compliance with applicable laws

  • Fraud prevention and security

5. Legal Bases (Art. 6 GDPR)

We rely on the following legal bases:

  • Contract performance (Art. 6(1)(b))
    → Providing the platform to hosts

  • Legal obligation (Art. 6(1)(c))
    → Supporting compliance workflows

  • Consent (Art. 6(1)(a))
    → Guest form submissions, marketing

  • Legitimate interests (Art. 6(1)(f))
    → Security, analytics, product improvement

6. Hosts vs Guests — Roles and Responsibilities

Hosts (EazyAL Users)

  • Act as Data Controllers for guest data

  • Are responsible for:

    • informing guests about data collection

    • ensuring legal compliance (e.g. SIBA submission)

    • defining how data is used

EazyAL processes guest data strictly on behalf of the host.

Guests (Data Subjects)

If you are a guest submitting a check-in form:

  • Your data is collected on behalf of the host

  • EazyAL acts as a Data Processor

  • The host is the primary contact for:

    • access requests

    • correction

    • deletion

However, you may also contact EazyAL at:
📧 info@eazyal.com

7. Data Retention

We retain data only for as long as necessary:

  • Host account data → while account is active

  • Guest data → as determined by the host or legal requirements

  • Technical data → limited retention for security and analytics

Data may be retained longer where required by law.

8. Data Sharing

We do not sell personal data.

Data may be shared:

  • With subprocessors (see Section 9)

  • When required by law

  • To provide the service (e.g. infrastructure providers)

9. Subprocessors

We use GDPR-compliant service providers, including:

  • Supabase — database and backend infrastructure

  • Vercel — security and CDN

  • Stripe — payments (if applicable)

  • Resend / Brevo — email delivery

All subprocessors are bound by data processing agreements.

10. International Transfers

Where data is transferred outside the EEA, we ensure:

  • Standard Contractual Clauses (SCCs), or

  • Equivalent safeguards

11. Security Measures

We implement appropriate technical and organisational measures, including:

  • Encryption (HTTPS / TLS)

  • Access controls

  • Secure infrastructure

  • Data minimisation principles

However, no system is 100% secure.

12. Cookies and Tracking

We use cookies for:

  • Essential functionality

  • Analytics

  • User experience

Users may manage cookies via browser settings.

13. Your Rights (GDPR)

You have the right to:

  • Access your data

  • Rectify inaccurate data

  • Erase your data (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

You may also lodge a complaint with:

Comissão Nacional de Proteção de Dados

14. Withdrawal of Consent

Where processing is based on consent, you may withdraw it at any time.

This does not affect prior lawful processing.

15. Updates to This Policy

We may update this Privacy Policy periodically. Updates will be published on this page.

16. Contact

For any data protection enquiries:

📧 info@eazyal.com
🌐 www.eazyal.com