Privacy and cookie statement
Hallo, fijn dat je meer wilt weten over hoe we omgaan met privacy en cookies. Op dit moment is deze pagina alleen in het Engels beschikbaar. We verwachten deze binnenkort ook in het Nederlands beschikbaar te hebben.
Hello, thank you for taking the time to read Moonback’s privacy and cookie statement.
We store and process personal information about you if you visit our website, use our platform to book a room, subscribe to our e-mail newsletter or get in touch with us. We are the data controller for all processing of personal data through our platform, which means that we are – and feel! – responsible for all your personal details flowing through our website. We will shortly explain for each category of processing (such as data regarding travellers) what personal data we process and why we do so, and what your rights are.
Website visitors’ data
Cookies and related technologies
|Name||Purpose||Personal data||Third parties||Retention time||Section|
|_ga, _ga_TBDZZ93GJ4, _gid||Analytics||Registers a unique ID that is used to generate statistical data on how the visitor uses the website and the number of times a visitor has visited the website.||Google Inc. (Google Analytics)||2 years||Entire website|
|tap_vid||Analytics||Contains attribution data that points to the affiliate partner that referred a visitor.||N/A||30 days||Entire website when visitor was referred to Moonback by an affiliate partner|
|Functional||Contains an anonymous visitor identifier and an identifier for each unique browser session so that the visitor can access their conversations and have data communicated on logged out pages for 1 week, as long as the session isn’t intentionally terminated.||Intercom||1 week to 9 months||Only customer support pages|
We do not need to ask your consent for cookies which are required for the proper functioning of our platform, or for analytics. The legal ground for the use of these cookies is our legitimate interest, which is to help you and other travellers in the best possible way, and to keep track of our marketing activities, including our affiliate program.
We also log your IP address and information about your browser, device and operating system. We store this information for a limited time (less than two weeks) in our server logs, as it helps us to prevent DDOS attacks and other abuse of our website. We think that this is a legitimate interest of ours.
If you book a room at one of the hotels or other accommodations we list, we will process certain information about you. We do this in order to process your booking (for the GDPR enthusiasts: the processing is necessary for the performance of a contract to which the data subject is a party), so that you do not need to worry about availability or payment. We will arrange that for you, using the following types of personal data:
- your name
- e-mail address and password
- telephone number
- accommodation and booking details
- information whether your payment was successful
- booking history
- remarks and requests for your accommodation
- travel party size and age of children
- names of your fellow travellers
- interaction with us, such as through our customer service
- other personal information you have provided to us
If you have reached us through one of our affiliates, we will also store a unique code which points to this affiliate, so that we can reward them for their referral. For you GDPR junkies out there: this is in our legitimate interest (as much as it is in our affiliates’ interest of course, but that is not relevant here), as this is an important part of our marketing strategy.
We may also use the data listed above if we are legally required to do so, for example to comply with tax laws. The data may also be used in case of a dispute (we think that is unlikely), and to find out whether you are a repeat traveller (much more likely), which would be nice for the accommodation you are staying in, because they will pay a lower fee to us (unless you book a resale room – please see our general terms for details). We may also use your e-mail address and name to send you special offers, tips for nice places to stay at and other cool stuff, unless you let us know that you do not wish to receive our marketing e-mails, of course. For the purists: the legal ground for the last three types of processing is that it is necessary for the purposes of our legitimate interests.
We try to limit our personal data processing as much as possible, so any information we request from you will be necessary to provide you with our services. If you are not willing to provide information we request, you cannot book an accommodation through our platform.
Mailing subscribers’ data
We regularly send out a newsletter to everyone who is interested in our platform, as well as e-mail alerts to keep you up-to-date on new additions and cool features. You can subscribe via this page. The only type of data we process for this purpose is your e-mail address, and the legal ground for this processing is your consent.
Data regarding your interactions with us
We also process personal data regarding you if you contact us for support, general questions or just a chat. We offer several ways to get in touch with us, including e-mail, online forms, chat and telephone, and it depends on the medium you choose what personal data we process. In all cases, we process your name, relevant contact details and the information you provide to us. The legal ground for this sort of processing is always our legitimate interest, which is to help you in the best possible way. We guess that this nicely aligns with your interests!
Sharing your data with other parties
Your personal data will only be shared with other parties if that is necessary for the purposes we just mentioned. This means that we may transfer your personal data to:
- the hotel or other accommodation you book with (no surprises here)
- our hotel connectivity partner OpenGDS, so that they can forward your booking to your accommodation’s reservation system
- the hotel databases we work with, including Hotelbeds
- our payment service provider Stripe, which may need to share your data with other financial institutions to process your payment
- Intercom, which facilitates the communication between you and our support team
- Postmark, which facilitates the reliable delivery of emails, for example for your booking confirmation
- Mailchimp, which sends out our marketing e-mails and newsletters
- Tapfiliate, which facilitates our affiliate marketing program;
- tax services and other government organisations
- courts and other dispute resolvers
- Google, for our data analytics tool Google Analytics (sorry for using big tech), which helps us analyse our website performance. We have set up Google Analytics in the most privacy-friendly way, as recommended by the Dutch data protection authority. This means that:
- we have a data processing agreement with Google
- the last three digits of your IP address will be masked
- Google may not use the data collected through our website for other purposes
- we do not use other Google services in combination with Google Analytics-cookies
Parties we share your personal data with can be based in countries where the GDPR does not apply, meaning that less protective data protection laws may apply. We will ensure that if this is the case, the parties we share your data with will agree to contractual terms or other measures to protect your personal data. You are of course free to contact us in case of any questions about our data sharing and the safeguards provided.
Protection of your personal data
We have taken appropriate measures in order to protect your personal data against unlawful processing. In addition to the usual technical security measures, we require all our staff who have access to personal data to agree to confidentiality agreements.
We will store your personal data no longer than necessary for the purposes mentioned above. If you make a booking, we will for a maximum term of 10 years store your e-mail address together with an identifier for the place you stayed at to find out whether you are a repeat traveller. Certain financial information must be retained for 7 years in order to comply with statutory requirements.
You always have the right to request access to the personal data we store about you, and to request rectification, erasure or restriction of processing. You may also object to any of our processing, and you have the right to data portability. If you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens, or your local data protection authority.
If you have any questions regarding our processing of your personal data, please do not hesitate to contact us by e-mail, firstname.lastname@example.org.