Privacy policy

Bidrento

Privacy Notice for End Users

This Privacy Notice explains the extent and purposes of processing your personal data within the provision of the Services by Bidrent OÜ, registry code 14446981, address Pärnu mnt 105, Tallinn, Estonia (Bidrento).

The personal data controller is the legal entity (the lessor) that provides services to you (the lessee), whereas the lessor has outsourced Services from Bidrento. Bidrento processes your personal data on behalf of the lessor while providing the following services:

1) Bidrento Long-Term – the long-term rental management software and the mobile app related to it, provided by Bidrento, usable by lessors and lessees (including rental property managers) and maintenance service providers (for example such as cleaning, plumbing, electrical work, etc.), available at https://pro.bidrento.com/;

2) Bidrento Short-Term – the short-term rental management software, provided by Bidrento, usable by lessors and lessees for short-term renting of assets, available at https://hotel.bidrento.com/ ;

Bidrento Long-Term and Bidrento Short-Term are collectively referred to as the Services.

Personal data is processed by Bidrento in the following instances:

1) the lessor may enter your personal data within the Services;

2) you may enter your personal data within the Services;

3) third-party services integrated into the Bidrento Long-Term platform provide automated data collection. For example, the lessor may verify your credibility by using payment default registers. 

In each case, the lessor determines the extent of personal data they wish to collect from you in connection with the Services. Please note that Bidrento is not responsible for data requests made by the lessor. If you would like to understand the specific legal basis for processing such data, please contact the lessor.

Personal data is stored on the website or app for the Services, where both you and the lessor have access to your personal data.

Data shall be processed anonymously for research, product development or statistical purposes. Data analysis is anonymous (data cannot be linked to any specific natural person), and such processing is not subject to personal data protection (including GDPR) provisions.

The lessor can invite you to use the Bidrento Long-Term service. You cannot create an account independently. Through the Bidrento Long-Term service, you can receive expense invoices, provide an example of current consumption and communicate with the lessor. While using the Bidrento Short-Term service, you do not have the possibility to create an account, however, you can access the active booking. Bidrento is responsible for the data processing, security and availability necessary for registering users to access the Bidrento Long-Term service and managing their accounts, as agreed in the Terms of Use.

In the following, we provide an overview of what personal data we process on behalf of the lessor when you are using the Services:

Bidrento Long-Term
Data CategoryPurpose of ProcessingBasis of processingData Retention Period
Your first and last name, email address, phone numberProfile managementPerformance of agreementThree years after account closure
Your consumption of services (e.g. water and electricity usage)Management of monthly maintenance invoicesPerformance of agreementThree years after account closure
Financial data related to property maintenance invoices issued to youManagement of monthly maintenance invoicesPerformance of agreementSeven years
Debt related to property maintenance invoices issued to youDebt managementLawful obligationThree years after expiry of debt
Communication between you and the lessorEnabling platform functionalityPerformance of agreementBy default, the retention period on the platform is three years from the end of the rental agreement or three years after account closure.
Orders for maintenance (repair, repair, administration) submitted by you to the lessor via the platformEnabling platform functionalityPerformance of agreementBy default, the retention period on the platform is three years from the end of the rental agreement.
Data transmitted by door security cameras placed on the property by the lessorEnabling platform functionalityLegitimate interestThe platform only allows the use of real-time data. The platform functionality does not allow recording.
The lessor may verify your financial background by using third-party services (e.g. payment default registers)Evaluating your credibilityLegitimate Interest/consentThe retention period depends on the policy of a third party performing the background check, ask further information from the lessor
Bidrento Short-Term
Data CategoryPurpose of ProcessingBasis of processingData Retention Period
Data entered for a booking: Name(s) and surname(s), email address, phone number, period of provision of the services for youRegistering your usage of the servicesPerformance of agreementThree years after provision of services
Your data entered for checking in: Name(s) and surname(s), date of birth, email address, phone number, citizenship, country of residence, period of provision of the accommodation services, purpose of travel, number of minors accommodated together with you.Registering your usage of accommodation servicesCompliance with a legal obligationTwo years after the date of registration
Financial data related to invoices issued to youInvoice managementPerformance of agreementSeven years
Debt related to invoices issued to youDebt managementCompliance with a legal obligationThree years after the expiry of debt
Communication between you and the lessorEnabling platform functionalityPerformance of agreementBy default, the retention period on the platform is three years from the end of the rental agreement.
Name, e-mail address, and telephone number required for marketing directed to youMarketingThe previous sale of a product or service. During the initial collection of data, and whenever the data is used, the customer has a clear and understandable way to prohibit the use of such contact information in a free and easy way (Directive 2002/58/EU article 13 section 2)Until withdrawal from direct marketing (opt-out)

Personal data will not be shared with other users of Bidrento services.

Third-party services are used to provide the Services. Service providers have access to some of your personal information to ensure the continuation of the Services. Service providers do not have the right to use your personal data for other purposes or to retain it longer than necessary to provide the service properly.

Name of providerPurpose of processingCountry, where data is stored
AWS (Amazon Web Services) CloudCloud servicesSweden
Stripe, Inc.Payment service providerUSA (DPF + SCC)
MontonioPayment service providerLuxembourg

Some data may, in some cases, also leave the European Economic Area. In such cases, data transfer complies with applicable data protection rules and laws, contractual, technical and organizational arrangements are also in place.

To ensure the security of all data, technical and organizational security measures have been implemented. Your personal data is protected against intentional or unintentional destruction, alteration, unauthorized access or any other unlawful processing.

Security measures include, but are not limited to: authentication and access management; passwords and on-demand access to data; secure network design; encryption; data loss prevention and other constantly updated security measures.

The retention periods for personal data depend on the purpose and legal basis for processing. For example, the lessor may be subject to a legal or contractual obligation to retain data for a specified period. The retention of data may also be based on the legitimate interest of the lessor or your consent. The retention periods are provided above.

According to data protection regulations, you have certain rights regarding the processing of your personal data. To exercise these rights, you must contact the data controller (e.g. the controller of the personal data collected during the rental agreement is the lessor).

1) Right of access to data. You have the right to know who, how, from what sources and what personal data is being processed.

2) Data transfer. You have the right to request that personal data collected about you be transferred in machine-readable form to another service provider whose services, for example, you wish to use in the future.

3) Deletion of data/right to be forgotten. You have the right to request the deletion of your personal data if you no longer wish to be processed and the data controller has no legitimate reason to use them.

4) Restriction of data processing/objection. You have the right to restrict or prohibit the processing of your personal data under certain conditions. You also have the right to object to using your data in the case of legitimate interest if there is a good reason.

5) Data correction. You always have the right to correct or supplement personal data if it is inaccurate and if the inaccuracy may affect you.

6) The right to withdraw consent. If you have given your consent to the processing of your personal data, you always have the right to withdraw it.

To use the rights related to the processing of personal data above, contact the lessor.

If your request concerns personal data for which we are not data controllers, we will forward your request to the data controller. You will get a reply within 30 days.

If you have any questions about the processing of personal data, please contact the lessor. You also have the right to submit a complaint to the Data Protection Inspectorate at info@aki.ee.

Current as of July 2, 2024