contact@localvillamanager.com

Privacy policy

LOCAL VILLA MANAGER PRIVACY POLICY



PLEASE READ THIS PRIVACY POLICY ("POLICY") CAREFULLY BEFORE UTILIZING LOCAL VILLA MANAGER ("SERVICE" OR "PRODUCT"). BY ACCESSING OR UTILIZING LOCAL VILLA MANAGER, YOU ("USER" OR "YOU") UNCONDITIONALLY CONSENT TO BE BOUND BY THE TERMS OF THIS POLICY.

 

DEFINITIONS

 

For the purposes of this Policy, the following definitions shall apply:

 

1.1. "Personal Data" shall mean any information relating to an identified or identifiable natural person, as defined under applicable data protection laws, including but not limited to (i) name; (ii) email address; (iii) phone number; (iv) location; (v) online identifiers; (vi) other data that can be used to identify, contact, or locate a natural person.

 

1.2. "Processing" shall mean any operation or set of operations performed on Personal Data, whether or not by automated means, including but not limited to (i) collection; (ii) recording; (iii) organization; (iv) storage; (v) adaptation; (vi) alteration; (vii) retrieval; (viii) consultation; (ix) use; (x) disclosure.

 

1.3. "Controller" shall mean CV Amal Ibadah Berkah Abadi, trading as LOCAL VILLA MANAGER, a company duly incorporated under the laws of the Republic of Indonesia, with its registered address at Srimahi no. 26, Bandung 40253, Indonesia.

 

1.4. "Processor" shall mean any natural or legal person, public authority, agency, or other body that Processes Personal Data on behalf of the Controller.

 

1.5. "Data Subject" shall mean an identified or identifiable natural person whose Personal Data is Processed.

 

1.6. "Service" or "Product" shall mean Local Villa Manager.

 

1.7. "User" or "you" shall mean any natural person using the Service or Product.



INFORMATION COLLECTION

 

When we use the term “personal data” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual. We collect or generate the following categories of personal data in relation to the Services:

  • Usage and device information concerning our Users, Prospects and Technology Partners:Connectivity, technical and usage data, such as IP addresses and approximate general locations derived from such IP addresses, device and application data (like type, operating system, mobile device or app id, browser version, location and language settings used), activity logs, the relevant cookies and pixels installed or utilized on your device, and the recorded activity (sessions, clicks, use of features, logged activities and other interactions) of Prospects, Users and Technology Partners in connection with our Services. We collect and generate this information automatically, including through the use of analytics tools (including cookies and pixels) – which collect data such as: how often Prospects or Technology Partners visit or use the Sites, which pages they visit and when, which website, ad or email message brought them there, and how Users interact with and use the Platform and its various features.

  • Contact and profile information concerning our Customers, Users, Prospects and Technology Partners:Name, email, phone number, position, workplace, profile picture, login credentials, contractual and billing details, and any other information submitted by Account Admins and Users or otherwise available to us when they sign up or log in to the Platform (either directly or through their social media or organizational Single-Sign-On account), when creating their individual profile (“User Profile”), or by updating their account.
    We collect this information directly from you, or from other sources and third parties such as our Customer (your employer), Users and colleagues related to your organizational LOCAL VILLA MANAGER account, organizers of events or promotions that both you and us were involved in, and through the use of tools and channels commonly used for connecting between companies and individual professionals in order to explore potential business and employment opportunities.

  • Communications with our Customers, Users, Prospects and Technology Partners:
    Personal data contained in any forms and inquiries that you may submit to us, including support requests, interactions through social media channels and instant messaging apps, registrations to events that we host, organize or sponsor, and participation in our online and offline communities and activities); surveys, feedback and testimonials received; expressed, presumed or identified needs, preferences, attributes and insights relevant to our potential or existing engagement; and sensory information including phone call and video conference recordings (e.g., with our customer experience or product consultants), as well as written correspondences, screen recordings, screenshots, documentation and related information that may be automatically recorded, tracked, transcribed and analyzed, for purposes including analytics, quality control and improvements, training, and record-keeping purposes.

For the purposes of this Policy, we collect and process various categories of information through multiple channels, as described below.

 

2.1. Registration and Account Information

 

The following information shall be collected and processed when you create an account: (i) Email address; (ii) Password (hashed for security purposes); (iii) Name; (iv) Company name; (v) Job title; (vi) Industry (optional); (vii) Total number of rooms/clients/properties.

 

2.2. Usage Data

 

We automatically collect and store the following data related to your usage of the Product including, but not limited to: (i) Login and logout timestamps; (ii) Features utilized; (iii) Data entered; (iv) Device information, comprising: (a) IP address; (b) Browser type and version; (c) Operating system; (d) Device type (desktop, mobile, tablet).

 

2.3. Cookies and Tracking Technologies

 

We employ cookies and tracking technologies for the following purposes including, but not limited to: (i) User authentication; (ii) Session management and state maintenance; (iii) Session tracking; (iv) Usage pattern analysis; (v) Targeted advertising; (vi) Campaign effectiveness measurement; (vii) Protection from malicious activity; (viii) Website/app performance and efficiency enhancement; (ix) Compliance with applicable legal requirements (e.g., GDPR); (x) Enablement of third-party services (e.g., Google Analytics).

 

Specific cookies used including, but not limited to: (i) Authorization cookies; (ii) Session cookies; (iii) Persistent cookies; (iv) Third-party cookies.

 

2.4. Third-Party Services

 

We integrate with third-party services, which may collect and process information in accordance with their respective privacy policies, including, but not limited to: (i) Google Inbox; (ii) Google Calendar.



DATA USE

 

For the purposes of this Policy, we utilize the collected information for the following specified purposes:

 

3.1. Service Delivery

 

To provide, maintain, deliver, and facilitate the core functionality of the Product, including but not limited to: (i) Account management and administration; (ii) Feature accessibility, customization, and optimization; (iii) Data storage, retrieval, processing, and backup; (iv) User authentication, authorization, and verification; (v) Product updates, maintenance, and support.

 

3.2. Service Improvement

 

To analyze, understand, and enhance usage patterns, Product performance, and develop new features, including but not limited to: (i) Usage analytics, metrics, and reporting; (ii) Crash reporting, error tracking, and debugging; (iii) Performance monitoring, optimization, and benchmarking; (iv) User feedback, survey analysis, and research; (v) A/B testing, experimentation, and quality assurance.

 

To send essential and optional communications, including but not limited to: (i) Product updates, announcements, and releases; (ii) Security notifications, alerts, and warnings;

(iii) Marketing communications (optional), comprising: (a) Newsletters, promotional offers, and product recommendations; (b) Event invitations, webinars, and conferences;

(c) Educational content, tutorials, and guides.

 

3.4. Compliance and Legal Obligations

 

To comply with applicable laws, regulations, industry standards, and judicial or governmental orders, including but not limited to: (i) Law enforcement requests, responses, and cooperation; (ii) Court orders, subpoenas, and legal processes; (iii) Regulatory compliance, reporting, and disclosure; (iv) Data protection, privacy, and security compliance; (v) Intellectual property protection, enforcement, and defense.

 

3.5. Business Operations

 

To manage our business operations, administrative tasks, and legitimate interests, including but not limited to: (i) Billing, payment processing, and financial management; (ii) Customer support, success, and relationship management; (iii) Internal research, development, and innovation; (iv) Employee training, development, and performance evaluation;(v). Financial reporting, accounting, and auditing.



DATA SHARING

 

For the purposes of facilitating the provision and improvement of our services, we engage in data sharing with select parties, as delineated below, in accordance with applicable laws, regulations, and industry standards.

 

4.1. Service Providers, Contractors and Vendors

 

Pursuant to our legitimate interests in providing and enhancing our services, we share data with third-party service providers, contractors and vendors, including but not limited to: (i) Payment processing services, for the purpose of facilitating transactions; (ii) Email delivery services, for the purpose of sending communications; (iii) Data storage and hosting services, for the purpose of storing and processing data; (v) Security and fraud prevention services, for the purpose of protecting our services and users.

 

We ensure that these service providers: (i) Adhere to industry-standard data protection policies; (ii) Implement appropriate technical and organizational measures to safeguard data; (iii) Process data solely for the purposes specified herein.

 

4.2. Law Enforcement and Regulatory Compliance

 

In compliance with our legal obligations and to protect our users, services, and rights, we share data with law enforcement agencies, regulatory bodies, and judicial authorities, including but not limited to: (i) To comply with court orders, subpoenas, and other lawful requests; (ii) To enforce our Terms of Service and policies; (iii) To respond to allegations of illegal activities or violations of our policies.

 

4.3. Business Transfers

 

In the event of a merger, acquisition, sale of assets, or bankruptcy, we may share data with: (i) Successor entities; (ii) Affiliates; (iii) Assignees. 

To ensure continuity of services and compliance with applicable laws.

 

4.4. Affiliates, Subsidiaries and Group Companies

 

We may share data with our affiliates, subsidiaries and group companies: (i) To provide integrated services; (ii) To improve user experience; (iii) To enhance product offerings.

 

4.5. Data Aggregation

 

We may anonymize and aggregate data for: (i) Research purposes, including but not limited to industry trends and benchmarking; (ii) Product development, including but not limited to improving functionality and performance; (iii) Other legitimate business purposes.

 

This aggregated data does not identify individual users.

 

4.6. International Data Transfers

 

We may transfer data across borders to, including but not limited to: (i) Affiliates; (ii) Third-party service providers; (iii) Partners; (iv) Collaborators; (v) Business associates.

 

In compliance with applicable data protection regulations, including but not limited to the General Data Protection Regulation (GDPR) and the Indonesian Data Protection Regulation.

 

4.7. User Consent

 

We will obtain user consent before sharing data with third parties for purposes other than those specified above, unless: (i) Required by law; (ii) Necessary for the performance of a contract; (iii) Necessary for the protection of vital interests.



DATA SECURITY

 

In order to protect your personal data held with us, we use industry-standard physical, procedural and technical security measures, including encryption as appropriate. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties as described in Section 4 above. 

 

5.1. Encryption

 

To ensure confidentiality and integrity, we utilize end-to-end encryption for data: (i) In transit: We employ Transport Layer Security (TLS) version 1.2 or later, and Hypertext Transfer Protocol Secure (HTTPS); (ii) At rest: We utilize Advanced Encryption Standard (AES)-256 encryption.

 

5.2. Access Controls

 

To restrict unauthorized access, we implement: (i) Role-Based Access Controls (RBAC): Limiting access to authorized personnel based on job function; (ii) Secure Password Storage: Hashing and salting passwords, protecting against unauthorized access.; (iii) Regular Access Reviews and Revocation: Periodic review and removal of access rights, ensuring access is limited to necessary personnel.

 

5.3. Data Backup and Recovery

 

To ensure business continuity, we implement: (i) Regular Automated Backups: Conducting frequent backups to prevent data loss; (ii) Disaster Recovery Procedures: Establishing procedures for rapid recovery in the event of a disaster (iii) Data Retention and Archiving Policies: Maintaining data retention and archiving policies, ensuring compliance.

 

5.4. Incident Response

 

In the event of a security breach: (i) Incident Response Plan Activation: Immediately activating our incident response plan; (ii) Notification to Affected Users: Notifying affected users within 24 to 72 hours, as required by applicable laws; (iii) Investigation and Remediation: Conducting thorough investigations and implementing remediation measures; (iv) Post-Incident Review and Improvement: Conducting post-incident reviews, identifying areas for improvement.

 

5.5. Network Security

 

To protect our network: (i) Firewalls and Intrusion Detection/Prevention Systems: Implementing firewalls and intrusion detection/prevention systems; (ii) Regular Security Updates and Patches: Applying regular security updates and patches; (iii) Network Segmentation and Isolation: Segmenting and isolating sensitive areas of the network.

 

5.6. Vulnerability Management

 

To identify and address vulnerabilities: (i) Regular Security Audits and Penetration Testing: Conducting regular security audits and penetration testing; (ii) Vulnerability Scanning and Remediation: Identifying and remediating vulnerabilities.



5.7. Compliance and Certifications

 

We adhere to industry-recognized security standards: General Data Protection Regulation (GDPR)

 

DATA RETENTION

 

We implement the following data retention policies to ensure compliance with applicable laws, regulations, and industry standards.

 

6.1. Active Accounts

 

We retain data for all active accounts, regardless of activity, for the duration of the account's existence, provided that: (i) The account remains in good standing; (ii) Subscription fees are paid; (iii) The account is not suspended or terminated.

 

6.2. Account Closure or Termination

 

Upon account closure or termination: (i) We retain data for a period of thirty (30) days to facilitate account recovery; (ii) Following the expiration of the thirty (30) day period, data is permanently deleted; (iii) Exceptions may apply for legal or regulatory requirements.



6.3. Backup and Archival data

 

We retain backup and archival data for: (i) Incremental backups: Thirty (30) days; (ii) Full backups: Six (6) months.

 

6.4. Data Deletion

 

We delete data: (i) Upon account closure or termination; (ii) After retention periods expire; (iii) Upon user request, subject to applicable laws and regulations; (iv) In accordance with our data destruction policies.

 

6.5. Data Anonymization

 

We anonymize data: (i) After retention periods expire; (ii) For research and analytics purposes; (iii) To improve our services.

 

6.6. Data Retention Exceptions

 

Notwithstanding the foregoing, we may retain data beyond the specified periods: (i) To comply with legal obligations; (ii) To exercise or defend legal claims; (iii) To protect our rights, property, or safety; (iv) For national security or law enforcement purposes.

 

6.7. Data Storage And Processing

 

Data retention periods shall be calculated from the date of: (i) Last account activity; (ii) Account closure or termination; (iii) Data collection.

 

6.8. Data Destruction

 

Deleted data shall be: (i) Permanently destroyed; (ii) Rendered inaccessible; (iii) Unable to be recovered.

 

6.9. Compliance

 

We adhere to industry-recognized data retention standards: (i) General Data Protection Regulation (GDPR); (ii) Industry standards and best practices.



6.10. Data Retention Policy Changes

 

We reserve the right to modify this Data Retention Policy: (i) To comply with changing laws and regulations; (ii) To adapt to new technologies and infrastructure; (iii) To improve our services.

 

6.11. Data Subject Requests

 

Data subjects may request: (i) Data deletion; (ii) Data anonymization; (iii) Data transfer; (iv) Access to their personal data.

 

6.12. Data Retention Review

 

We regularly review our data retention policies: (i) To ensure compliance with applicable laws and regulations; (ii) To adapt to changing industry standards; (iii) To improve our services.

 

6.13. Data Retention Training

 

Our personnel receive training on data retention policies: (i) To ensure understanding of data retention requirements; (ii) To ensure compliance with data retention policies.



DATA SUBJECT RIGHTS

 

As a data subject, you have the following rights, as outlined in the General Data Protection Regulation (GDPR) and other applicable data protection regulations.

 

7.1. Right To Access (Article 15 GDPR)

 

You can request: (i) Confirmation of Personal Data processing; (ii) Access to your Personal Data; (iii) Information about processing purposes, categories, and recipients; (iv) Information about data storage and retention periods; (v) Information about data transfers to third countries; (vi) Information about automated decision-making and profiling; (vii) Copy of your Personal Data.

 

7.2. Right To Correction (Article 16 GDPR)

 

You can request correction of: (i) Inaccurate Personal Data; (ii) Incomplete Personal Data; (iii) Outdated Personal Data; (iv) Incorrect Personal Data.

 

7.3. Right To Erasure (Article 17 GDPR)

 

You can request deletion of Personal Data: (i) If no longer necessary for the purposes collected; (ii) If consent withdrawn; (iii) If processing is unlawful; (iv) If required by law; (v) If Personal Data has been unlawfully processed.

 

7.4. Right To Restriction (Article 18 GDPR)

 

You can request restriction of Personal Data processing: (i) If accuracy is contested; (ii) If processing is unlawful; (iii) If data is no longer needed; (iv) If you object to processing.

 

7.5. Right To Data Portability (Article 20 GDPR)

 

You can request transfer of Personal Data: (i) In a structured, commonly used, and machine-readable format; (ii) To another controller.

 

7.6. Right To Object (Article 21 GDPR)

 

You can object to: (i) Processing of Personal Data for direct marketing; (ii) Processing of Personal Data for research or statistical purposes; (iii) Processing of Personal Data based on legitimate interests.

 

7.7. Right To Withdraw Consent

 

You can withdraw consent: (i) At any time; (ii) Without affecting lawfulness of processing prior to withdrawal.

 

7.8. Right To Lodge A Complaint

 

You can lodge a complaint: (i) With our Data Protection Officer (DPO); (ii) With the relevant supervisory authority.

 

7.9. Right To Be Informed

 

You have the right to be informed: (i) About Personal Data processing; (ii) About data breaches.

 

7.10. Compliance  Statement

 

This Privacy Policy is intended to comply with the Indonesian Data Protection Regulation (Law No. 27/2022) and other applicable data protection regulations. We have appointed a Data Protection Officer (DPO) as required by Article 27 of Law No. 27/2022. Our DPO can be contacted at dpo@localvillamanager.com for any queries or concerns regarding data protection.

 

Disclaimer: While every effort has been made to ensure compliance with the Indonesian Data Protection Regulation (Law No. 27/2022) and other applicable data protection regulations, LOCAL VILLA MANAGER disclaims any liability for unintentional errors or omissions. Our intention is to comply with applicable regulations, and we will promptly address any identified non-compliance.

 

DATA TRANSFER

 

We engage in the transfer of personal data to third-party services and international destinations, strictly adhering to applicable laws, regulations, and industry standards.

 

8.1. Third-Party Services

 

We transfer data to the following categories of third-party services, including but not limited to: (i) Calendar and email services (e.g., Google API Services); (ii) Data storage and hosting services (e.g., Hostinger).



8.2. International Transfers

 

We transfer data internationally in compliance with  General Data Protection Regulation (GDPR) for European Union (EU)/European Economic Area (EEA) users.



8.3. Data Transfer Mechanisms

 

We employ the following data transfer mechanisms: (i) Encryption (Transport Layer Security (TLS) 1.2 or later); (ii) Secure Sockets Layer (SSL); (iii) Secure File Transfer Protocol (SFTP).

 

8.4. Country-Specific Disclosures

 

For users in specific countries, additional disclosure requirements apply EU/EEA: Compliance with GDPR.

 

8.5. Data Transfer Opt-Out

 

You may opt-out of data transfers by: (i) Contacting us through dpo@localvillamanager.com our Data Protection Officer; (ii) Providing necessary identification and information.

 

Please note that opting out may affect our ability to provide services.



8.6. Data Transfer Security

 

We implement robust security measures to protect data during transfer, including: (i) Encryption; (ii) Secure protocols; (iii) Access controls.

 

8.7. Data Transfer Compliance

 

We regularly review and update our data transfer practices to ensure compliance with: (i) Applicable laws and regulations; (ii) Industry standards.



CHANGES TO THIS POLICY

 

We may modify this Policy at any time. Material changes will be effective only upon explicit user consent.

 

By using the Product, you acknowledge that you have read, understood, and agree to be bound by this Policy.

 

 

Get Updates & More

Thoughtful thoughts to your inbox

Copyright © 2024 by Local Villa Manager