This privacy statement is valid for the all websites hosted by HelloVillam (such as the hotel search websites, the HelloVillam magazine hellovillam.com, hellovillam.com, the Business Studio, Hotel Manager etc.) and the HelloVillam App.
In the following, we provide information about the collection of personally identifiable information while using our website. Personally identifiable information is all data that relates to you personally, such as name, address, e-mail addresses, or user behavior. The protection of your personally identifiable information is very important to us. If you have any questions or would like more information about HelloVillam's data protection, please contact info[at]hellovillam.com with the subject ‘Privacy Query’.
Continuous technological development, changes in our services or the legal situation, and other reasons may require adjustments to our data protection notice. We therefore reserve the right to change this privacy statement at any time and ask that you regularly keep yourself informed of the current state.
1 Party responsible for data processing
The responsible party, according to Article 4 (7) of the EU General Data Protection Regulation (GDPR), is HelloVillam Ornek Street, Dumankaya Ikon A3 Block No:94 Atasehir/Istanbul Turkey, telephone: +90216 620 88 67, E-mail: info[at]hellovillam.com.
2 Data protection officer point of contact
You can reach our data protection officer at info[at]hellovillam.com or our mailing address by adding “Datenschutz / Data Privacy”.
3 Your rights
You have the following rights with respect to the personally identifiable information concerning you:
3.1 General rights
You have the right to information, correction, deletion, limitation of processing, opposition to processing, and data portability. If processing is based on your consent, you have the right to revoke it with effect for the future.
3.2 Rights in the processing of data based on legitimate interests
According to Article 21 (1) of the GDPR, you have the right to file an objection at any time for reasons arising out of your particular situation against the processing of personally identifiable information relating to you, pursuant to Article 6 (1) of the GDPR (data processing in the public interest) or Article 6 par. 1 f GDPR (data processing for the protection of a legitimate interest); this also applies to a profiling based on this provision. In the event of your objection, we will no longer process your personally identifiable information unless we can establish compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing aids the enforcing, exercising or defending of legal claims.
3.3 Rights in direct advertising
If we process your personally identifiable information for the purpose of direct advertising, you have the right according to Article 21 par. 2 GDPR to object at any time to the processing of personally identifiable information relating to you for the purpose of such advertising; this also applies to profiling, where appropriate, insofar as it is associated with such direct advertising.
In the event of your objection to processing for the purpose of direct advertising, we will no longer process your personally identifiable information for these purposes.
3.4 Right to complain to a supervisory authority
You also have the right to complain to a relevant data protection supervisory authority about our processing of your personally identifiable information.
4 The collection of personally identifiable information when visiting our website
If you are only using the website for informational purposes, i.e., if you do not enroll or otherwise provide us with information, we will only collect the personally identifiable information that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and ensure its stability and security. Only in the case of suspected misuse in connection with bookings would we use this link information to facilitate the identification of the person responsible. The legal basis for this is Article 6 (1) (f) GDPR:
–IP address, date and time of the inquiry, time difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/HTTP status code, amount of data transferred in each case, website that receives the request, browser, operating system and its interface, language, and browser software version.
5 Contact by e-mail or contact form
When you contact us by e-mail or through a contact form, we will store the data you provide (your e-mail address, possibly your name and telephone number) so we can answer your questions. Insofar as we use our contact form to request entries that are not required for contacting you, we have always marked these as optional. This information serves to substantiate your inquiry and improve the handling of your request. A statement of this information is expressly provided on a voluntary basis and with your consent, art. 6 par. 1a GDPR. As far as this concerns information about communication channels (such as your e-mail address or telephone number), you also agree that we may also, where appropriate, contact you via this communication channel to answer your request. You may of course revoke this consent for the future at any time.
We delete the data that arises in this context after saving is no longer required, or limit processing if there are statutory retention requirements.
6.1 General information
With your consent under Art. 6 par. 1 a GDPR, you can opt in to our newsletter, which will inform you about our current deals.
To sign up for our newsletter, we use the “double opt-in” method. This means that after you have signed up, we will send you an e-mail to the e-mail address specified, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your sign-up within [24 hours], your information will be locked and automatically deleted after one month.
In addition, we save the IP addresses you used and the times of sign-up and confirmation. The purpose of the procedure is to verify your sign-up and, if necessary, to inform you about possible misuse of your personal data.
The only requirement for sending the newsletter is your email address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is art. 6 par. 1 a GDPR.
You may revoke your consent to the sending of the newsletter at any time and opt out of the newsletter. You can declare the revocation by clicking the link provided in each newsletter e-mail or by contacting the aforementioned data protection officer.
6.2 Newsletter Tracking
Please note that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent include “web beacons” or tracking pixels, which are stored on our website. For the evaluations, we link the data mentioned and the web beacons with your e-mail address and an individual ID.
With the data obtained in this way, we generate a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and deduce your personal interests. We link this data with actions you have taken on our website.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail. The information will be saved as long as you have opted in to the newsletter. After you log out, we save the data purely statistically and anonymously.
Also, such tracking is not possible if you've deactivated image viewing by default in your e-mail application. In this case, the newsletter will not be displayed in full and you won’t be able to use all the features. If you display images manually, the above tracking will take place.
You have the opportunity to enroll with us and create a HelloVillam user account. We collect and save the following data for enrollment:
The specification of the aforementioned data is compulsory; all other information you can provide voluntarily by using our portal.
After enrollment, you will receive personal, password-protected access and can view and manage the data you have stored. Enrollment is voluntary but may be required to use our services.
If you decide to be an active participant in the HelloVillam Community, e.g., by uploading photos or creating texts such as review ratings and descriptions, you decide yourself which personally identifiable information is visible to HelloVillam N.V. and all the visitors on the platform. You can modify these settings at any time. HelloVillam does not publish any personally identifiable information without receiving your express consent to do so. If you participate in the HelloVillam Content Community, your bank account details will be needed in order to pay out the miles you’ve earned. We need these so we can disburse the equivalent of the accumulated miles at your request. Alternatively, you can select PayPal or Skrill as payment options. HelloVillam user accounts and the information contained therein are password-protected so that only the user has access to this personally identifiable information. Users can change their user profiles at any time.
We will save this information until you permanently delete your access. We will still save the data that you provided on a voluntary basis for the time of your use of the portal, if you do not delete this in advance. You can manage and modify all information in your protected user account. The legal basis is article 6, par. 1 a, b, and f of the GDPR.
8 Business Studio an d Hotel Manager function
Hoteliers can manage their hotel using the Business Studio and Hotel Manager function. You must enroll in order to use this function. We collect and save the following data for enrollment:
- Personal title
- First and Last Name
- Business e-mail
- Business phone number
The specification of the aforementioned data is compulsory; all other information you can provide voluntarily by using our portal.
After enrollment, you will receive personal, password-protected access and can view and manage the data you have stored. The data collected will be used solely for implementing the contractual relationship between HelloVillam and the respective hotelier.Hoteliers who own a HelloVillam Business Studio/ Hotel Manager account may be contacted on HelloVillam's behalf through the Hotel Manager Call center which is not a HelloVillam company. Through these calls the Hotelier will be informed about new/ additional features of the tool. The legal basis for data processing is article 6, par. 1 a, b and f of the GDPR.
9 Use of social plug-ins
This website uses the provider’s social plug-ins
- Facebook, Instagram (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
- YouTube (YouTube LLC 901 Cherry Avenue, San Bruno, CA 94066, USA)
- Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- LinkedIn (LinkedIn Corporation1000 W. Maude Avenue, Sunnyvale, CA 94085, USA)
- Pinterest (operator: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)
- Xing (XING SE, Dammtorstraße 30, 20354 Hamburg)
These plug-ins typically collect data from you as standard, and transmit it to the respective vendor’s server. We have taken technical measures to ensure the protection of your privacy, which guarantee that your data cannot be collected by the vendors of the respective plug-ins without your consent. These will initially be deactivated when you visit a site connected to the plug-ins. The plug-ins will not be activated until you click on the respective symbol, and by doing so, you give your consent to have your data transmitted to the respective vendor. The legal basis for plug-in use is article 6, par. 1 a and f of the GDPR.
Once activated, the plug-ins also collect personally identifiable information, such as your IP address, and send it to the respective vendor’s server, where it is saved. Activated social plug-ins also set a cookie with a unique identifier when you visit the respective website. This allows the vendor to generate profiles of your user behavior as well. This occurs even if you are not a member of the respective vendor’s social network. If you are a member of the vendor’s social network and you are logged into the website during your visit, your data and information about your visit to the website can be linked with your profile on the social network. We do not have any influence over the exact extent to which your data is collected by the respective vendor. For more information about the extent, nature, and purpose of data processing and about the rights and setting options for protecting your privacy, please see the data protection notices for the respective social network vendor. These can be found at the following addresses:
- Facebook: https://www.facebook.com/policy.php
- Twitter: https://twitter.com/en/privacy
- Pinterest: https://about.pinterest.com/en/privacy-policy
- Instagram: https://help.instagram.com/519522125107875?helpref=page_content
- Xing: https://privacy.xing.com/en/privacy-policy
- Youtube: https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
10 Facebook Connect
We offer you the option of enrolling and signing in through your Facebook account. If you enroll via Facebook, Facebook will ask you for your permission to release certain data in your Facebook account to us. This may include your first name, last name, and e-mail address so your identity and gender can be verified, as well as general location, a link to your Facebook profile, your time zone, your date of birth, your profile picture, your “Like” information, and your friends list.
This data will be used to establish, provide, and personalize your account. The legal basis is article 6, par. 1 a, b, and f of the GDPR.
If you enroll with us through Facebook, your account will automatically be connected to your Facebook account and information about your activities on our website, if applicable, will be shared on Facebook and published on your timeline and news feed.
This website uses the following types of cookies, whose extent and function are explained in the following:
11.1 Transient cookies
These cookies are automatically deleted when you close your browser. This includes session cookies in particular. These save a “session ID” with which different requests from your browser can be assigned to the joint session. This allows your device to be recognized again when you return to our website. Session cookies are deleted when you log out or close your browser.
11.2 Persistent cookies
These cookies are automatically deleted after a set duration that can vary depending on the cookie. You can delete cookies in your browser security settings at any time.
11.3 Flash cookies
Flash cookies used are not collected through your browser, but through your Flash plug-in. In addition, we use HTML5 storage objects that are stored on your terminal. These objects save the necessary data independent of the browser you use and have no automatic expiration date. If you do not want Flash cookies processed, you must install a suitable add-on, such as "Privacy Badger” for Mozilla Firefox (https://www.eff.org/privacybadger) or Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you manually delete your cookies and browser history on a regular basis.
11.4 Preventing cookies
You can configure your browser and App settings as you wish and, for example, decline to accept third-party or all cookies. Please note that you may not be able to use all of the website’s functions in this case.
11.5 Legal bases and storage period
The legal bases for possible processing of personally identifiable information and its storage period vary and are described in the following sections.
For the purposes of analyzing and optimizing our websites, we use different services that are described in the following. This allows us to analyze, for example, how many users visit our site, which information is requested the most, and how users find the website. The data that we collect includes the websites from which a person in question arrives at a website (“referrer”), which subpages on the website are accessed and how often, and the length of time for which a subpage is viewed. This helps us to develop and improve our website to be more user-friendly. The data collected does not serve to personally identify individual users. Anonymous or highly pseudonymous data will be collected. The legal basis for this is article 6, par. 1 f of the GDPR.
12.1 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This use covers the Universal Analytics operating mode. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.
You can prevent cookies from being stored through the relevant setting in your browser software; however, please note that if you do so, not all functions of the website may be able to be used to their full extent. You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing https://tools.google.com/dlpage/gaoptout?hl=en. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics collection across various devices, you must perform the opt-out on all systems in use. Set the opt-out cookie by clicking here: Deactivate Google Analytics.
12.2 Google Tag Manager
For transparency reasons, we would like to mention that we use Google Tag Manager. Google Tag Manager does not itself collect any personally identifiable information. Tag Manager makes it easier for us to incorporate and manage our tags. Tags are small elements of code that serve to measure traffic and user behavior, record the effects of online advertising and social channels, establish remarketing and focus on target groups, and test and optimize websites, among other things. If you have deactivated, this will be taken into account by Google Tag Manager. For more information about Google Tag Manager, see: https://www.google.com/analytics/tag-manager/use-policy/
Data is collected and stored for marketing and optimization purposes on this website using technologies from etracker GmbH (https://www.etracker.com/en/). This data can be used to generate usage profiles under a pseudonym. Cookies may be used for this purpose. The data collected with eTracker technologies is not used for the purpose of personally identifying visitors to this website and will not be conflated with personally identifiable information about the bearer of the pseudonym without the explicit consent of the individual in question. You may object to the collection and storage of data at any time with effect for the future. Please exclude me from the etracker count.
We use eTracker so we can analyze the use of our website and make regular improvements. The statistics we gather allow us to improve our website and develop it to be more interesting for you as a user. The data collected will be stored permanently and analyzed under a pseudonym. The legal basis for the use of eTracker is article 6, par. 1 f of the GDPR. Third party partner information: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg; https://www.etracker.com/en/data-privacy/.
Data is collected and stored for optimization purposes on this service using technologies from Hotjar Ltd. (https://www.hotjar.com). This data can be used to generate usage profiles under a pseudonym. Cookies may be used for this purpose. The data collected with Hotjar technologies is not used for the purpose of personally identifying visitors to this website and will not be conflated with personally identifiable information about the bearer of the pseudonym without the explicit consent of the individual in question. You may opt-out from having Hotjar collect your information when visiting a Hotjar Enabled Site at any time by visiting the Hotjar Opt-out page https://www.hotjar.com/legal/compliance/opt-out and clicking ‘Disable Hotjar’ or enabling Do Not Track (DNT) in your browser.
Data is collected and stored for optimization purposes on this service using technologies from Taboola. Taboola’s tags and pixel on our websites collect information about page visits and actions (click, conversion) tied to a hashed Taboola User ID on our pages. Specifically, the pixel collects event from our website (including initial and subsequent page visits, conversion data, and the associated hashed Taboola User ID read from the cookie) and information about the user’s browser read from the user agent that includes operating system, browser type and version. You may opt-out from having Taboola collect your information by visiting the Taboola Opt-out page at https://www.taboola.com/privacy-policy#user-choices-and-optout.
12.7. Intent Media
13.1 Google AdWords and Conversion Tracking
To draw attention to our services, we place Google AdWords display ads and, within this context, use Google conversion tracking for the purposes of personalized online ads based on interests and location. The option to anonymize IP addresses is controlled through Google Tag Manager, via an internal setting that is not visible in the source of this page. This internal setting is set so that the anonymization required by privacy laws covers IP addresses.
With the use of this technology, Google, and we as their customer, receive the information that a user has clicked on an ad and was redirected to our websites. The information acquired this way is solely used for statistical analysis related to ad optimization. We do not receive any information that would allow us to personally identify a visitor. The statistics provided to us by Google include the total number of users who have clicked on one of our ads and, where applicable, whether they were redirected to a page on our website that has a conversation tag. These statistics allow us to track which search terms most often lead to our ads receiving clicks, and which ads lead to the user contacting us via the contact form.
If you do not want this, you can prevent the storage of the cookies required for this technology by, for example, using the settings in your browser or your App. Should you do so, your visit will not be incorporated into user statistics.
However, we and Google will still receive statistical information about how many users visit this site and when. If you do not want to be included in these statistics either, you can prevent this by using additional programs for your browser (such as the Ghostery add-on).
13.2 Google DoubleClick
If you do not want to receive any user-based advertising, you can disable the placement of ads by using Google’s ad settings.
For more information about how Google cookies are used, please refer to Google’s privacy statement.
13.3 Google Dynamic Remarketing
We use the dynamic remarketing function of Google AdWords on our website. This technology allows us to place automatically generated ads oriented towards target groups after you visit our website. Ads are oriented towards products and services that you clicked on during your last visit to our website.
If you do not want to receive user-based advertising from Google, you can disable the placement of ads by using Google’s ad settings.
For more information about how Google cookies are used, please refer to Google’s privacy statement.
Information about the user’s surfing behavior is collected for marketing purposes and cookies are set for this, solely in anonymized form, on our websites and online content using technology from Criteo (Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich). This allows Criteo to analyze surfing behavior and then display targeted product recommendations as a relevant banner ad when other websites are visited. Anonymized data cannot be used to personally identify visitors to the website under any circumstances. The data collected by Criteo will only be used to improve promotional content. A small “i” (for information) can be found on each banner displayed; if you hover over this and click on it, a page will open that explains the system and offers an opt-out. Clicking “opt out” will set an opt-out cookie that will prevent this banner from being displayed in the future. It will not be used in any other way or forwarded to third parties. You can learn more about Criteo and object to the anonymous analysis of your surfing behavior at http://www.criteo.com/en/privacy/.
13.6. RTB House
Information about the user’s surfing behavior is collected for marketing purposes and cookies are set for this, solely in anonymized form, on our websites and online content using technology from RTB House (RTB House SA, 61/101 Złota Street, 00-819 Warsaw Poland). This allows RTB House to analyze surfing behavior and then display targeted product recommendations as a relevant banner ad when other websites are visited. Clicking “opt out” will set an opt-out cookie that will prevent this banner from being displayed in the future. It will not be used in any other way or forwarded to third parties. You can learn more about RTB House and object to the anonymous analysis of your surfing behavior at https://www.rtbhouse.com/de/privacy/.
13.8 Facebook family Custom Audiences
The product Facebook Custom Audiences (Facebook Inc. 1601 S. California Avenue, Palo Alto, CA, 94304) for Facebook and Instagramm is also used as part of usage-based online advertising. An irreversible and non-personally identifiable checksum (hash total) is essentially generated by your usage data, which can be transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in this process. In doing so, information about your activities on the website (such as surfing behavior, subpages visited, etc.) is collected. Your IP address is stored and used for geographical modulation.
14 Data transmission
Your data will not be transmitted to third parties as a general rule unless we are legally obligated to do so or the transfer of data is necessary for implementing the contractual relationship or you have given prior express consent to have your data transferred.
We emphasize processing your data within the EU/EEA. However, it may happen that we use service providers who process data outside the EU/EEA. In these cases, we make sure that a reasonable level of data protection is established with the recipient before transmitting your personally identifiable information. This means that a level of data protection is reached through EU standard contracts or an adequacy decision that is comparable to the standard within the EU.
15 Data security
We have taken extensive technical and operational security precautions to protect your data from being accidentally or intentionally manipulated, lost, destroyed, or accessed by unauthorized persons. Our security measures are reviewed regularly and updated in keeping with technological advances.
Last updated November 2018