Your privacy matters to us. Learn how we protect and handle your personal data.
Last updated: June 9, 2025 • Effective: June 9, 2025 • GDPR Compliant
Manage your privacy preferences and data settings
Required for basic website functionality and security.
Help us improve our website by collecting usage statistics.
Personalized content and targeted advertisements.
At The Island House Hotel, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
Your Trust Matters: We believe transparency is key to building trust. This policy uses clear, simple language to explain our data practices.
We comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
The Island House Hotel B.V. is the data controller responsible for your personal information. This means we determine how and why your personal data is processed.
Legal Entity:
The Island House Hotel B.V.
Registration:
KvK 12345678
Address:
Prinsengracht 263, 1016 GV Amsterdam, Netherlands
DPO Contact:
We collect various types of information to provide and improve our services. Here's a comprehensive overview of the data we may collect:
Sensitive Data: We may collect special categories of data (health information, dietary requirements) only when necessary for providing our services and with your explicit consent.
We collect your personal data through various methods and channels. Understanding how we collect your information helps you make informed decisions about your privacy.
Information you provide directly to us:
Information collected automatically when you use our services:
Information we receive from external sources:
We use your personal data for various purposes to provide, maintain, and improve our services. Here's how we use the information we collect:
We may also use your data to comply with legal obligations, resolve disputes, enforce our agreements, and protect our rights and the rights of others.
Under GDPR, we must have a legal basis for processing your personal data. Here are the legal grounds we rely on:
Processing necessary to perform our contract with you (booking services, customer support).
Processing for our legitimate business interests (improving services, fraud prevention, marketing to existing customers).
Processing based on your explicit consent (newsletter subscriptions, marketing communications, non-essential cookies).
Processing required to comply with legal obligations (tax reporting, anti-money laundering, data retention requirements).
We may share your personal data with third parties in specific circumstances. We never sell your personal data to third parties.
We share booking information with hotels to facilitate your reservation:
We work with trusted service providers who help us operate our business:
We may disclose your data when required by law:
In case of business restructuring:
When we share your data, we ensure:
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion | Service provision |
| Booking Records | 7 years | Legal/tax requirements |
| Payment Information | 7 years | Financial regulations |
| Marketing Preferences | Until withdrawal | Consent-based |
| Website Analytics | 26 months | Google Analytics default |
| Customer Support | 3 years | Service improvement |
We have automated systems in place to delete personal data when retention periods expire, ensuring compliance with data minimization principles.
Under GDPR and other privacy laws, you have several rights regarding your personal data. Here's what you can do:
Request a copy of your personal data
Correct inaccurate or incomplete data
Request deletion of your personal data
Receive your data in a portable format
Limit how we use your data
Object to certain data processing
We'll verify your identity to protect your privacy
We'll respond within 30 days (or explain any delays)
We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
In the unlikely event of a data breach, we will:
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for such transfers.
Countries with EU-approved privacy laws:
For other countries, we use EU-approved contracts:
When transferring data internationally, we ensure:
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Major update: Enhanced GDPR compliance, new cookie controls, expanded data subject rights
Updated data retention periods and third-party integrations
Comprehensive rewrite for better clarity and new service features
If you have any questions about this Privacy Policy or our data practices, please don't hesitate to contact us.
Privacy Office
Prinsengracht 263
1016 GV Amsterdam
Netherlands
Dutch Data Protection Authority (AP)
Postbus 93374
2509 AJ Den Haag
Netherlands
You have the right to lodge a complaint with the supervisory authority if you believe your data protection rights have been violated.
Within 2 business days
Within 30 days (may extend to 60 days for complex requests)
Within 72 hours of discovery
Your privacy is fundamental to our relationship. We're committed to earning and maintaining your trust through transparent, responsible data practices.
Last updated: June 9, 2025 • Effective: June 9, 2025