3Days GDPR Compliance Statement

Effective Date: 03/07/2024

Introduction

At 3Days, we are dedicated to safeguarding the privacy and security of our users' data. This GDPR Compliance Statement explains our data processing practices in accordance with the General Data Protection Regulation (GDPR).

Data Processing Activities

We collect and process personal data for the following purposes:

• User registration and account management.
• Facilitating accommodation listings and bookings.
• Enhancing user experience and personalizing our services.

Types of Data Collected

The personal data we collect may include, but is not limited to:

For all users:

• Name
• Email
• Study programme and institution
• Profile picture (optional)

For Hosts:

• Location (address with controlled disclosure)
• Description of the offered space
• Pictures of the offered space

Lawful Basis for Processing

We process personal data based on the following lawful grounds:

• Contractual necessity for the provision of our services.
• Consent for optional information provided by users.
• Legitimate interests pursued by us, such as improving our service and understanding user preferences.

Data Protection Measures

We employ robust technical and organizational measures to ensure data security, including:

• Partnering with third-party service providers like Stripe and Supabase for secure payment processing and backend management.
• Ensuring strict confidentiality and integrity of data.

Third-Party Service Providers

We engage with reputable third-party service providers for certain functionalities. These providers operate under their own GDPR compliance frameworks:

• Stripe for payment processing
• Supabase for backend and user management

User Rights Under GDPR

Users have the following rights under GDPR:

• Access to their personal data.
• Rectification of inaccurate or incomplete data.
• Erasure of their personal data ("right to be forgotten").
• Restriction or objection to data processing.
• Data portability.

Exercising Your Rights

Users can exercise their GDPR rights by contacting us at the contact form linked to the footer of the home page. We commit to addressing any requests promptly and within the regulatory timeframe.

Use of Cookies

We use essential cookies necessary for website functioning and service provision. These cookies are exempt from the consent requirement under GDPR. More information provided at the cookie policy statement.

Data Sharing and Location Privacy

Host-provided location data is stored securely. Exact locations are not publicly disclosed; only approximate locations are displayed on maps. Personal data is not shared with third parties except as necessary for service provision or as required by law.

Changes to This Statement

We may update our GDPR Compliance Statement periodically. Users will be informed of significant changes through our website and via email.

Contact Information

For any inquiries regarding data protection, please contact us through the contact form linked at the footer of the home page or email us at: 3days.leiden@gmail.com.