Last Updated: September 6, 2019
Thank you for using the Raja Ampat Homestay Association’s SRA Platform.
- The Data Controller is PT Bahari Perjampat Sejahtera
- The Payments Data Controller is Xendit (PT Sinar Digital Terdepan)
1. INFORMATION WE COLLECT
There are three general categories of information we collect.
1.1 Information You Give to Us.
1.1.1 Information that is necessary for the use of the SRA Platform.
We ask for and collect the following personal information about you when you use the SRA Platform. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.
- Booking Information. To enable certain features of the SRA Platform (such as Bookings), we require certain information such as your name and email address. We may also require additional information, which may include your address, phone number, and accommodation checkin and checkout dates.
- Payment Information. To use certain features of the SRA Platform (such as Bookings), we may require you to provide certain financial information (like your bank account or credit card information) in order to facilitate the processing of payments (via Association Payments).
- Communications with Association and other Users. When you communicate with the Association or use the SRA Platform to communicate with other Users, we collect information about your communication and any information you choose to provide.
1.1.2 Information you choose to give us.
You may choose to provide us with additional personal information in order to obtain a better user experience when using SRA Platform. This additional information will be processed based on your consent.
- Other Information. You may otherwise choose to provide us information when you fill in a form, conduct a search, respond to surveys, post to community forums, participate in promotions, or use other features of the SRA Platform.
1.1.3 Information that is necessary for the use of the Payment Services.
The Data Controller needs to collect the following information, as it is necessary for the adequate performance of the contract with you and to comply with applicable law (such as anti-money laundering regulations). Without it, you will not be able to use Payment Services:
- Payment Information. When you use the Payment Services, the Payments Data Controller requires certain financial information (like your bank account or credit card information) in order to process payments and comply with applicable law.
1.2 Information We Automatically Collect from Your Use of the SRA Platform and Payment Services.
When you use the SRA Platform and the Payment Services, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the SRA Platform and Payment Services.
- Geo-location Information. When you use certain features of the SRA Platform, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device’s GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu.
- Usage Information. We collect information about your interactions with the SRA Platform such as the pages or content you view, your searches for Listings, bookings you have made, and other actions on the SRA Platform.
- Log Data and Device Information. We automatically collect device information when you access and use the SRA Platform. That information includes, among other things: details about how you’ve used the SRA Platform (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the SRA Platform.
- Payment Transaction Information. Association Payments collects information related to your payment transactions through the SRA Platform, including date and time, payment amount, email address, and other related transaction details. This information is necessary for the adequate performance of the contract between you and Association Payments and to allow the provision of the Payment Services.
1.3 Information We Collect from Third Parties.
Association and Association Payments may collect information, including personal information, that others provide about you when they use the SRA Platform and the Payment Services, or obtain information from other sources and combine that with information we collect through the SRA Platform and the Payment Services. We do not control, supervise or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.
- Third Party Services. If you link, connect, or use the SRA Platform with a third party service (e.g. Google, Facebook, WeChat), the third party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
2. HOW WE USE INFORMATION WE COLLECT
We use, store, and process information, including personal information, about you to provide, understand, improve, and develop the SRA Platform, create and maintain a trusted and safer environment and comply with our legal obligations.
2.1 Provide, Improve, and Develop the SRA Platform.
- Enable you to access and use the SRA Platform.
- Enable you to communicate with other Users.
- Operate, protect, improve, and optimize the SRA Platform and experience, such as by performing analytics and conducting research.
- Provide customer service.
- Send you service or support messages, updates, security alerts, and account notifications.
We process this information given our legitimate interest in improving the SRA Platform and our Users’ experience with it, and where it is necessary for the adequate performance of the contract with you.
2.2 Create and Maintain a Trusted and Safer Environment.
- Detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
- Conduct security investigations and risk assessments.
- Comply with our legal obligations.
- Resolve any disputes with any of our Users and enforce our agreements with third parties.
- Enforce our Terms of Service and other policies.
- In connection with the activities above, we may conduct profiling based on your interactions with the SRA Platform, your profile information and other content you submit to the SRA Platform, and information obtained from third parties. In limited cases, automated processes may restrict or suspend access to the SRA Platform if such processes detect a User or activity that we think poses a safety or other risk to the SRA Platform, other Users, or third parties.
We process this information given our legitimate interest in protecting the SRA Platform, to measure the adequate performance of our contract with you, and to comply with applicable laws.
2.3 Provide, Personalize, Measure, and Improve our Advertising and Marketing.
- Send you messages about your Booking.
- Very rarely, we might contact you to advise of any promotional activities or events sponsored or managed by Association.
We will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications.
2.4 How the Payments Data Controller uses the Information Collected.
3. SHARING & DISCLOSURE
3.1 With Your Consent.
3.2 Sharing between Users.
To help facilitate bookings or other interactions between Users, we may need to share certain information, including personal information, with Hosts, as it is necessary for the adequate performance of the contract between you and us, as follows:
- When you as a Guest submit a booking request, certain information about you is shared with the Host (and Host Agent, if applicable), including your name, your cancellation history, and other information you agree to share. When your booking is confirmed, we will disclose additional information to assist with coordinating the trip, like your email address.
3.3 Reviews, Listings, and other Public Information.
The SRA Platform lets you publish information, including personal information, that is visible to the general public. For example:
- Listing pages are publicly visible and include information such as the Accommodation or Experience’s precise location (where you have provided your consent), Listing description, photographs, and any additional information you choose to share.
- After completing a booking, Guests may write Reviews and rate Listings. Reviews and Ratings are published on SRA Platform Listing pages.
- If you submit content in a community or discussion forum, blog or social media post, or use a similar feature on the SRA Platform, that content is publicly visible.
Information you share publicly on the SRA Platform may be indexed through third party search engines. We do not control the practices of third party search engines, and they may use caches containing your outdated information.
3.4 Compliance with Law, Responding to Legal Requests, Preventing Harm and Protection of our Rights.
The Association and Association Payments may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against Association, (iii) to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms of Service, the Payment Terms or other agreements with Users, or (v) to protect the rights, property or personal safety of Association, its employees, its Users, or members of the public.
Where appropriate, we may notify Users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon Association’s property, its Users and the SRA Platform. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that Member about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
3.5 Service Providers.
The Association and Association Payments may use a variety of third party service providers to help us provide services related to the SRA Platform and the Payment Services. Service providers may be located inside or outside of the European Economic Area (“EEA”).
The Association and the Association Payments will need to share your information, including personal information, in order to ensure the adequate performance of our contract with you.
4. OTHER IMPORTANT INFORMATION
4.1 Analyzing your Communications.
We may review, scan, or analyze your communications on the SRA Platform for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes.
We will not review, scan, or analyze your communications to send third party marketing messages to you, and we will not sell or otherwise publish reviews or analyses of these communications.
These activities are carried out based on Association’s legitimate interest in ensuring compliance with applicable laws and our Terms, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.
4.2 Google Maps/Earth.
5. THIRD PARTY PARTNERS & INTEGRATIONS
The SRA Platform may contain links to third party websites or services, such as third party integrations, co-branded services, or third party-branded services (“Third Party Partners”). The Association doesn’t own or control these Third Party Partners and when you interact with them, you may be providing information directly to the Third Party Partner, Association, or both. These Third Party Partners will have their own rules about the collection, use, and disclosure of information. We encourage you to review the privacy policies of the other websites you visit.
6. YOUR RIGHTS
You may exercise any of the rights described in this section before your applicable Association Data Controller and Payments Data Controller by sending an email to firstname.lastname@example.org. Please note that we may ask you to verify your identity before taking further action on your request.
6.1 Managing Your Information.
Hosts may access and update their information by contacting the Association at this email address, or via the SRA Platform contact page. You are responsible for keeping your personal information up-to-date.
6.2 Rectification of Inaccurate or Incomplete Information.
You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself.)
6.3 Data Access and Portability.
In some jurisdictions, applicable law may entitle you to request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
6.4 Data Retention and Erasure.
We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your information to provide the SRA Platform to you, you can request that we erase your personal information. Please note that if you request the erasure of your personal information:
- We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
- We may retain and use your personal information to the extent necessary to comply with our legal obligations.
- Information you have shared with others (e.g., Reviews, forum postings) may continue to be publicly visible on the SRA Platform. However, attribution of such information to you will be removed. Additionally, some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers.
- Because we maintain the SRA Platform to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
6.5 Withdrawing Consent and Restriction of Processing.
Where you have provided your consent to the processing of your personal information by the Association you may withdraw your consent at any time by sending a communication to the Association specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to Section 6.6 and pending the verification whether the legitimate grounds of Association override your own.
6.6 Objection to Processing.
In some jurisdictions, applicable law may entitle you to require Association and Association Payments not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing Association and/or Association Payments will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defence of legal claims.
Where your personal information is processed for direct marketing purposes, you may, at any time ask Association to cease processing your data for these direct marketing purposes by sending an e-mail to this email address, or by a message sent via the SRA Platform contact page.
6.7 Lodging Complaints.
You have the right to lodge complaints about the data processing activities carried out by Association and Association Payments before the competent data protection authorities.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption, and information access controls.