Privacy Policy
Your privacy is important to us. It is Bring itt policy to respect your privacy regarding any information we may collect from you across our website and application, https://bringitt.com, and other sites we own and operate.
1. Terms
By accessing the website and application at https://bringitt.com or using our application “Bring itt,” you are agreeing to be bound by these terms of service, all applicable laws, and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website and application are protected by applicable copyright and trademark law.
2. Use License
1. Permission is granted to temporarily download one copy of the materials (information or software) on Bring itt website and application for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and
under this license, you may not:
- modify or copy the materials;
- use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
- attempt to decompile or reverse engineer any software contained on Bring itt website and application or application;
- remove any copyright or other proprietary notations from the materials; or
- transfer the materials to another person or “mirror” the materials on any other server.
2. This license shall automatically terminate if you violate any of these restrictions and may be terminated by Bring itt LTD. at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
3. Disclaimer
1. The materials on Bring itt website and application and application are provided on an ‘as is’ basis. Bring itt LTD. makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.
2. Further, Bring itt LTD. does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website and application or otherwise relating to such materials or on any sites linked to this site.
4. Limitations
In no event shall Bring itt LTD. or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on Bring itt website and application and application, even if Bring itt LTD. or a Bring itt LTD. authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
5. Accuracy of materials
The materials appearing on Bring itt website and application could include technical, typographical, or photographic errors. Bring itt LTD. does not warrant that any of the materials on its website and application are accurate, complete, or current. Bring itt LTD. may make changes to the materials contained on its website and application at any time without notice. However Bring itt LTD. does not make any commitment to update the materials.
6. Links
Bring itt LTD. has not reviewed all of the sites linked to its website and application and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Bring itt LTD. of the site. The use of any such linked website and application is at the user’s own risk.
7. Modifications
Bring itt LTD. may revise these terms of service for its website and application at any time without notice. By using this website and application you are agreeing to be bound by the then current version of these terms of service.
8. Governing Law
These terms and conditions are governed by and construed in accordance with the laws of Hong Kong and you irrevocably submit to the exclusive jurisdiction of the courts in that State or location.
Privacy Policy
1. Information we collect
Log Data
When you visit our website and application, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
Device Data
We may also collect data about the device you’re using to access our website and application. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
Personal information
We may ask for personal information, such as your:
Name
Social media profiles
Date of birth
Phone/mobile number
Home/mailing address
Website and application address
Payment information
Driver's license details
Passport number
Business Data
Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
2. Legal bases for processing
We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.
These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:
- it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
- we need to process your data to comply with a legal obligation.
Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
3. Collection and use of information
We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform’s core features;
- to process any transactional or ongoing payments;
- to enable you to access and use our website and application, associated applications and associated social media platforms;
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, including to operate and improve our website and application, associated applications and associated social media platforms;
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you; and
- to comply with our legal obligations and resolve any disputes that we may have.
4. Disclosure of personal information to third parties
We may disclose personal information to:
- third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
- our employees, contractors and/or related entities;
- sponsors or promoters of any competition we run;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you; and
- third parties to collect and process data.
5. International transfers of personal information
The personal information we collect is stored and processed where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.
6. Your rights and controlling your personal information
Choice and consent: By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and application and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website and application or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website and application or products and services.
Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Notification of data breaches: We will comply laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
7. Cookies
We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website and application stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.
8. Business transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.
9. Limits of our policy
Our website and application may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
10. Changes to this policy
At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website and application. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.
If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.
11. GDPR Policy
1. This agreement determines the rights and obligations of the controllers (hereinafter also referred to as “parties”) for the joint processing of personal data. It applies to all activities of the parties, or processors appointed by a party, when processing personal data. The parties have jointly determined the purposes and means of processing personal data in accordance with Art. 26 GDPR.
(2) The “Bring itt” application processes personal data. Depending on the section of processing, this data is processed in the Hotel’s and Bring itt LTD`s system area. The parties determine the sections in which personal data are processed under joint controllership (Article 26 GDPR).
For the other sections of processing, where the parties do not jointly determine the purposes and means of data processing, each contracting party is a controller pursuant to Article 4 No. 7 GDPR. As far as the contracting parties are joint controllers pursuant to Article 26 GDPR, it is agreed as follows:
2. (1) In context of joint controllership, Bring itt LTD is competent for the processing of personal data in the operating range of providing the “Bring itt” application and storing the Personal Data entered by the Hotels’ Guests on network services provided by “AWS”. The processing may concern the following categories of data: Personal and non-personal information. Personal information includes: name, email address, and physical address, including city and state., Passport, Government Issued Id or Driving License, Masked Credit Card Details. Non-personal information includes Check-in and Check-out Dates and booking service or related information such as about your stay or hospitality, travelling or other preferences including special needs or medical conditions, location data and your general product and service preferences. The legal basis for the processing of personal data is performance of a contract.
(2) In the context of joint controllership, the Hotel is competent for the processing of personal data in operating range of providing general Hotel services and booking features using the “Bring itt” application to its Guests. Personal and non-personal information. Personal information includes: name, email address, and physical address, including city and state., Passport, Government Issued Id or Driving License, Masked Credit Card Details. Non-personal information includes Check-in and Check-out Dates and booking service or related information such as about your stay or hospitality, travelling or other preferences including special needs or medical conditions, location data and your general product and service preferences. The legal basis for the processing of personal data is performance of a contract.
3. Each party shall ensure compliance with the legal provisions of the GDPR, particularly in regards to the lawfulness of data processing under joint controllership. The parties shall take all necessary technical and organisational measures to ensure that the rights of data subjects, in particular those pursuant to Articles 12 to 22 GDPR, are guaranteed at all times within the statutory time limits.
4. (1) The Parties shall store personal data in a structured, commonly used, and machine-readable format.
(2) The Hotel shall ensure that only personal data which are strictly necessary for the legitimate conduct of the process are collected and for which the purposes and means of processing are specified by Union or national law”. Moreover, both contracting parties agree to observe the principle of data minimisation within the meaning of Article 5 (1) lit. c) GDPR.
5. The Parties commit themselves to provide the data subject with any information referred to in Articles 13 and 14 of the GDPR in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. The information shall be provided free of charge. The Parties agree that Bring itt LTD provides the information on the processing of personal data in the operating range of its “Bring itt” application and the Hotel provides the information on the processing of personal data in the operating range of its Hotel services.
6. The data subject may exercise his or her rights under Articles 15 to 22 GDPR against each of the joint controllers. In principle, the data subject may receive the requested information from the contracting party to whom the request was made
7. (1) Bring itt LTD and the Hotel shall provide the data subject access according to Article 15 of the GDPR.
(2) Where the data subject requests access according to Article 15 GDPR, the parties shall provide this information. If necessary, the parties shall provide each other with the necessary information from their respective operating range. Competent contact persons for the parties are contact@Bring itthotels.com. Each party must immediately inform the other of any change of the contact person.
8. (1) If a data subject exercises his or her rights against one of the parties, in particular of the rights of access, correction, or deletion of his or her personal data, the parties are obliged to forward this request to the other party without undue delay. This applies irrespective of the general obligation to guarantee the right of data subjects. The party receiving the request must immediately provide the information within its operating range to the requesting party.
(2) If personal data are to be deleted, the parties shall inform each other in advance. A party may object to the deletion for a legitimate interest, for example, if there is a legal obligation to retain the data set for deletion.
9. The parties shall inform each other immediately if they notice errors or infringements regarding data protection provisions during the examination of the processing activities.
10. The parties undertake to communicate the essential content of the joint controllership agreement to the data subjects (Article 26 (2) GDPR).
11. Both parties are obliged to inform the supervisory authority and the data subjects affected by a violation of the protection of personal data in accordance with Articles 33 and 34 GDPR concerning all operating ranges. The parties shall inform each other about any such notification to the supervisory authority without undue delay. The parties also agree to forward the information required for the notification to one another without undue delay.
12. If a data protection impact assessment pursuant to Article 35 GDPR is required, the parties shall support each other.
13. Documentations within the meaning of Article 5 (2) GDPR, which serve as proof of proper data processing, shall be archived by each party beyond the end of the contract in accordance with legal provisions and obligations
14. (1) Within their operating range, the parties shall ensure that all employees authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in accordance with Articles 28 (3), 29, and 32 GDPR for the duration of their employment, as well as after termination of their employment. The parties shall also ensure that they observe the data secrecy provisions prior to taking up their duties and are familiarised with the data protection legislation and rules relevant to them.
(2) The parties shall independently ensure that they are able to comply with all existing storage obligations with regard to the data. For this purpose, they must implement appropriate technical and organisational measures (Article 32 et seq. GDPR). This applies particularly in the case of termination of the cooperation/agreement.
(3) The implementation, default-setting, and operation of the systems shall be carried out in compliance with the requirements of the GDPR and other regulations. In particular, compliance with the principles of data protection by design and data protection by default will be achieved through the implementation of appropriate technological and organisational measures corresponding to the state of the art.
(4) The parties agree to store personal data which are processed on the “Bring itt” application in the course of the services on specially protected servers.
15. Each party undertakes to conclude a contract pursuant to Article 28 GDPR with regard to the processing of the personal data for which the party is responsible.
16. (1) The parties commit themselves to conclude a contract in accordance with Article 28 GDPR when engaging processors within the scope of this agreement (see § 1) and to obtain the written consent of the other party before concluding the contract.
(2) The parties shall inform each other in a timely manner of any intended change with regard to the involvement or replacement of subcontracted processors. The parties shall only commission subcontractors who meet the requirements of data protection legislation and the provisions of this agreement. Services which the contracting parties use from third parties to support the execution of the contract, such as telecommunications services and maintenance, shall not be seen as services provided by subcontractors within the meaning of this contract. However, the parties are obligated to make appropriate contractual agreements in accordance with the law and to take controlling measures to guarantee the protection and security of personal data, even in the case of additional third party services.
(3) Only processors who are subject to the legal obligation to appoint a data protection officer shall be commissioned to perform services in connection with this contract.
17. The parties shall include the processing operations in the records of processing activities pursuant to Article 30 (1) GDPR, in particular, with a comment on the nature of the processing operation as one of joint or sole responsibility.
18. Notwithstanding the provisions of this contract, the parties shall be liable for damages resulting from processing that fails to comply with the GDPR. In external relations they are jointly liable to the persons concerned.
In the internal relationship the parties are liable, notwithstanding the provisions of this contract, only for damages which have arisen within their operating range.
