Privacy Policy

Last Updated: June 25, 2024

Table of contents

1. Introduction
2. Name and Address of the Controller
3. Data collected through the website
4. Purposes of the processing
5. Data storage
6. Legal basis for the processing
7. Data disclosure
8. Rights of the Data Subject
9. Security
10. Links
11. Cookies
12. Validity and modifications

1. Introduction

This privacy policy sets out how Lodgify uses and protects any information provided through (hereinafter also referred as the “website”).

Lodgify is serious about protecting the privacy of our users. Therefore, Lodgify applies the General Data Protection Regulation (GDPR) (EU) 2016/679 to ensure that their privacy is protected.

Should Lodgify ask you (the user) to provide certain information by which you can be identified when using this website, be assured that it will only be used in accordance with this privacy statement.

Please, read the following carefully to understand our views and practices regarding personal data and how we process it.

2. Name and Address of the Controller

The Data Controller is:

– CODEBAY SOLUTIONS LIMITED (also referred asLodgify)
– Registered at the Registrar of Companies for England and Wales under number 5903966
– Address: Magma House, 16 Davy Court Way, Castle Mound Way, Rugby, Warwickshire, CV23 0UZ, United Kingdom
– Phone: (+44) 20-3871-3305
– ICO Registration Number: ZA188069

3. Data collected through the website

Lodgify may collect and process the following data:

a) Users may give us information about themselves by filling in forms on or by corresponding with us by phone, e-mail address or otherwise. This includes information you provide when you register for a Customer Account. This information includes but is not limited to name, email address, postal address, billing address, telephone number, username and password.

b) Users may also give us information about the properties that they advertise using our Services, including the property address.

c) Upon each of the User’s visits to, we may automatically collect technical information, including the Internet Protocol (IP) address used to connect users’ computers to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

d) Lodgify may also collect information about users’ visit to, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

e) Lodgify does not collect payment card details of our users. In order to pay for the fees related to our Services, we use third-party payment processors that will collect and process the payment card details of our users.

f) Lodgify is also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers) and may receive information about you from them.

4. Purposes of the processing

The purposes for which the personal data are processed are the following.

– Providing users with the Lodgify Services;
– Ensuring the integrity of Lodgify systems and providing appropriate protection for users accounts through the multi-factor authentication (MFA) (i.e.  requiring users to verify their identity using additional factors alongside the current use of usernames and passwords);
– Support and assist users in using the Services;
– Customize the Services to the individual needs of users;
– Notify users about changes to our Services;
– Providing users with the information requested through the webforms;
– Providing users with information about other services we offer that are similar to those that users have already purchased or enquired about (only if users have consented to this). We inform that in each commercial communication users receive, we will provide users with the appropriate information to exercise their right of objection in case they wish to object to the sending of commercial communications. The acceptance to send commercial information is always revocable, without retroactive effects.
– Understanding and optimizing how Services are used and improve the Services including by ensuring content is presented in the most effective manner for users and their computers;
– Measuring or understanding the effectiveness of advertising we serve to users and others, and to deliver relevant advertising to users;

Lodgify will not use users’ personal data for profiling purposes and will not take any automated decision based on it.

5. Data Storage

The data shall only be stored for the time strictly required for each purpose of the processing and shall promptly be deleted straight afterward, without prejudice to the legal storage obligations provided for by the law. According to that:

– In the case where users purchase Lodgify products or subscribe to Lodgify Services through the website, the personal data will be kept as long as the contractual relationship between the parties is maintained and, in any case, until legal liabilities are extinguished definitively (by the expiry of the statute-of-limitations period).
– In all other cases, the personal data provided will be kept as long as the data deletion is not requested by the user. Likewise, data will be kept according to the legal time-frame set forth in legal, fiscal and accounting matters, taking as reference the date of the request for data deletion.

6. Legal basis for the processing

The legal bases for the processing are the following:

– In the case where users purchase Lodgify products or subscribe to Lodgify Services through the website, the legal basis for the processing is the performance of the contract entered into the parties.
– In the case of MFA, the legal basis for processing this information is that it is necessary for legitimate interests pursued by Lodgify, consisting in ensuring the security and appropriate protection of user accounts and the information held within those account. Lodgify considers that this interest is not outweighed by the interests or rights of the data subjects, taking account of the secure way in which Lodgify will hold the data and the fact that the data subjects (users) would themselves be likely to experience adverse impact from any security breach of Lodgify systems.
– In all other cases, the personal data provided will be kept as long as the data deletion is not requested by the user or as long as the user does not withdraw his consent or exercise his right of opposition. Likewise, data will be kept according to the legal time-frame set forth in legal, fiscal and accounting matters, taking as reference the date of the request for data deletion.

7. Data disclosure

Users’ personal data may be disclosed to third parties which are companies that provide services to Lodgify.

These third parties are:

– Codebay Solutions S.L.U., a subsidiary of Codebay Solutions Ltd which renders trading and logistics services regarding Lodgify web and software.
– Other service providers, such as our channel managers, payment providers and third-party applications which integrate with the Services (including but not limited to Airbnb Ireland UC, B.V., Inc., Expedia Lodging Partner Services Sarl, Google LLC, Newfold Digital, Inc. for domain name registrations, and Rental Ninja SL for the PM Module), for the performance of any contract we enter with them or our users;
– Advertisers that require the information to select and serve relevant adverts to our users and others; and
– Analytics providers that assist Lodgify in the improvement and optimization of Lodgify .com and the Services.
– Communications solutions provider that assist Lodgify in the implementation of the MFA (such us Twilio Spain Sl.)

Some personal data of our users may be stored in or transferred to a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for Lodgify or one of our business partners or service providers. By using the Services, users acknowledge and agree that we may be transferring, storing and processing their personal data outside of the country in which they reside. Lodgify will take all the reasonable and necessary steps to ensure that users’ data are treated securely.

Lodgify also may disclose personal data of our users as required by law, or when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or the safety of others, investigate fraud, or respond to a government request.

8. Rights of the Data Subject

Each user (data subject) have the following rights regarding their personal data:

a) Right of confirmation: to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may at any time contact our data protection manager or another employee of the controller.

b) Right of access: to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.

c) Right to rectification: to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

d) Right to erasure (Right to be forgotten): to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and as long as the processing is not necessary:

– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
– The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) of the GDPR, or point (a) of Article 9 (2) of the GDPR, and where there is no other legal ground for the processing.
– The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
– The personal data have been unlawfully processed.
– The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
– The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

e) Right of restriction of processing: to obtain from the controller restriction of processing where one of the following applies:

– The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data.
– The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead of the restriction of their use instead.
– The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
– The data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

f) Right to data portability: to receive the personal data concerning the user, which was provided to a controller, in a structured, commonly used and machine-readable format. The user shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided as long as the processing is based on consent and the processing is carried out by automated means. Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and does not adversely affect the rights and freedoms of others.

g) Right to object: to object, on grounds relating to the user’s particular situation, at any time to processing of personal data concerning the user which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.

i) Right to withdraw data protection consent: to withdraw consent to the processing of the user’s personal data at any time.

If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact Lodgify by sending the appropriate request at the following addresses:

– Avenida de Josep Tarradellas, 20-30, P.5., Barcelona, Spain

Finally, each data subject has the right to lodge a complaint before the appropriate Data Supervisory Authority.

9. Security

We are committed to ensuring that users’ information is secure. In order to prevent unauthorized access or disclosure, Lodgify has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

When our users enter sensitive information on our site, we encrypt the transmission of that information using secure socket layer technology (SSL).

Nevertheless, please note that no data transmission over the Internet or information storage technology can be guaranteed to be totally secure. As a result, whilst we strive to protect our users’ information, we cannot ensure or warrant the security of any information which users send to us, and the users do so at their own risk.

10. Links may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, Lodgify cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

11. Cookies uses cookies. The web user has the option to prevent the generation of cookies, by selecting the corresponding option in his browser program.

For more information, visit our Cookies Policy.

12. Validity and modifications

Lodgify will be able to modify, totally or partially, this Privacy Policy, publishing any change or alteration in the same manner in which these conditions appear or via any type of communication directed to the users, as Lodgify chooses.

The temporary validity of this Privacy Policy coincides, therefore, with the time of exposure, until they are totally or partially modified, in which case these latter modified will become the valid ones.

Ready to take more direct bookings?

No set up fees, no credit card details, no obligation. Try Lodgify free for 7 days.

Get Started