Comment GuestConnect collecte, utilise et protège les données personnelles des voyageurs, hôtes et prestataires.
GuestConnect (hereinafter 'we', 'our', or 'the Company') is the data controller for your personal data within the meaning of the General Data Protection Regulation (GDPR) and applicable national data protection laws.
You can contact our Data Protection Officer (DPO) at: privacy@guestconnect.io or by mail to: GuestConnect — DPO, Cotonou, Republic of Benin. Our DPO is available to answer all your questions regarding the processing of your personal data.
This Privacy Policy applies to all users of the GuestConnect platform, whether they are travelers, hosts, service providers, or unregistered visitors. It describes the types of data we collect, how we use it, the legal bases we rely on, and the rights you have.
Identification and account data: when creating your account, we collect your full name, email address, phone number (optional), date of birth (for age verification), profile photo (optional), and postal address (for hosts and providers).
Identity verification data: for host and provider accounts, we collect copies of identity documents (national ID card, passport), proof of address, tax identification numbers, and where applicable, criminal record extracts or professional certifications.
Transaction data: we retain your booking history, amounts paid and received, payment methods used (in tokenized form, never the full card number), invoices issued, and refunds made.
Communication data: messages exchanged between users via GuestConnect messaging, published reviews and comments, exchanges with our support team, and notifications sent are retained to ensure service operation and dispute resolution.
Browsing and usage data: IP address, browser type and version, operating system, pages visited, session duration, search terms, clicks, and platform interactions. This data is collected through cookies and similar technologies (see our cookie policy).
Location data: with your consent, we may collect your approximate location to display relevant nearby offers. We never collect your precise real-time location without your explicit consent.
Service delivery: we use your data to allow you to create and manage your account, make and manage bookings, communicate with other users, process payments, and provide customer support.
Security and fraud prevention: we analyze platform behavior to detect and prevent fraudulent activities, scam attempts, fake accounts, and manipulated reviews. This analysis is essential for maintaining trust between users.
Service improvement: we use aggregated and anonymized data to analyze platform usage, improve the search algorithm, optimize recommendations, fix bugs, and develop new features.
Communications: we send you booking confirmations, reminders, payment notifications, security alerts, and important updates about your account. These communications are necessary for the service and cannot be disabled.
Marketing and commercial communications: with your consent (or based on our legitimate interest if you are an existing customer), we may send you newsletters, promotional offers, and personalized recommendations. You can unsubscribe at any time.
Legal and regulatory obligations: we may process your data to comply with our legal obligations, including in tax matters, anti-money laundering, and cooperation with judicial and administrative authorities.
Contract performance (Article 6.1.b GDPR): the processing of your data is necessary for the performance of the contract you have entered into with GuestConnect when creating your account and using our services. This covers booking management, payments, and service-related communications.
Legitimate interest (Article 6.1.f GDPR): we process certain data based on our legitimate interest in ensuring platform security, preventing fraud, improving our services, and communicating with existing users. We ensure that this interest does not override your fundamental rights and freedoms.
Consent (Article 6.1.a GDPR): for certain optional processing activities (analytics and personalization cookies, marketing communications, geolocation), we obtain your prior consent. You may withdraw your consent at any time, without affecting the lawfulness of prior processing.
Legal obligation (Article 6.1.c GDPR): certain processing is necessary to comply with our legal obligations (tax filings, retention of accounting data, responses to judicial requisitions).
With other users: during a booking, we share with the host or provider the information necessary to carry out the service (name, profile photo, phone number after confirmation). Travelers have access to public host profile information (name, rating, reviews).
With our technical subcontractors: we use certified technical providers (cloud hosting, payment processing, transactional emails, analytics) who process your data on our behalf and according to our instructions, under GDPR-compliant data processing agreements.
International transfers: some of our technical subcontractors are established outside the European Union. These transfers are governed by appropriate safeguards (European Commission standard contractual clauses, adequacy decisions, or equivalent mechanisms).
Authorities and legal obligations: we may disclose your data to judicial, administrative, or tax authorities when required by law, as part of legal proceedings, or to protect the rights, property, or safety of GuestConnect, its users, or the public.
GuestConnect never sells your personal data to third parties for commercial purposes. Any data sharing with business partners for marketing purposes is subject to your prior consent.
GuestConnect implements appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, accidental alteration, or destruction. These measures include data encryption in transit (TLS) and at rest, access control through strong authentication, continuous system monitoring, and regular penetration testing.
Payment data is processed exclusively by our PCI DSS (Payment Card Industry Data Security Standard) certified partners. GuestConnect never stores your full card number — only a secure token is retained to facilitate future transactions.
Our internal teams only access your personal data to the extent strictly necessary for their duties. These accesses are logged and regularly audited. All our staff are subject to confidentiality obligations and receive regular data protection training.
In the event of a data breach likely to create a risk to your rights and freedoms, we are committed to notifying the competent supervisory authority within 72 hours and informing you without undue delay if the risk is high.
Active account data: your data is retained for the entire duration of your account's activity, plus a period of 3 years from your last login, to manage late claims and respond to authority requests.
Transaction and billing data: in accordance with legal obligations in accounting and tax matters, transaction data (invoices, payments, refunds) is retained for 10 years from the transaction date.
Communication data (messages, support emails): messages between users are retained for 3 years from the end of the last related booking. Support exchanges are retained for 5 years.
Browsing and cookie data: this data is retained in accordance with the timeframes indicated in our cookie policy, generally between 13 and 25 months.
After account deletion, your identifiable personal data is anonymized within 30 days, unless legally required to be retained longer. Anonymized data may be retained indefinitely for statistical purposes.
Right of access (Article 15 GDPR): you have the right to obtain confirmation that we process data about you and, where applicable, to obtain a copy of it along with information about how it is processed.
Right of rectification (Article 16 GDPR): you have the right to request the correction of inaccurate or incomplete data about you. Most of your data can be modified directly from your account settings.
Right to erasure (Article 17 GDPR): under certain conditions, you may request the deletion of your personal data (particularly when it is no longer necessary, when you withdraw your consent, or when it has been unlawfully processed).
Right to data portability (Article 20 GDPR): you may request to receive your data in a structured, commonly used, machine-readable format, and to transmit it to another data controller.
Right to object and restriction (Articles 18 and 21 GDPR): you may object to the processing of your data for commercial prospecting purposes at any time. You may also request restriction of processing in certain cases provided for by the GDPR.
To exercise your rights, contact us at privacy@guestconnect.io from the email address associated with your account, or from your account space in the 'Privacy and Data' section. We will process your request within a maximum of 30 days. If you are dissatisfied with the response, you have the right to lodge a complaint with the supervisory authority in your country of residence.
GuestConnect uses cookies, pixels, and similar technologies to ensure platform functionality, remember your preferences, and analyze service usage. For complete information on the types of cookies used, their retention periods, and how to manage your preferences, please see our Cookie Policy.
For any questions relating to this Privacy Policy or the processing of your personal data, contact our DPO: privacy@guestconnect.io.
If you believe that the processing of your data does not comply with applicable regulations, you have the right to lodge a complaint with the competent supervisory authority in your country of residence.
Your rights over your data
Access, rectification, erasure, portability — exercise your rights by contacting our dedicated team.