Privacy Policy

Privacy Policy

Last updated: June 05, 2024

Welcome to NestnRest, an online peer-to-peer short-term accommodation rental marketplace. Please carefully read this Privacy Policy before signing up for a user account on the NestnRest mobile application (the “App”), as well as all resources, materials, and support services provided by the Company (“Resources”). Together, the App and the Resources are referred to as the “Service(s)”.

The Service is operated by SOLID 616 INC. (hereinafter referred to as the “Company,” “we,” “us,” or “our”), a limited liability company formed and operating in accordance with the laws of the State of Wyoming.

This Privacy Policy applies to you if you use the Service as a Guest or a Host. We process all personal data that we collect from you in compliance with the privacy laws of the jurisdictions where we offer the Service, including but not limited to applicable U.S. Privacy Laws, Lei Geral de Protec?a?o de Dados (LGPD), European Union General Data Protection Regulation 2016/679 (EU GDPR), Australian Privacy Principles as set out under the Privacy Act 1988 (Cth), and Data Protection Act of 2018.

This Privacy Policy informs our users about the collection, use, sharing, and security measures pertaining to their personal data when we function as the Data Controller. Please note that this Privacy Policy does not apply to the procedures Hosts follow in processing Guests’ personal data that they collect from Bookings and Reservations through the App.

Please carefully read this Privacy Policy before signing up for an account. If you disagree with this Privacy Policy, please do not access or use the Service.

Table of Contents

1. Definitions
2. Data Controller
3. Personal Data Collection and Use
4. Disclosure of Personal Data
5. Transfer of Personal Data
6. California Users
7. Lei Geral de Protec?a?o de Dados Notice for Brazil Residents
8. UK, Switzerland and European Economic Area (EEA) Residents 9. Security of personal data
10. Push Notifications
11. Third-party links

12. Children’s Privacy

13. Amendments 

1. Definitions

The following words, whenever used in this Privacy Policy, shall have the meaning defined hereunder:

“Booking”

means a request made by a Guest to reserve an accommodation listed by a Host on the App. A Booking includes details such as the requested dates of stay, the number of accompanying persons, and the total Rental Amount payable by the Guest based on the Host's listed price. A Booking is not a Reservation; it only becomes a Reservation when the Host accepts the Guest's Booking through the App, and the payment for the total Rental Amount is successfully processed through the App.

“Controller,” “Data Subject,” “Personal Data,” “Processing,” “Processor,” and “Supervisory Authority”

shall have the same meanings as defined in the EU GDPR.

“Data Subject Request”

means the exercise by a Data Subject of their rights in accordance with EU GDPR.

“Guest”

refers to a Guest Account holder who accesses and uses the Services to make Bookings and Reservations for accommodations listed on the App.

“Host”

refers to a user who offers accommodation for short-term rental through the App.

“Listing”

refers to any accommodation a Host makes available for short-term rental through the App. A Listing includes all relevant information related to the accommodation, such as its description, amenities, nightly rent, availability, and any additional terms, conditions, rules, or provisions the Host sets. By publishing a Listing, the Host warrants that

all information provided is accurate and accepts sole responsibility for updating the Listing should any details change.

“User,” “you,” or “your”

means any holder of an App account and shall refer to either a Guest or a Host, as applicable in the context.

“User Content”

refers to all data entered by a user on the App through their account.

“Parties”

refers to Guests and Hosts collectively.

“Rental Amount”

refers to the amount payable for renting the accommodation plus any other charges specified in the Listing.

“Reservation”

means the direct contract between a Guest and a Host confirming the Booking and governing the Parties’ respective rights and obligations, including but not limited to the provision of accommodation, payment obligations, any changes to Reservations, cancellations, and refunds.

“Service Fee”

means the fee the Company charges the Host for a Reservation made through the App. The Service Fee is calculated as a percentage of the total Rental Amount.

  1. Data Controller

    [INSERT NESTNREST COMPANY NAME] is the data controller of all personal data collected through the App by the Company. You can request information regarding our privacy practices or exercise your privacy rights by sending your request in writing to:

    [INSERT BUSINESS ADDRESS]
    Alternatively, you can contact us at [INSERT EMAIL ADDRESS].

  2. Personal Data Collection and Use

3.1. What personal data do we collect from you?

Depending on whether you use the App as a Guest or a Host, we may collect the following personal data from you:

1. First and last name,

2. Email address,
3. Phone number,
4. Date of birth,

5. Billing address,
6. Bank account details,
7. Location data,
8. Photos you upload (including any profile photos, Listing photos, and other similar information);

9.  Content of any messages you send or receive through the App;
10. Content of all communication you have with the Company;
11. Transaction information (all Reservation details such as the Rental Amount paid by the Guest, the Rental Amount received by the Host, the dates of the Reservation, the number of people accompanying the Guest, and any other relevant details);

12. Tax Identification Number (“TIN”);
13. Public and Private Reviews you submit or receive for a Reservation; ? Information that you provide us when you participate in our surveys or promotions;

14,  Your log data, including your browser type, time and pages you visit, your IP address, etc.;

15.  Device data, including the mode and make of your device, operating system, and unique device identifiers;

16. Location data;
17. Information collected through the use of cookies and other tracking technologies;

18.  We also infer certain new information from your activities on the App; ? Information we receive from any identity verification processes on the

App (if applicable).

3.2. How do we collect and use your personal data?
The personal data we collect from you is either voluntarily provided by you or automatically collected by us. We only process your personal data if we have a legal basis to do so, such as your consent, the performance of a contract, or our legitimate interest that does not override your data protection rights. You may decline to provide any personal data when requested; however, you understand that in such instances, we may be unable to provide you with some Services.

Voluntarily Submitted Data

3.2.1. Account Registration Data
When you sign up for an account on the App, you will be required to provide us with the following personal data:

1.  First and Last name (mandatory);

2.Email address (mandatory);
3. Phone number (mandatory);

4. Profile image (optional).

We use the above personal data for purposes including:
5.  Creating your App account;
6.  Enabling you to log into your account and make use of the

relevant features and functionality;
7. Communicate with you as and when required.

Our legal basis for processing all mandatory personal data that we collect during your account registration is the performance of our contract with you.

Retention Period
We will erase all personal data you provided during your account registration within 60 days of terminating your user account unless we are legally permitted to retain any portion or all of your account registration data for a longer period based on another legal basis.

  1. 3.2.2.  User Content Data
    When you upload or post any content on the App, such as images (including profile images or images of your Listing), ratings, reviews, messages, or other similar content, we collect the information contained in your User Content.

    We use this information to:
    1. Make relevant User Content available on the App;
    2. Detect and prevent any fraud or other similar unauthorized

    activities on the App.

    Our legal basis for processing your User Content data is the performance of our contract with you and our legitimate interest.

    Retention Period
    We may retain your User Content Data so long as your user account remains active on the App. Following the termination of your user account, we shall have the right to retain your User Content Data for up to six (6) months. Please note that any accommodation reviews you submit through the App may be permanently retained by us even after the termination of your account. We will remove or redact any personal identifiers contained within such reviews while maintaining the substantive content.

  2. 3.2.3.  Reservation Data

    When you make a Reservation through the App, we collect information relating to it, including, but not limited to, the check-in and check-out dates, the total Rental Amount for the Reservation, billing address, and any other User Content (messages) between the

Parties. If you are a Host (depending on the jurisdiction), we may also be required to collect your TIN.

We use the above information for:

  • 1.  Facilitating payment processing for Reservations made

    through the App;

  • 2.  Remitting the Rental Amount to the Host in accordance with

    our Host Terms and Conditions;

  • 3.  Assisting with any cancellations and refunds and dispute

    resolution between the Parties;

  • 4.  Our business and accounting purposes;

  • 5.  Detecting and preventing fraud to protect our users.

    Please note that we do not collect any sensitive payment card data from our users. Our selected third-party payment processor directly collects all payment information.

    Our legal basis for processing the above personal data is the performance of our contract with each Party.

    Retention Period
    We may retain Reservation Data for up to seven years after a user’s account termination. At the end of these seven years, we will delete all Reservation Data, or we may continue to retain it by anonymizing it so it cannot be linked back to any individual.

  1. 3.2.4.  Support Request Data
    The Company also receives personal data from users when they send a support request to our customer support team. Support request data may include a user's name, email address, phone number, and the content of the message ("Support Data"). Support Data may also include any other personal data requested by the Company to service a user's support request.

    We use the Support Data to understand and respond to support requests we receive from our users and to follow up with the user if required.

    Our legal basis for processing Support Data is our legitimate interest, which does not override our users’ privacy rights.

    Retention Period
    We will retain your Support Data for up to two years from the date of your account termination. After this period, we may retain the content of your support request message by anonymizing it for our internal business purposes.

  2. 3.2.5.  Marketing Data

6

We collect your name and email address when you subscribe to receive marketing material from us or participate in our surveys/promotions.

We use the Marketing Data to:

  • 1.  Send you marketing material that we think you will find

    interesting;

  • 2.  Create new service offerings and improve our Service;

  • 3.  Fulfill any other purpose specified at the time we collect your

    information.

    Our legal basis for processing this personal data is your consent, which you grant us when you subscribe to receive marketing communication from us or voluntarily participate in our surveys or promotions.

    Retention Period
    We may process your personal data for our marketing purposes until you withdraw your consent.

    Automatically Collected Data

3.2.6. Usage Data
We automatically collect some data about you when you use the App, such as:

  • 1.  If you are a Guest, we may collect information on the location where you are searching for accommodation and your interaction with different Listings;

  • 2.  We also collect the time and date our users access the App.

  • 3.  Improving our recommendations to you;

  • 4.  To improve our Service;

  • 5.  To guide our marketing strategy.

    Our legal basis for processing this data is our legitimate interest, which does not override your rights.

    Retention Period
    We may retain this information for up to two years from the collection date.

We use this data for purposes including but not limited to the following:

  1. Disclosure of Personal Data

    We will never rent or sell your personal data. We may disclose your personal data in the following situations:

    1. 4.1.  App Users
      When you make a Reservation, we make some of your personal data available to the other Party. For example, if you are a Host who accepts a Booking request, we will make the address of the accommodation available to the Guest; if you send messages to another user through the App, your public profile and the content of your message will be made available to the other User; if you post any public reviews or other User Content such as a Listing, such publicly visible User Content will be accessible to other Users on the App.

    2. 4.2.  Third-Party Service Providers
      We may engage third-party service providers to perform some functions on our behalf, including but not limited to payment processing, web development, maintenance, marketing, support services, and identity verification (if applicable). Your personal data may be disclosed to such third-party service providers only to the extent required for them to perform relevant functions on our behalf. In no event will these service providers use your personal data for any purpose other than those specified in this privacy policy.

    3. 4.3.  Commercial Transactions
      If we enter into any commercial transaction, such as a merger, acquisition, sale, or purchase, all your personal data may be disclosed or transferred as part of that transaction.

    4. 4.4.  Protection of Rights or Fulfilment of Legal Obligations
      We will disclose your personal data to third parties in situations where we believe such disclosure is necessary to investigate or remedy any violations of our legal agreement with you or to protect our rights and the rights of others. We will also disclose your personal data in situations where we are required to do so by applicable law/regulation or legal process, such as to comply with a subpoena.

    5. 4.5.  With Your Consent
      We may share your personal data with third parties with your express consent.

  2. Transfer of Personal Data

    We collect and process our users’ Personal Data in strict adherence to the principles and provisions of applicable data protection laws, including but not limited to the EU GDPR, California Consumer Privacy Act ("CCPA"), and other relevant jurisdictional

data privacy laws. We acquire, use, and may transfer our Users’ Personal Data collected during the App usage solely in the pursuit of providing our Services, improving our Service offerings, fulfilling our legal obligations, effectively addressing support requests or complaints, preventing fraudulent activities, and enhancing overall user experience.

As we are based in the United States of America but operate globally, you acknowledge that collected Personal Data may be transferred, stored, and processed in the U.S. or other countries outside of your residential jurisdiction. Such data transfer to different jurisdictions is necessary to provide Services to our users globally and consolidate data processing and data management.

We only transfer Personal Data to countries that are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. This includes the use of specific contracts approved by relevant authorities, where necessary.

You acknowledge, comprehend, and consent to your Personal Data being transferred cross-border in accordance with this Section. You reserve the right to withdraw this consent at any given time by contacting us directly, subject to compliance with applicable law.

6. California Users

This section pertains specifically to California residents and their rights under the California Consumer Privacy Act (CCPA). If you fall under the definition of "resident," as defined in the CCPA, the following rights and obligations apply.

6.1. Your Rights Regarding Your Personal Data

  1. 6.1.1.  Right to request deletion of your data

    You have the right to request the deletion of your personal data. Subject to the exceptions provided by law, we will honor your request for deletion of your data.

  2. 6.1.2.  Right to Information
    Under various circumstances, you have the right to know:

6.1.2.1. 6.1.2.2. 6.1.2.3. 6.1.2.4.

Whether we collect and use your personal data (described in this Privacy Policy);
The categories of personal data we collect (provided in Section 3 of this Privacy Policy);

The purposes for which we use collected personal data (provided in Section 3 of this Privacy Policy);
Whether we sell or share personal data with third parties (provided in Section 4 of this Privacy Policy);

6.1.2.5. The categories of personal data we have sold, shared, or disclosed for business purposes (provided in Section 4 of this Privacy Policy);

 6.1.2.6. The categories of third parties with whom we have shared or disclosed personal data for business purposes (provided in Section 4 of this Privacy Policy);

6.1.2.7. The business or commercial purpose behind collecting, selling, or sharing personal data (provided in Section 4 of this Privacy Policy);
The specific pieces of personal data collected about you (provided in Section 3 of this Privacy Policy);

6.1.2.8.In compliance with applicable law, we are not required to provide or delete consumer information that has been de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

  1. 6.1.3.  Right to Non-Discrimination for Exercising Privacy Rights
    We will not discriminate against you for exercising your privacy rights

  2. 6.1.4.  Right to Limit Use and Disclosure of Sensitive Personal Data
    We do not process our users’ sensitive personal data of our users.

  3. 6.1.5.  Verification Process

6.1.5.1. Upon receiving your request, we will verify your identity to ensure your request relates to your own personal data in our system. This verification process may require you to provide information that matches with our records. We may also contact you through a previously provided communication method (e.g., phone or email). Additional verification methods may be employed as needed. We will solely use the personal data provided in your request for verification purposes. If additional information is necessary for verification and security reasons, we will request it and promptly delete it upon completing verification.

6.1.6. Other Privacy Rights

6.1.6.1.You may object to the processing of your personal data. 

6.1.6.2.You may request correction of your personal data if it is inaccurate or no longer relevant or ask to restrict the processing of the information.

6.1.6.3.You can appoint an authorized agent to make a CCPA request on your behalf. If you choose to do so, we may reject a request from an authorized agent without valid proof of authorization in accordance with CCPA guidelines.

6.1.6.4.You may request to opt out of future sales or sharing of your personal data with third parties. Upon receipt of an opt-out request, we will promptly act on it no later than fifteen (15) days from the date of submission.

To exercise these rights or voice a complaint about our data handling practices, please contact us at the email address provided in Section 2 of this Privacy Policy.

7. Lei Geral de Protec?a?o de Dados Notice for Brazil Residents

This section integrates with and supplements the information contained in this Privacy Policy and applies to all users who reside in Brazil. In the event of any conflict between this provision and any other provisions of this Privacy Policy, this provision shall prevail for users who are residents of Brazil. For the purposes of this provision, any use of the term “personal data” shall have the same meaning as the term “personal information” defined in the Lei Geral de Protec?a?o de Dados (“LGPD”).

  1. 7.1.  What personal data do we process?
    To find out what personal data we collect from you, please read Section 3 of this Privacy Policy.

  2. 7.2.  What is our purpose for processing your personal data?
    To find out the purpose for which we process your personal data, please read Section 3 of this Privacy Policy.

  3. 7.3.  Legal basis for processing your personal data
    We will only process your personal data if we have a legal basis. Our legal basis for processing your personal data includes the following:

    1. 7.3.1.  Performance of our contract with you;

    2. 7.3.2.  Your consent to our processing of your personal data;

    3. 7.3.3.  Our legitimate interest in processing your personal data to the extent

      that our interest does not override your fundamental rights;

    4. 7.3.4.  Compliance with our legal obligations;

    5. 7.3.5.  Fulfillment of any legal, regulatory, or contractual public policies;

    6. 7.3.6.  For anonymous research and analysis purposes;

    7. 7.3.7.  To protect the physical safety of any person;

    8. 7.3.8.  To exercise our rights in any judicial, administrative, or arbitration

      proceedings.

  4. 7.4.  Your Privacy Rights
    LGPD gives you the right to:

    1. 7.4.1.  Receive confirmation whether your personal data is being processed (‘processing confirmation’);

    2. 7.4.2.  Access your personal data that is processed;

    3. 7.4.3.  Rectify any outdated, inaccurate, or incomplete personal data;

      7.4.4.  Request removal, anonymization, or blocking of any personal data that is not processed in accordance with LGPD;

      7.4.5.  Request and receive information on whether you can withdraw or grant your consent and the consequences thereof;

      7.4.6.  Withdraw your consent;

      7.4.7.  Receive information about with whom your personal data is shared;

      7.4.8.  Receive all your personal data that the Company has on you in a portable and machine-readable manner;

      7.4.9.  Request deletion of your personal data that was being processed on the legal basis of your consent, except in cases where one of the exceptions listed in Art 16 LGPD applies;

      7.4.10.  Lodge a complaint with the National Data Protection Authority or other consumer protection entities for your personal data;

      7.4.11.  Object to the processing of your personal data if such processing is not in compliance with the law;

      7.4.12.  Request information regarding what criteria and procedures are used for making an automated decision;

      7.4.13.  Request a review of any decisions made solely on the basis of automated processing of your personal data where your interests are affected.

      7.5.  How to exercise your privacy rights?

      1. You can exercise your privacy rights by submitting your request to the Company using the contact information provided in Section 2 of this Privacy Policy.

        We make our best effort to respond to all requests promptly. Where we are unable to comply with your request, we will clearly communicate our legal or factual reasons for the same. If you exercise your right to request personal data processing confirmation or access to your personal data, please indicate whether you would like an electronic or printed copy of such information.

        When you request that we respond to your request immediately, we will provide you with a summary version of your requested information. However, when you request a complete disclosure, we will respond to your request within calendar 30 days from the time of your request and provide you with all the details, including the origin of your personal data, the purpose of processing, and the criteria used for processing while safeguarding our business secrets.

        Where you request us to rectify, delete or anonymise your personal data or you make personal data blocking request, we will immediately pass on your request to the entities with whom we have shared your personal data to enable such other entities to honor your request except in cases where it is either impossible or would involve disproportionate effort on our part.

      2. 7.6.  Transfer of personal data

        LGPD allows us to transfer our users’ data outside of Brazil in the following circumstances:

        7.6.1.  In accordance with legal means provided by international law and where such transfer is required for international legal cooperation between public intelligence, investigation, and prosecution bodies;

      1. 7.6.2.  Where such transfer is required to protect you or another person from any threat to life or physical harm;

      2. 7.6.3.  Any transfer resulting from commitments made under international cooperation agreements;

      3. 7.6.4.  Any transfer authorised by the National Data Protection Authority;

      4. 7.6.5.  Where a transfer is required for executing any public policy;

      5. 7.6.6.  Where a transfer is required for compliance with a legal, regulatory, or

        contractual obligation;

      6. 7.6.7.  Where a transfer is required to exercise our rights in any judicial,

        administrative, or arbitration proceedings.

8. UK, Switzerland and European Economic Area (EEA) Residents

If you are a data subject in the UK, Switzerland, or EEA, you have the following rights relating to your personal data:

  1. 8.1.  Right to access your personal data
    You have the right to request access to your personal data or a copy of your personal data by contacting us.

  2. 8.2.  Right to rectification
    If the personal data we process for you is incorrect, outdated, or incomplete, you have the right to rectify, update, or complete it by accessing your account on the App.

  3. 8.3.  Right to withdraw consent
    To the extent the legal basis of our processing of your personal data is your consent, you have the right to withdraw your consent at any time. You may withdraw your consent from receiving direct marketing communication from us by clicking the unsubscribe link at the bottom of our marketing emails, and we will cease processing your personal data for direct marketing purposes.

  4. 8.4.  Right to the erasure of personal data
    In limited circumstances, you may exercise your right to request the erasure of your personal data, such as where your personal data is being processed unlawfully.

  5. 8.5.  Right to data portability

This right entitles you to receive your personal data, which you have previously provided to the Company in a 'commonly used and machine- readable format,' and you have the right to transmit that data to another controller. This right only applies when the processing is based on your consent or for the performance of a contract and when the processing is carried out by automated means.

We will not charge any fees for the provision of data under your right to data portability unless we can demonstrate that the request is manifestly unfounded or excessive, in particular because of its repetitive character.

8.6. Right to file a complaint
If you believe that your personal data rights are breached, we would truly appreciate it if you would contact us first to discuss the issue. Notwithstanding the foregoing, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence.

Please note that we may request that you provide proof of your identity before servicing your data subject requests.

  1. Security of personal data

    The security of your personal data is important to us. We take all reasonable and financially viable steps to safeguard your personal data from any unauthorized access, use, modification, destruction, or loss. We have integrated various security measures into the design of our App and our day-to-day business operations. Although we make our best effort to safeguard your personal data, you acknowledge that no mode of transmission over the Internet is one hundred percent secure; therefore, we cannot offer you any guarantees as to the absolute security of your personal data. By using the App, you understand and accept that the transmission of data through the App is carried out at your own risk.

  2. Push Notifications

    You hereby consent that, while using the App, you may receive certain notifications ("Push Notifications") from the Company to your registered devices. You can change your device or App settings to prevent or limit the receipt of such Push Notifications.

    You acknowledge and agree that the receipt of such Push Notifications is essential for the effective and prompt use of the App and accept that disabling or limiting such Push Notifications may adversely affect your usage of the App.

    Notwithstanding the aforementioned, the Company acknowledges and respects your right to privacy and shall adhere to its obligations under relevant data protection laws. The Company will not sell, lease, or share personal information transmitted via Push

Notifications to any third party without your express consent, except as required to do so by law or in the good faith belief that such action is necessary to comply with applicable laws or regulatory orders.

  1. Third-party links

    Our App may contain links that will redirect you to third-party websites. Such third- party websites are not owned or operated by us. These third-party websites are governed by their own legal terms and conditions and privacy policy. We advise our users to review all third-party legal agreements before making use of such websites. You understand that the presence of any third party links on our App does not constitute an endorsement of such a third party, and we cannot be held responsible for such a third party’s actions. Your decision to visit these third-party sites is entirely at your own risk.

  2. Children’s Privacy

    We are committed to protecting children’s privacy. The App does not allow individuals under the age of 18 years to sign up for an account. If you believe that a child has provided his/her personal information to us, please contact us, and we will investigate the matter and take appropriate action.

13. Amendments

We reserve the right to make changes to this privacy policy by inclusion, modification, or removal of any part at any time. When we make any material changes to this privacy policy, we will notify you by email or by changing the last modified date on top of this privacy policy. You agree that it is solely your responsibility to review this privacy policy when you revisit the App. Your continued use of the App after we post the updated privacy policy will constitute your acceptance of such changes.