Privacy Policy

Introduction

VerMare is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our vacation rental management platform.

Data Controller

The data controller responsible for your personal data is:

Data We Collect

We collect the following personal data when you use our platform:

• Full name
• Email address
• Phone number
• Business address and country
• Identity document details (for property owners, as required by law)
• Payment information (processed securely through our payment provider)
• Property and booking data

Purpose of Data Processing

We process your personal data for the following purposes:

• Providing and managing our vacation rental management services
• Communicating with you about your account, properties, and bookings
• Complying with legal obligations (including tax and accommodation registration requirements)
• Improving our platform and user experience

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our platform services to you
• Legal Obligation: Processing required to comply with tax, accounting, and accommodation laws
• Consent: For marketing communications (only with your explicit consent)
• Legitimate Interest: For improving our services and ensuring platform security

Accommodation Law Compliance

When operating properties through VerMare, you may be required to comply with local accommodation registration laws. Our platform helps you collect and report guest information as required by law (e.g., Estonian § 24, similar regulations in other countries).

Data Retention

We retain your personal data only as long as necessary:

• Account and booking data: Duration of your subscription + 3 years
• Guest registration data: As required by local law (varies by country)
• Financial records: 7 years (accounting requirements)

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit and at rest, secure access controls, regular security assessments, and staff training on data protection.

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restriction: Request limitation of data processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests

Cookies and Tracking

Our platform uses cookies to enhance your experience:

• Essential Cookies: Required for the platform to function (session, authentication, language preference)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with our platform. This data is anonymized and used solely to improve our services.

Data Sharing with Third Parties

We may share your data with the following third parties:

• Payment processors (Montonio, Stripe) for secure payment processing
• Relevant authorities (when legally required for guest registration)
• Cloud hosting providers (Railway) for platform operation
• Analytics providers for platform usage analysis (anonymized data)

Contact Us & Complaints

For any privacy-related questions or to exercise your rights, please contact us at privacy@vermare.eu. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority:

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.