PRIVACY POLICY
1. Who We Are
Flataway provides technology services for property managers (PMCs) and guests, including booking engines, AI website builders, and a vacation rental network. In doing so, we act as a data controller when handling user and PMC data.
Contact Details:
Email: privacy@flataway.com
Phone: +359 875 333 000
Address: 27 Solunska Str., Sofia 1000, Bulgaria
2. What Data We Collect
We collect and process the following categories of personal data:
- Identification Data: Full name, email, phone number, postal address
- Booking Data: Property booked, check-in/check-out dates, number of guests, preferences
- Payment Data: Processed securely via Stripe (we do not store card details)
- Communications: Messages between guests and PMCs with our support team
- Technical Data: IP address, browser type, operating system, cookies
- Profile Data: Saved properties, preferences, reviews or feedback
This data is collected through your use of the platform, booking activities, and communication interactions.
3. Why We Process Your Data
We process your personal data for the following purposes:
- To manage bookings and reservations
- To facilitate secure payments
- To enable communication between guests and PMCs
- To send booking confirmations and essential updates
- To comply with legal obligations (e.g., tax reporting, legal claims)
- To provide support, resolve disputes, and enforce our policies
- To improve and personalize our services
- To send marketing communications, when permitted
4. Legal Grounds for Processing
We rely on the following lawful bases for data processing:
- Performance of a contract – for handling bookings, payments, and guest communication
- Legitimate interests – to ensure platform functionality, prevent fraud, and improve services
- Consent – for marketing communications (you may withdraw consent at any time)
- Legal obligation – for tax compliance and regulatory requirements
5. Sharing of Personal Data
We share your data only when necessary and under strict data protection terms:
| Recipient | Purpose |
| PMCs | To fulfill bookings (e.g., guest name, contact details, reservation details) |
| Stripe | To securely process payments |
| Service Providers | Hosting, analytics, and CRM tools used to deliver our services |
| Legal Authorities | If required by law or court order |
We do not sell or rent your personal data to third parties.
6. International Transfers
When data is transferred outside the European Economic Area (EEA), including to PMCs or technical providers, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place to maintain GDPR compliance.
7. Data Retention
We retain personal data only as long as necessary:
| Data Type | Retention Period |
| Account Data | While the account is active |
| Booking Records | Up to 7 years (for legal and financial obligations) |
| Payment Data | Stored only temporarily and deleted after processing (via Stripe) |
| Support/Communication | Retained for internal analysis and resolution purposes |
We regularly review our retention practices to remain compliant.
8. Data Security
We implement organizational and technical safeguards, including:
- Encryption of sensitive data during transmission
- Access control to restrict data to authorized personnel
- Regular audits and assessments to identify vulnerabilities
However, no system is 100% secure. If you suspect unauthorized use of your data, please contact us immediately.
9. Your Rights Under GDPR
As a data subject, you have the following rights:
- Access – Request a copy of your data
- Rectification – Correct inaccurate or incomplete data
- Erasure – Request deletion of your data (subject to legal exceptions)
- Restriction – Limit how your data is processed in certain cases
- Portability – Request your data in a structured, machine-readable format
- Objection – Object to processing based on legitimate interests or marketing
- Withdraw Consent – At any time for data processed based on consent
10. Exercising Your Rights
You can exercise your rights by contacting us at:
Email: privacy@flataway.com
We will respond within 30 days in accordance with GDPR.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Enable website functionality
- Analyze user behavior for improvements
- Personalize your experience
- Deliver marketing content (if permitted)
12. Changes to This Policy
We may update this Privacy Policy periodically. Major changes will be communicated via email or through the platform. Continued use of Flataway after updates implies acceptance of the new terms.
13. Contact Us
If you have any questions or concerns regarding this Privacy Policy or our data practices, please reach out to our Data Protection Officer:
Email: privacy@flataway.com
Mailing Address: 27 Solunska Str., Sofia 1000
Phone: +359 875 333 000