100% GDPR COMPLIANT

GDPR Compliance

Complete transparency on how we protect your data and comply with EU regulations

View DPA

The 7 GDPR Principles

How we implement each principle in our platform

Lawfulness, Fairness & Transparency

We process data lawfully, fairly, and in a transparent manner.

Our Compliance:

We provide clear privacy notices and obtain valid consent.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes.

Our Compliance:

We only use data for the purposes stated in our Privacy Policy.

Data Minimization

We collect only data that is adequate, relevant, and necessary.

Our Compliance:

We limit data collection to what is essential for our services.

Accuracy

We ensure personal data is accurate and kept up to date.

Our Compliance:

Users can update their information at any time.

Storage Limitation

Data is kept only as long as necessary for the specified purposes.

Our Compliance:

We have clear data retention policies and deletion schedules.

Integrity & Confidentiality

Data is processed securely with appropriate technical measures.

Our Compliance:

256-bit encryption, access controls, and regular security audits.

Accountability

We are responsible for demonstrating GDPR compliance.

Our Compliance:

Regular audits, documentation, and compliance reporting.

Your Rights Under GDPR

You have complete control over your personal data

Right to Access

You can request a copy of all personal data we hold about you.

How to Exercise:

Via account settings or by contacting our DPO.

Response Time:

30 days

Right to Rectification

You can request correction of inaccurate or incomplete data.

How to Exercise:

Update directly in your account or contact support.

Response Time:

Immediate

Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

How to Exercise:

Via account settings or by contacting our DPO.

Response Time:

30 days

Right to Restriction

You can request that we limit how we process your data.

How to Exercise:

Contact our DPO with specific restrictions.

Response Time:

30 days

Right to Data Portability

You can receive your data in a machine-readable format.

How to Exercise:

Export function in account settings.

Response Time:

Immediate

Right to Object

You can object to processing based on legitimate interests.

How to Exercise:

Contact our DPO with your objection.

Response Time:

30 days

Technical Security Measures

Enterprise-grade security to protect your data

Encryption

256-bit SSL/TLS for data in transit
AES-256 encryption for data at rest
End-to-end encryption for sensitive communications
Encrypted backups in multiple locations

Access Control

Multi-factor authentication (MFA)
Role-based access control (RBAC)
Principle of least privilege
Regular access reviews and audits

Monitoring & Detection

24/7 security monitoring
Intrusion detection systems
Regular vulnerability scanning
Penetration testing

Data Protection

Regular automated backups
Disaster recovery procedures
Data loss prevention (DLP)
Secure data deletion protocols

International Data Transfers

🇪🇺

Primary Storage

Data stored in EU data centers (Ireland)

📜

Transfer Safeguards

Standard Contractual Clauses for all transfers

🔒

Extra Protection

Additional encryption for international data

Contact Our Data Protection Officer

Have questions about how we handle your data? Our DPO is here to help.

📧

dpo@rosenheimbookings.com

📍

Address

London, United Kingdom

⏱️

Response Time

Within 48 hours

Contact DPO