Privacy Policy, term of use & cookie policy

Privacy Policy for Local Host

Local Host (accessible at www.thelocalhost.com) is committed to protecting the privacy and security of personal data of our guests and website visitors. We collect, process and store personal data in accordance with the EU General Data Protection Regulation (GDPR (EU 2016/679) and Cyprus Data Protection Law 125(I)/2018. This Privacy Policy explains what information we collect, how and why weuse it, with whom we share it, how we protect it, and your rights regarding your data. If you have questions about this policy, you can contact us at bookings@thelocalhost.com .

1. What Personal Data We Collect

We collect personal information that you provide to us directly and data generated by your use of our services. This may include:

* Identification and Contact Data: Full name, postal address, email address, telephone number, date of birth, nationality, passport/ID number or other government ID (for check-in purposes).

* Booking and Reservation Details: Reservation dates, room or service preferences, payment information (e.g. credit/debit card or bank account details for deposits), and any special requests you make (e.g. dietary restrictions, accessibility needs).

* Travel and Stay Data: Information related to your stay or visit (e.g. the number of guests, loyalty/membership status, arrival/departure times).

* Account and Profile Data: If you create an account on our website or booking platform, we collect your login credentials and profile information.

* Correspondence Data: Any information you provide when you communicate with us (via email, phone, or contact forms), including the contents of your messages.

* Technical/Usage Data: IP address, browser type, device identifiers, operating system, and website usage information (e.g. pages visited, referral/exit pages) collected through cookies and server logs. 

* Some of this data is “special category” (sensitive) data (e.g. health information if you disclose it, biometric data if any) and we will only process it with your explicit consent or as permitted by law. We only collect personal data that is necessary for legitimate hospitality and booking purposes. If you do not provide required personal data (e.g. identification for check-in, payment details), we may be unable to provide our services or complete your reservation.

2. How We Collect Your Personal Data

We gather personal data from various sources, including:

* Directly from You: When you make a booking or reservation (online, by phone or in person), fill in forms on our website, subscribe to our newsletter, or communicate with us (email, phone,chat), you provide information such as your name, contact details, and booking preferences.

* Third-Party Providers: We may receive your data from booking platforms, travel agencies, corporate clients, or payment processors with whom you have arranged a booking. For example, if you booked through a partner site, we will receive the information necessary to fulfill your reservation.

* Your Devices and the Website: When you use our website, we automatically collect data through cookies and similar technologies. We also log IP addresses and usage patterns via server logs for analytics and security.

* Publicly Available Sources: If you interact with us through public social media or business directories, we may collect your publicly visible profile information (with your consent, as required).

* Legal or Compliance Sources: Where required, we may obtain information from official sources (e.g. law enforcement, public records) to comply with legal obligations or for fraud prevention.

Whenever we collect data, we will inform you of the purpose and legal basis for processing it. For example, if you contact us by email, the privacy notice will explain why we need the data you provide and how we will use it (e.g. to answer your inquiry).

3. How We Use Your Personal Data

We use your personal data for the following purposes, based on an appropriate legal basis (consent, performance of a contract, legal obligation, or our legitimate interests):

* Providing Services (Contractual Necessity): To manage your bookings and provide accommodation or related services (e.g. room allocation, concierge requests). This includes communicating with you about your booking (confirmations, reminders) and fulfilling our contractual commitments.

* Payment Processing (Contractual/Legal Obligation): To process deposits or payments and comply with financial regulations. We share payment data with trusted payment processors andbanks to complete transactions.

* Customer Support (Legitimate Interest): To respond to your requests and inquiries, handle complaints or feedback, and generally manage your relationship with us.

* Safety and Security (Legitimate Interest): To ensure safety on our premises and to detect and prevent fraud or unauthorized use of our services.

* Site and Service Improvement (Legitimate Interest): To analyze how you use our website and services, in order to improve our offerings, optimize the user experience, and develop new features. We may use aggregated or anonymized data (which is not personally identifiable) for statistical analysis.

* Marketing and Promotions (Consent or Legitimate Interest): If you have opted in, we willuse your contact information to send you promotional offers, newsletters, or event announcements related to hospitality services. We only do this with your explicit consent (youcan opt out at any time). In some cases, we may send you direct marketing by mail or phone, but you have the right to object at any time.

* Legal Compliance (Legal Obligation): To comply with law enforcement requests, court orders, tax and accounting regulations, and other statutory requirements in Cyprus. For example, we retain accounting records for the legally required period (typically 6 years).

* Record Keeping: We may keep records of our communications (emails, call recordings, reservation forms) to demonstrate compliance with obligations and to protect our or your legal interests (e.g. in the event of a dispute).

At all times, we apply the principle of data minimization: we only use your personal data for the purposes stated and keep it only as long as needed for those purposes. Whenever we rely on legitimate interests, we ensure your fundamental rights do not override those interests.

4. Legal Basis for Processing

Under the GDPR and Cyprus law, we may process personal data only if we have a valid legal reason. These include:

* Contract: Processing is necessary to perform a contract (e.g. your booking agreement with us) or to take steps at your request before entering into a contract.

* Consent: Where required (e.g. marketing communications, certain analytics), you have given clear consent. You may withdraw consent at any time, without affecting prior processing.

* Legal Obligation: We must process data to comply with a legal obligation (e.g. tax law, health and safety regulations, law enforcement).

* Legitimate Interests: For purposes such as fraud prevention, security, or improving our services, when our interests do not override your rights (e.g. using analytics to improve thewebsite). A “legitimate interest” means we have a business or commercial reason to use your data, provided your privacy is respected.

* Vital Interests: In rare cases, to protect someone’s life (e.g. in a medical emergency).

We only process your data for purposes compatible with the original reason it was collected. If we wish to use your data for an unrelated purpose, we will notify you and obtain your consent if needed.

5. Data Sharing and Disclosure

We do not sell personal data. We share or disclose personal data only in limited circumstances, as described below:

* Local Host Internal Departments: Your data is accessible to Local Host staff who need it to provide services (e.g. reservations team, front desk, housekeeping, maintenance, accounting, legal). We restrict access on a need-to-know basis.

* Affiliated Companies: If you book through a Local Host partner or we work with related hospitality companies, we may share data within our corporate group (for administration, marketing to you if consented, and group reporting), under strict confidentiality.

* Service Providers and Vendors: We engage third parties to perform services on our behalf (e.g. payment processors, IT/cloud hosting, email distribution, marketing platforms, analytics, professional advisors). We only share data that these providers need to perform their functions, under written contracts that require GDPR-level protection. We impose strict confidentiality and security obligations on them (e.g. by using EU Standard Contractual Clauses or other safeguards).

* Booking and Travel Partners: If you book via a travel agent, online travel agency or booking platform (e.g. Airbnb, Booking.com), they will receive the personal details needed to fulfill your reservation. Similarly, if we refer you to a partner (e.g. tour operator, airport transfer), we may share your contact and booking details with them. We ensure any partner processes your data lawfully.

* Payment Processors and Banks: We share payment information with banks or payment processors strictly to complete transactions. They in turn are obligated to secure your data.

* Legal and Regulatory Authorities: We may disclose personal data to law enforcement, courts, or government agencies in response to lawful requests (e.g. subpoenas, police investigations) or to comply with legal requirements (such as fire safety incident reports).

* Health and Safety Officials: In the event of an emergency (e.g. medical, fire), we may share necessary personal data with emergency responders or public health authorities.

In all cases, we strive to limit disclosure to what is required and only if permitted by law. For example, we will not release your personal contact information for marketing by third parties unless you have opted in. As Local Host’s policy notes, we allow third parties to handle your data only if they take appropriate security measures, and we bind them by contract to use the data only to provide services to us.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes it was collected, and as permitted or required by law. In practice:

* During Your Stay: We keep booking and transaction records for the duration of your stay or reservation.

* After Departure: When your booking is completed or terminated, we retain the data for a period needed to handle any potential claims or refunds. In line with best practice and law, we may keep data for up to the limitation period for claims (typically several years) or as long as required by regulation. For example, in Cyprus, accounting and tax records must be kept for about 6 years. Whenever we dispose of data, we do so securely (e.g. shredding or permanent deletion).

* Abandoned Bookings: If a reservation or membership application was not completed or was cancelled, we may retain the information (e.g. name, contact) for a limited time (usually no more than 1–2 years) to prevent fraud.

* Website Data: Analytics data or cookies may be kept for a shorter period (often under 1 year) to analyze traffic trends. We also regularly purge server logs older than needed for diagnostics or legal reasons.

* Marketing Lists: If you sign up for newsletters, we keep your email and preferences until you unsubscribe or request removal.

* Legal Exceptions: Certain information (e.g. records of customer complaints) may be kept longer if a legal dispute is ongoing. Call recordings (if used for customer service) may be retained up to 1–2 years for quality assurance or legal protection.

Local Host’s policy similarly states it keeps data “as long as you maintain a contractual relationship” and “until the limitation period of any relevant claims expires”: keeping data no longer than needed and securely deleting it thereafter.

7. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies (web beacons, pixels, local storage) to enhance functionality and analyze usage. These include:

* Essential Cookies: Necessary for basic website functions (e.g. login, language settings). Without them, certain services may not work.

* Performance and Analytics Cookies: We use cookies (e.g. Google Analytics) to collect information about how visitors use the site (pages visited, time spent, etc.), which helps us improve the website. This data is aggregated and not personally identifiable.

* Functional Cookies: Remember your preferences (e.g. currency selection) so you don’t have to re-enter them on each visit.

* Marketing/Advertising Cookies: If we display targeted ads or use social media widgets, cookies may collect your browsing habits across sites to show you relevant offers. We do not have control over third-party cookies, but they are subject to those parties’ policies.

As our previous policy notes, these cookies store information on your device (such as your preferences or pages visited) and help optimize your experience. You can control or block cookies via your browser settings (see your browser’s help menu). Blocking essential cookies may prevent parts of the site from functioning. For more details, please see our Cookie Policy .

8. Your Privacy Rights

Under the GDPR and Cyprus law, you have the following rights regarding your personal data:

* Right of Access: You can request a copy of the personal data we hold about you and information about how we process it.

* Right to Rectification: You can ask us to correct inaccurate or incomplete data we hold about you. We may verify the new information before updating.

* Right to Erasure (“Right to be Forgotten”): You can request deletion of your personal data if we no longer need it or you withdraw consent and there is no other legal ground for us to keep it. (Note: this right is not absolute; for example, we may retain data to comply with legalobligations or defend against claims.)

* Right to Restrict Processing: You may ask us to suspend processing your data while a dispute about accuracy or lawful processing is resolved. During restriction, we may store your data but not use it. We will inform any third parties we shared your data with of this restriction if feasible.

* Right to Data Portability: You can request to receive your personal data in a structured, commonly used format (e.g. CSV) or have it transferred directly to another controller, where technically feasible.

* Right to Object: You have the right to object at any time to processing based on our legitimate interests or for direct marketing. If you object to marketing, we will cease that processing immediately. If you object to other processing, we will stop unless we demonstrate compelling legal grounds to continue.

* Right to Withdraw Consent: Where we rely on consent (e.g. for marketing), you may withdraw it at any time. Withdrawal will not affect any processing done before you withdrew consent.

* Right Not to be Subject to Automated Decision-Making: You have the right to not be subject to decisions based solely on automated processing (including profiling) if they have legal or similarly significant effects on you. We do not use automated decision-making on individuals, except in limited cases (e.g. automated credit checks) where statutory safeguards apply.

* Right to Lodge a Complaint: You may file a complaint with us at bookings@thelocalhost.com . You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection (contact details below) or, if applicable, any other EU data protection authority in the EU country where you reside or work.

We aim to respond to all valid data subject requests promptly and within the statutory timeframe (usually one month). To exercise any of these rights, please contact us in the contact information indicated in Section 12 below.

9. Children’s Privacy

Our services are not directed to children. We do not knowingly collect personal data from children under 16 years of age without parental consent. If you are under 16, please obtain permission from a parent or guardian before using our site or providing any personal information. If we learn that we have inadvertently collected data from a child under 16 without verification of parental consent, we will delete that data. For reference, Local Host’s policy similarly states it does not collect data from children under 14 without consent; we follow the spirit of this by protecting minors’ data at all times.

10. Data Security

Protecting your personal data is of utmost importance. We have implemented appropriate technical and organizational security measures to safeguard your information from unauthorized access, alteration, disclosure or destruction. These measures include:

* Physical Security: Access controls at the accommodation.

* IT Security: Firewalls, antivirus and anti-malware software on our servers and devices. We usesecure, encrypted connections (TLS/SSL) on our website to protect data in transit.

* Access Controls: Internal policies ensure that only authorized employees and service providers can access personal data, and only the data necessary for their role. User accounts and systems use strong password policies and, where possible, two-factor authentication.

* Data Encryption: Sensitive information (such as payment data) is encrypted both in transit and, where stored, in databases.

* Policies and Training: We maintain a security policy and data protection procedures. Staff are trained on data privacy principles and breach response. We regularly review and update oursecurity practices.

* Regular Audits: We perform periodic security audits and vulnerability scanning to identify and mitigate risks.

As Local Host’s policy explains, we apply “modern and suitable measures” and check them regularly to protect your data. Despite all efforts, no system is infallible; however, if a data breach were to occur, we have an incident response plan to contain the breach and notify affected individuals and authorities as required by law.

11. Transfers of Data Outside the EEA

Local Host is based in Cyprus (an EU member state). We may use cloud services or partner companies outside the European Economic Area (EEA). Whenever we transfer personal data outside the EEA, we ensure it remains protected at a level equivalent to EU standards. In particular, we rely on one or more of the following safeguards:

* Adequacy Decisions

* Standard Contractual Clauses (SCCs).

* Privacy Frameworks.

For example, Local Host’s policy notes that transfers outside the EEA are subject to special rules and only done with adequate safeguards. We adhere to the same principle: no transfer without proper protection. You may request details of our safeguards at any time by contacting us.

12. Contact Information and Complaints

If you have any questions about this Privacy Policy or our data practices, wish to exercise your data protection rights, or to make a complaint, please contact:

* Local Host (Data Controller): Local Host Ltd, Email: bookings@thelocalhost.com . We will respond within 1 month to any request.

* Data Protection Officer (if any): If applicable, you may also address inquiries to our appointed DPO.

If you are not satisfied with our response, you have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection:

* Address: 1 Iasonos Street, 1082 Nicosia, Cyprus

* Tel: +357 22818456

* Email: commissioner@dataprotection.gov.cy

* You may also complain to any EU data protection authority in the EU country where you work or live.

We may update this Privacy Policy from time to time (for example, if services change or laws are updated). Any changes will be posted on our website, and we will note the effective date at the top. We encourage you to review this policy periodically. Continued use of our services after updates means you accept the revised terms.

WhatsApp Communications – The Local Host

Effective Date: 1 July 2025

Last Updated: 1 July 2025

At The Local Host, we are committed to safeguarding your privacy and ensuring the lawful, fair, and transparent processing of your personal data. This Privacy Policy describes how we collect, use, store, and protect your data in the context of WhatsApp-based communications, specifically regarding your participation in our VIP list for exclusive offers, events, and updates.

1. Data Controller

The data controller responsible for processing your personal data is:

* The Local Host

* Website: www.thelocalhost.com

* Email: info@thelocalhost.com

Phone: +35794300301

Phone: +96170271771

2. Categories of Personal Data Collected

We may collect and process the following types of personal data via WhatsApp:

* Your mobile phone number

* Your full name (if provided)

* Message content and responses (e.g., "YES", "NO", "STOP")

* Preferences or interests you voluntarily share in conversation

This data is collected only for the purposes outlined below and is not used for profiling or automated decision-making.

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

* To manage your inclusion in our WhatsApp VIP list

* To send you promotional messages, event updates, and special offers

* To respond to inquiries and manage your communication preferences

Legal Basis:

Processing is based on your explicit consent under Article 6(1)(a) GDPR, which you provide when you reply with "YES" to our invitation message. You can withdraw your consent at any time by replying with "STOP", or by contacting us directly using the details in Section 1.

4. Data Sharing and International Transfers

We may use third-party messaging platforms such as WhatsApp (owned by Meta Platforms Inc.) to send communications. These platforms may process your data under their own privacy policies and act as independent data controllers. We do not sell, share, or disclose your data to third parties for their marketing purposes. If your personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with Articles 44–49

GDPR, including:

* Standard Contractual Clauses (SCCs)

* Data processing agreements

* Transfer impact assessments

5. Data Retention

We will retain your personal data for as long as you are subscribed to our VIP list or until you withdraw your consent. Upon receiving a STOP command or equivalent request, your personal data will be promptly and securely deleted from our active marketing systems.

6. Your Rights Under the GDPR

You have the following rights with respect to your personal data:

* Right to Access – Request a copy of your personal data

* Right to Rectification – Request correction of inaccurate or incomplete data

* Right to Erasure – Request deletion of your personal data

* Right to Restrict Processing – Request that we limit processing of your data

* Right to Data Portability – Receive your data in a machine-readable format

* Right to Object – Object to processing for direct marketing

* Right to Withdraw Consent – Revoke your consent at any time

To exercise any of these rights, please contact us via the details in Section 1. We will respond within one month, as required under Article 12 GDPR.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

* Access control

* Encrypted communication channels

* Role-based permissions and restricted access

* Secure deletion procedures

These measures are regularly reviewed and updated to reflect evolving security practices.

8. Changes to This Privacy Policy

We may update this WhatsApp Privacy Policy from time to time to reflect legal updates, platform changes, or improvements to our services. Any changes will be communicated to you directly via WhatsApp or published on our website. We encourage you to check this policy periodically for updates.

9. Contact and Complaints

If you have any questions, concerns, or wish to exercise your data rights, please contact:

Email: info@thelocalhost.com

Phone: +35794300301

Phone: +96170271771

If you are unsatisfied with our response, you may lodge a complaint with the Cyprus Data Protection Authority:

Office of the Commissioner for Personal Data Protection

Website: www.dataprotection.gov.cy

Email: commissioner@dataprotection.gov.cy

Tel: +357 22818456

Cookie Policy for The Local Host

Effective Date: 1 July 2025

Last Updated: 1 July 2025

1. Introduction

This Cookie Policy explains how The Local Host (“we”, “us”, or “our”) uses cookies and similar technologies to recognize you when you visit our website www.thelocalhost.com. It explains what these technologies are, why we use them, and your rights to control their use.

2. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work or work more efficiently, and to provide information to the site owners.

Cookies can be:

* Session Cookies – deleted when you close your browser

* Persistent Cookies – remain on your device for a set period or until manually deleted

Cookies may be:

* First-party cookies – set by our website

* Third-party cookies – set by third-party services we use (e.g., analytics or advertising)

3. Types of Cookies We Use

* Strictly Necessary: Essential for you to navigate the website and use its features

* Performance: Collect information about how visitors use the website (e.g.,Google Analytics)

* Functionality: Allow the website to remember your preferences (e.g., language,region)

* Targeting/Marketing: Used to deliver relevant ads and measure advertising effectiveness

4. Third-Party Cookies

We may allow third-party services, such as Google Analytics, Facebook Pixel, or advertising networks, to place cookies to provide analytics and deliver targeted advertisements. These cookies are governed by the respective third-party privacy/cookie policies.

5. Managing Cookies

You have the right to decide whether to accept or reject cookies:

* Browser Settings: Most browsers allow you to control cookies through their settings.

* Cookie Banner: On your first visit, you will be presented with options to accept, reject, or manage cookies.

* Withdraw Consent: You can withdraw consent at any time via your browser or by contacting us.

Note: Disabling cookies may affect site functionality.

6. Updates to This Policy

We may update this Cookie Policy to reflect changes in technology, law, or our

practices. Updates will be posted on this page with a revised "Last Updated" date.

7. Contact Us

For any questions about this Cookie Policy, contact us at:

Email: info@thelocalhost.com

Phone: +35794300301

Phone: +96170271771