ChargEasy LLC’s Host Privacy Standards
Last Revised: November 20, 2023
Handling Guests Personal Information
As a Host, you will receive and use Guests’ personal information to manage your reservations and deliver your Host Service. Please remember that you are responsible for complying with applicable privacy laws when you handle and process personal information. You should only use the personal information you receive through the ChargEasy LLC Platform as necessary to manage your reservations, comply with applicable laws, and deliver your Host Service. You may not encourage or require Guests to: open an account, leave a review, or otherwise interact with a third-party website, application or service before, during or after a reservation unless such third party is approved by ChargEasy LLC or reasonably necessary for the Host to provide the requested service.
Standard Contractual Clauses
The information to complete the Clauses is as follows:
- The option under clause 7 (docking clause) shall not apply.
- The option under clause 11 (redress) shall not apply.
- The information to complete the Appendix to the Clauses is as follows:
For Annex I.B of the Clauses:
- the data subjects are Guests;
- the purpose of the transfer is to enable you to provide the Host Service;
- the categories of data may include the Guest’s profile and full name, the full name of any additional Guests (if entered), the Guest’s cancellation history, the Guest’s phone number, any other information the Guest chooses to share, and additional information to assist with coordinating the trip including messages exchanged with the Guest;
- the recipients of the data are any service providers you may choose to retain to assist you in providing the Host Services;
- no sensitive data is being transferred;
- the frequency of the transfer is subject to the frequency of reservations of your listing(s); and
- the data are retained for the period determined by you as necessary to manage your reservations, comply with applicable laws, and deliver your Host Service
For Annex II of the Clauses:
Have in place appropriate security measures to meet the requirement of Article 32 GDPR. In particular, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymization and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.