Privacy Policy

Effective Date: 9 January 2026

Controller Identity and Contact

This privacy policy explains how Snippets s.r.o. (trading as Beylo), located at Bukurestska 2556/26, 04013, Kosice, Slovakia (“we”, “our”, “us” or the “Controller”) processes personal data in connection with your use of our peer‑to‑peer rental marketplace and related services (“Services”). We operate within the European Union, with primary operations in Spain (starting in Mallorca). If you have questions about this policy or wish to exercise your data protection rights, please contact us at support@beylo.app.

What Data We Collect

We collect different types of information when you use our Services:

• Account Information: When you register an account, we collect your name, email address, password, phone number and, where necessary, your date of birth to confirm you are at least 18 years old. If you register as a business, we may also collect your company name and VAT number.
• Booking and Transaction Information: When you create or accept a booking, we collect details about the listing, rental dates, amounts charged or paid, Security Deposits, Service Fees and any communications between Owners and Renters.
• Payment Information: Payments are processed by Stripe. We do not store full credit card numbers. Stripe collects your payment method details and may collect additional information such as your billing address and tax information to process payments. See Stripe’s privacy policy for more information.
• Device and Usage Information: We automatically collect technical data about the devices you use and how you interact with our Services, such as IP address, browser type, operating system, referral URLs and pages visited. This data may identify your approximate location.
• Communications: We may collect the content of messages or reviews you send through the Platform and any information you provide when you contact customer support.
• Cookies and Similar Technologies: We use cookies and similar technologies to provide, secure and improve our Services and to remember your preferences. Cookies are small files placed on your device; learn more under “Cookies & Tracking”.

Purposes and Legal Bases for Processing

We process your personal data for the following purposes and under the legal bases described in the General Data Protection Regulation (GDPR):

• To provide and administer the Services: including creating and managing accounts, facilitating bookings, processing payments and deposits, and enabling communications between Users (Art. 6(1)(b) GDPR – performance of a contract).
• To comply with legal obligations: such as tax and accounting requirements, prevention of fraud and anti‑money laundering obligations (Art. 6(1)(c) GDPR – legal obligation).
• To protect our legitimate interests and those of our Users: including resolving disputes, enforcing our Terms, ensuring network and information security and improving the Services (Art. 6(1)(f) GDPR – legitimate interests). When we rely on our legitimate interests, we balance these interests against your rights and freedoms.
• To communicate with you: including sending booking confirmations, updates, security alerts and service messages (Art. 6(1)(b) and (f) GDPR). We may also send marketing communications if you have given consent (Art. 6(1)(a) GDPR – consent) or where permitted by law (Art. 6(1)(f) GDPR – legitimate interests). You can opt out at any time.
• To comply with requests from data subjects: responding to your requests to exercise your data protection rights (Art. 6(1)(c) GDPR – legal obligation).
• Other purposes: If we intend to use your data for additional purposes, we will explain the purpose and legal basis at the time of collection and, where required, obtain your consent.

Stripe as Payment Processor

We use Stripe to process payments. Stripe acts as our data processor and collects payment details such as your name, email, billing address and payment method. Stripe may transfer data outside of the EU/EEA. Stripe states that it uses Standard Contractual Clauses and participates in the EU–U.S. Data Privacy Framework to legitimise these transfers. For more details, please see Stripe’s privacy policy. We do not store full payment card numbers on our servers.

Analytics and Tracking

We use Google Analytics to collect aggregated statistics about how visitors use our website. Google Analytics may collect your IP address, device information and interactions with the Services. This information helps us analyse usage patterns and improve the Services. Google may process this data on servers outside of your country; Google states that it relies on adequacy decisions, the EU–U.S. Data Privacy Framework and Standard Contractual Clauses to legitimise international transfers. You can disable Google Analytics cookies through your browser settings. We currently do not operate a cookie banner; non‑essential cookies are disabled until we implement one. For more information, see Google’s privacy policy.

We may in the future use advertising pixels (e.g. Facebook Ads) and email tools to send marketing communications. We will only use such tools with your consent where required and will update this policy when they are implemented.

Data Sharing

We share your personal data only when necessary for the purposes described in this policy:

• With other Users: When you make or accept a booking, we may share certain information (such as your first name, profile photo and contact details) with the other party to facilitate the rental.
• With service providers: We use third‑party service providers to support our operations (e.g. Stripe for payments, hosting providers, analytics providers, customer support tools). We require these providers to process data only on our behalf and under appropriate data protection agreements.
• With law enforcement, regulators and legal advisors: We may disclose your information if required by law or when we believe disclosure is necessary to protect our rights, comply with legal obligations or enforce our Terms.
• In connection with corporate transactions: In the event of a merger, acquisition or sale of all or part of our business, your personal data may be transferred to the acquiring entity as part of the transaction, subject to confidentiality obligations.

International Transfers

Your personal data may be transferred to and processed in countries outside your country of residence. When we transfer data from the European Economic Area (EEA), Switzerland or the United Kingdom to a country that is not subject to an adequacy decision, we rely on Standard Contractual Clauses or other approved transfer mechanisms. You may request a copy of the relevant transfer safeguards by contacting us at the address above.

Data Retention

We retain personal data only for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes and enforce our agreements. For example, we may keep account information for as long as your account is active and for a reasonable period after closure to meet legal or record‑keeping requirements. Booking and transaction records may be retained for up to the maximum period allowed by law to satisfy accounting and tax obligations. Communications and customer support records may be kept for the maximum period allowed by law. Where retention periods are not fixed by law, we will delete or anonymise data after it is no longer needed.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to be informed: to know how your data is used.
• Right of access: to request confirmation of whether we process your data and to obtain a copy of it.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of your data in certain circumstances.
• Right to restrict processing: to request that we limit the processing of your data in certain circumstances.
• Right to data portability: to receive your data in a structured, commonly used and machine‑readable format and to transmit it to another controller.
• Right to object: to object to our processing of your data based on our legitimate interests or for direct marketing.
• Right not to be subject to automated decision‑making: not to be subject to a decision based solely on automated processing that produces legal effects concerning you.

You can exercise your rights by contacting us at the address listed above. We will respond to your request within one month. If we need more time, we will inform you within one month and explain why. We may ask you to verify your identity before responding to your request.

You also have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD); contact details are available at aepd.es. If you reside in another EU country, please refer to your national authority.

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or alteration. Measures include encryption, access controls, two‑factor authentication for administrative accounts and regular security assessments. While we strive to protect your information, no system can guarantee absolute security.

Children and Minors

Our Services are intended for individuals aged 18 and older. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that a child has provided us with personal data, please contact us so that we can delete the information.

Cookies & Tracking

We use cookies and similar technologies to operate and improve our website. At present, we do not use any non‑essential cookies and therefore do not require a cookie consent banner. Cookies that are strictly necessary for the functioning of the site do not require your consent. When we introduce optional cookies, we will ask for your explicit consent via a cookie banner. To comply with the GDPR and the ePrivacy Directive, we will:

• Obtain your consent before using any cookies that are not strictly necessary for our Services.
• Provide clear information about what each cookie does and how long it persists.
• Record and store your consent and make it as easy to withdraw consent as it is to give it.

You can adjust your cookie preferences at any time through the cookie settings link on our website. For more information on our use of cookies, please see our separate Cookie Policy (coming soon).

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where required, by additional notice. Your continued use of the Services after the effective date of the revised policy constitutes acceptance of the changes.

Contact & Complaints

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at beylo(at)snippets.ltd.

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with the supervisory authority in your country of residence. Contact details for EU data protection authorities can be found at edpb.europa.eu.