This document is a translation of the original Dutch Privacy Policy of B&M Stays. This translation is provided for informational purposes only. In case of discrepancies, the Dutch version shall prevail.
Data Controller: B&M Stays · Bjorn Freriksen & Melanie Wondergem · KvK 42012528 · info@benmstays.nl
1. Introduction
B&M Stays attaches great importance to the protection of your personal data. In this privacy policy, we inform you about what data we collect, why, how long we retain it, and what rights you have. We process personal data in accordance with the General Data Protection Regulation (GDPR).
2. What data do we collect?
We process the following personal data:
Via the contact form
- Name
- Email address
- Phone number (optional)
- Content of your message
- IP address (for security and spam prevention)
Via a reservation request
- Name
- Email address
- Phone number (optional)
- Desired travel period and number of guests
- Any additional messages
Via the website
- Technical data such as IP address and browser session (via server logs and session management for security purposes)
- We do not use tracking cookies or external analytics services
3. Purposes and legal bases
We process your personal data exclusively for the following purposes:
- Responding to your contact request — legal basis: legitimate interest (Art. 6(1)(f) GDPR)
- Processing your reservation request and concluding a rental agreement — legal basis: performance of a contract (Art. 6(1)(b) GDPR)
- Website security — legal basis: legitimate interest (Art. 6(1)(f) GDPR)
- Compliance with legal obligations — legal basis: legal obligation (Art. 6(1)(c) GDPR)
4. Retention periods
- Contact requests: we retain your data for a maximum of 12 months after the last communication, unless an ongoing relationship justifies longer retention.
- Reservation data and bookings: 7 years after the booking date, in accordance with the statutory retention obligation for administration.
- Server logs and IP addresses: maximum 30 days.
5. Sharing with third parties
We do not sell or rent your personal data to third parties. We may share data with:
- Strato AG — our hosting provider (server infrastructure and email processing, based in Germany, GDPR-compliant).
- Competent authorities — where we are legally obliged to do so.
We do not use American cloud services (such as Formspree) for processing contact forms or reservations. All email processing takes place via our own server at Strato.
6. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. These include:
- Encrypted connections (HTTPS/TLS)
- CSRF protection on all forms
- Rate limiting against abuse
- Hashed passwords (bcrypt)
- Database configuration outside the webroot
7. Your rights
Under the GDPR, you have the following rights regarding your personal data:
To exercise your rights, you can contact us at info@benmstays.nl. We will respond to your request within 30 days. We may ask for identity verification.
8. Complaints
If you believe we are not processing your personal data correctly, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority):
- Website: autoriteitpersoonsgegevens.nl
- Phone: 088 – 180 52 50
We would however appreciate it if you contact us first so that we can resolve any issues together.
9. Cookies
Our website only uses functional session cookies that are necessary for the security of forms (CSRF protection). These cookies are not used for tracking or marketing and do not contain personal data. No cookie banner is required for functional cookies.
10. Changes
We reserve the right to amend this privacy policy. The most current version is always available at benmstays.nl/privacyverklaring. In the event of significant changes, we will inform those affected where possible.