Effective as of: 25/02/2025
Data Controller: Abrego Consulting, SASU, via Hospedix, is responsible for the collection, use, and purpose of clients’ personal data (property owners using Hospedix) to provide and manage access to the SaaS service.
Personal data collected includes: name, email address, phone number, billing information, and passwords (encrypted and stored on our servers) required to access Hospedix.
Management of client accounts, provision of the Hospedix SaaS service, billing of subscriptions and commissions, technical support, and communication with clients.
Processing is based on the performance of the contract between Abrego Consulting, SASU, and the client (Hospedix terms of use and sale), as well as the Company’s legitimate interest in managing and improving the service.
Client data is retained during the active subscription period and deleted within 6 months of termination, unless otherwise required by law. Billing data is kept for 10 years per Article L123-22 of the Commercial Code.
Data Controller: The Client (property owner using Hospedix) is responsible for the collection, use, and purpose of their guests’ personal data. Data Processor: Abrego Consulting, SASU, via Hospedix, acts as a processor by handling this data to provide services (website, booking engine, messaging).
Personal data that may be processed includes: guest information (name, email, phone, stay dates) collected via the booking engine or messaging.
Management of bookings and payments, communication between owners and guests via integrated messaging.
Processing is based on the performance of the contract between the Company and the Client (Hospedix services). Guest consent is obtained by the Client during booking or messaging use (Client’s responsibility).
Booking and message data are retained during the Client’s active subscription and deleted within 6 months of termination, unless otherwise required by law.
The Company implements technical (encryption, restricted access) and organizational measures to protect data, whether as controller or processor. The hosting provider, Hetzner, also ensures a GDPR-compliant security level.
Data is hosted in Germany (EU) by Hetzner. Payments via Stripe may involve transfers outside the EU, governed by the European Commission’s standard contractual clauses.
Clients and guests may exercise their rights (access, rectification, deletion, etc.) with the relevant controller: directly with the Company (francisco@abrego.me) for client data; with the Client for guest data, who must notify the Company if technical action is needed.
In case of a breach, the Company will notify the relevant controller (itself for client data, or the Client for guest data) within a maximum of 72 hours, per Article 33 of the GDPR.
For any questions regarding personal data: francisco@abrego.me.