Skip to content

Appendix E. Privacy Policy

Effective: 1 March 2024.

General Terms

Above Property LLC. (APS) declares to abide by the European General Data Protection Regulation 2016/679 of 27 April 2016 with this Privacy Policy.

Data that we collect about you

Personal data means any information that can identify a natural person or any information that can link to an identifiable natural person. Personal data does not include information that is anonymized and where no natural person can be identified.

Personal data that we collect about you:

Above Property LLC. (APS) is an information technology provider for the hotel and hospitality industry. When you make a hotel reservation at one of our customer hotels, we collect Personal Information (your name, address, email address, and payment data) necessary to complete the reservation. Some of our hotel customers may require us, as a data processor, to verify your age and/or birthday in order to reserve rooms at their hotels. We will only ask for information from you that is necessary to complete a hotel reservation.

How we collect data about you

Above Property LLC. (APS) obtains personal data about you when you use that data to make a hotel reservation at any of our customers’ hotels.

Purposes of processing your data

Above Property LLC. (APS) is an information technology provider for the hotel and hospitality industry. When you make a hotel reservation at one of our customer hotels, we may collect Personal Information (your name, address, email address and payment data- collectively, “information”) about you in connection with your (or your organization’s) use of our Services that link to this Privacy Policy. We will only ask for information from you (such as your name, address, email, and payment data) that is necessary to complete a hotel reservation.

Data Retention

We keep your reservation information, like your name, email address, and home address, for as long as our customer hotel (the data controller) instructs us to. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and/or to prevent harm.

Transfer of data

We may share your information with our business units, affiliates, subsidiaries, business partners, service providers and/or your representatives, in order to provide or improve our Services to you. We do not share information with third parties so that they can independently market their own products or services to you unless we have explicitly given you the option to opt-in or opt-out of such disclosures. We will never sell your Personal Information to any third party without your express written consent.

We may share your data with the following categories of third parties:

  • Employees of Above Property LLC. (APS)
  • Contractors in order to provide services
  • Employees and Contractors at the hotel where you made your reservation
  • Payment processors in order to process online payments, bank transfers and merchant banks
  • Professional advisors such as accountants, auditors
  • Legal authorities and law enforcement such as the police, tax authorities

We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We guarantee a similar level of protection by imposing contractual obligations to our subcontractors that are similar to this Privacy Policy.

We share data with the following specific third parties:

  • Google Analytics: we use Google Analytics to anonymously gather statistics about Website users in order to maintain and improve the user experience and Website. Google Analytics is a third-party service provided by Google and this Privacy Policy does not cover the processing performed by Google. For more information about how Google collects and processes your data, please refer to their privacy policy.

  • FreedomPay: some of our hotel customers use FreedomPay as their credit card processor, and we may use FreedomPay to make your credit card transactions more secure. FredomPay requires that certain reservation details, such as Guest Name and Dates of Stay, accompany payment information so the hotel is able to associate a credit card with a specific reservation. FreedomPay is a third-party service and this Privacy Policy does not cover the processing performed by FreedomPay. For more information about how FreedomPay collects and processes your data, please refer to their privacy policy.

  • Shift4: some of our hotel customers use Shift4 as their credit card processor, and we may use Shift4 to make your credit card transactions more secure. Shift4 requires that certain reservation details, such as Guest Name and Dates of Stay, accompany payment information so the hotel is able to associate a credit card with a specific reservation. Shift4 is a third-party service and this Privacy Policy does not cover the processing performed by Shift4. For more information about how Shift4 collects and processes your data, please refer to their privacy policy.

  • Stripe: some of our hotel customers use Stripe as their credit card processor, and we may use Stripe to make your credit card transactions more secure. Stripe requires that certain reservation details, such as Guest Name and Dates of Stay, accompany payment information so the hotel is able to associate a credit card with a specific reservation. Stripe is a third-party service and this Privacy Policy does not cover the processing performed by Stripe. For more information about how Stripe collects and processes your data, please refer to their privacy policy.

We may include links to third party websites, applications, or plug-ins. By clicking on those links you may allow third parties to collect or share data about you. We do not control these third party websites and this Privacy Policy does not cover the processing performed by them. We suggest you check the third party websites for more information about how they handle personal data.

Security measures

We have implemented appropriate technical and organizational measures, procedures and safeguards to prevent the destruction, loss, adjustment, accidental notification to a third party, removal and unauthorized access of personal data.

We maintain physical, electronic, and procedural safeguards to protect your information related to your hotel reservations. These include but are not limited to:

  • Server encryptions
  • SSL Certificates
  • Physically secured servers
  • Antivirus and Firewall
  • Regular backups
  • Encrypted passwords

We only allow access to your personal data to those employees, contractors and other third parties who have a business need to know. They only process your personal data on our instructions and are subject to a duty of confidentiality.

Cookies

A cookie is a small text file that is sent from the server of Above Property LLC. (APS) and is stored on your computer’s hard drive. This allows us to remember your preferences when visiting our Website. The information stored through these cookies can only be read by Above Property LLC. (APS) and only for the duration of your visit to the Website.

Our Website uses cookies and similar technologies to identify you from other users of our Website. This allows us to offer you a better experience when you visit our Website and to optimize our Website in the meantime.

When you use the Website, your device or browser may be sent cookies from third parties, for example when using embedded content and social network links. It’s important for you to know that we have no access to or control over cookies used by these companies or third-party websites. We suggest you check the third party websites for more information about their cookies and how to manage them.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Your GDPR rights (For EU Individuals)

Under the General Data Protection Regulation, data subjects within the European Economic Area are entitled to the following rights:

  • Right of access – you have the right to be informed on how we use your personal data and you have the right to request access to the personal data that we have collected about you;
  • Right of rectification – you have the right to correct inaccurate information that we may have about you;
  • Right to object – you have the right to object to us processing your personal data;
  • Right to restrict processing – you have the right to request us to suspend processing under certain circumstances;
  • Right to data portability – you have the right to obtain a copy of your personal data in an easily readable format in order to transfer to another service;
  • Right to erasure – otherwise known as the ‘right to be forgotten’ meaning that you have the right to request that we delete all the personal data that we have on you (with certain legal exceptions);
  • Right to withdraw consent – where the processing is based on consent, you have the right to at all times, withdraw your consent.

If you wish to exercise any of your rights under the General Data Protection Regulation:

You can contact Above Property LLC. (APS) directly regarding matters pertaining to GDPR:

Above Property LLC
3555 Kraft Road, Suite 400
Naples, Fl 34105
U.S.A.

Telephone: +1 239 263 7406
Email: privacy@aboveproperty.com

We are committed to providing you with a response to your request within 30 days. However, if there are delays in providing you with your request, we will notify you of the delay, the reason for the delay and extend our response time.

Right to make a complaint

You have the right to make a complaint at any time with:

Data Protection Authority
Rue de la Presse 35, 1000 Brussels
Tel : +32 2 274 48 00
Fax : +32 2 274 48 35
contact@apd-gba.be

International transfers

APS is a U.S.-based company that offers our Services to U.S. and international customers. As a result, information that we collect, including personal information, may be transferred to our data centers or service providers in the U.S. By providing your personal information to us, you are consenting to the transfer of your personal information to the U.S. and to our (and our services providers’) use and disclosure of your personal information in accordance with this Privacy Policy.

Due to the global nature of our operations, these transfers will involve transferring your data outside the European Economic Area to the United States. We ensure that there is an adequate level of protection for personal data in the receiving entity.

The Data Privacy Framework for EU, UK and Swiss Individual’s Data Transfer to the United States

Above Property LLC. (APS) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Above Property LLC. (APS) has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Above Property LLC. (APS) has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit:

https://www.dataprivacyframework.gov

Pursuant to the Data Privacy Framework the following notifications apply to EU, UK and Swiss personal data that is transferred into the United States:

The Federal Trade Commission has jurisdiction over Above Property LLC. (APS)’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). EU, UK and Swiss individuals have the right to access their personal data. Individuals wishing to exercise this right may do so by contacting us as specified in the GDPR section of this document.

Above Property LLC. (APS) is liable for the onward transfer of EU, UK and Swiss data to third parties acting as our agents unless we can prove we were not a party giving rise to the damages.

We do not permit the use of EU, UK and/or Swiss data for reasons that are materially different from those for which the data was originally provided. If this practice should change in the future, we will update this policy and provide individuals with opt-out or opt-in (as applicable) choice prior to the release of their information.

We may be required to disclose EU, UK and/or Swiss personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Above Property LLC. (APS) commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Above Property LLC. (APS). You can contact us at:

Above Property LLC
3555 Kraft Road, Suite 400
Naples, Fl 34105
U.S.A.

Telephone: +1 239 263 7406
Email: privacy@aboveproperty.com

Above Property LLC. (APS) has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/program-articles/How-to-Submit-a-Request-Relating-to-U-S-National-Security-Access-to-Data

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to incorporate new rules or guidance issued under the General Data Protection Regulation, Data Privacy Framework, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. Data Privacy Framework and local privacy and data protection legislation. A notice will be posted on the Website for 60 days whenever this Privacy Policy is changed in a material way.