BookNow.Direct
BookNow.Direct
English Greek
Start for Free

Privacy Policy

Last updated: March 23, 2026

Data Controller: REACH.GR, VAT: EL 130637781 ("we", "us"), operating the BookNow.Direct platform.

Contact: [email protected]

1. Data We Collect

Property Owners (account holders): Name, email, phone, password (hashed), locale/timezone preferences, IP address, browser user agent, billing information via Stripe.

Guests (booking visitors): Name, email, phone, country, date of birth, passport number (where required by law), special requests. Guest name, phone, and passport number are encrypted at rest using CipherSweet (NaCl backend).

Property Data: Property name, description, address, coordinates, images, logos, check-in/check-out policies, tax and pricing information.

Payment Data: We do not store full card numbers. Stripe processes and stores payment credentials. We retain only: payment method type, last 4 digits, Stripe customer/payment intent IDs, and transaction amounts.

Automatically Collected: Session data (IP, user agent, last activity) stored in our database for 120 minutes. Analytics events (event type, session ID, date) for platform usage statistics. No third-party tracking cookies are used.

2. How We Use Your Data

  • Process and manage bookings between guests and property owners
  • Process payments and refunds via Stripe Connect
  • Send transactional emails (booking confirmations, cancellations, modifications, pre-arrival reminders, check-in instructions, payment links)
  • Synchronise availability calendars via iCal import/export
  • Generate occupancy and revenue analytics for property owners
  • Authenticate users and maintain sessions
  • Provide multi-language support (EN, EL, DE, FR, IT, ES)

3. Legal Basis (GDPR Art. 6)

  • Contract performance: Processing bookings, payments, account management
  • Legal obligation: Tax records, passport collection where required by local law
  • Legitimate interest: Platform analytics, fraud prevention, service improvement
  • Consent: Marketing communications (if any, opt-in only)

4. Third-Party Processors

Processor Purpose Data Shared
Stripe, Inc. Payment processing (Stripe Connect) Guest email, booking amounts, currency, booking reference
Mailgun (Sinch) Transactional email delivery Recipient email, email content
Google Maps Platform Map display and directions Property address/coordinates (no guest data)

External iCal providers (Airbnb, Booking.com, etc.) receive only blocked date ranges and room identifiers — no guest personal data.

5. Data Retention

  • Account data: Retained while account is active; deleted upon request
  • Booking records: Retained for the legally required period (minimum 5 years for tax purposes in Greece)
  • Sessions: Automatically purged after 120 minutes of inactivity
  • Analytics: Aggregated daily statistics retained indefinitely (no personal data)

6. Your Rights (GDPR Art. 15–22)

You may request: access, rectification, erasure, restriction, portability, or object to processing. Contact us at the email above. We respond within 30 days. You may lodge a complaint with the Hellenic Data Protection Authority (dpa.gr).

7. Security

Sensitive guest data (name, phone, passport) is encrypted at rest. Passwords are hashed with bcrypt. All connections use TLS/SSL. Stripe webhook signatures are verified. Administrative access is logged.

8. International Transfers

Data is processed within the EU. Stripe and Mailgun may process data in the US under EU-approved safeguards (Standard Contractual Clauses / Data Privacy Framework).

9. Children

BookNow.Direct is not directed at individuals under 16. We do not knowingly collect data from minors.