The Ocho – Luxury Villa Rentals
Last Updated: January 2025
The Ocho ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, mobile applications, and services (collectively, the "Platform").
We act as the data controller for the personal data we process. This policy is designed to comply with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.
The Ocho
Email: privacy@theocho.com
Website: www.theocho.com
For data protection inquiries, you may contact our Data Protection Officer at: dpo@theocho.com
When you interact with our Platform, you may provide us with:
Account and Booking Information: Name, email address, phone number, postal address, date of birth, nationality, passport or ID details (where required by local regulations), payment information, and booking preferences.
Communication Data: Messages, inquiries, feedback, and correspondence you send to us or our property partners.
Guest Information: Details of other guests included in your booking, including names and ages.
Special Requests: Dietary requirements, accessibility needs, or other preferences you share with us.
When you access our Platform, we automatically collect:
Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information.
Usage Data: Pages visited, time spent on pages, click patterns, search queries, and navigation paths.
Location Data: Approximate location based on IP address. Precise location only with your explicit consent.
We may receive information from property owners and managers regarding your stay, payment processors regarding transaction status, marketing partners and advertising networks, and social media platforms if you choose to connect your accounts.
We process your personal data based on the following legal grounds:
Contract Performance: Processing necessary to fulfill our booking agreements with you, including managing reservations, processing payments, and providing customer support.
Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, platform security, service improvement, and direct marketing to existing customers (where permitted).
Legal Obligations: Processing required to comply with applicable laws, including tax regulations, anti-money laundering requirements, and local registration laws.
Consent: Where you have given explicit consent, such as for marketing communications, cookies, or processing of special category data.
We use your personal data for the following purposes:
Booking Management: Processing and managing your reservations, communicating booking confirmations and updates, coordinating with property owners and staff, and handling payment transactions.
Customer Service: Responding to inquiries and requests, resolving complaints and disputes, and providing pre-arrival and during-stay support.
Platform Improvement: Analyzing usage patterns to enhance our services, developing new features and functionality, and conducting research and analytics.
Marketing and Communications: Sending promotional offers and newsletters (with consent), personalizing content and recommendations, and conducting surveys and feedback requests.
Security and Compliance: Preventing fraud and unauthorized access, verifying identity where required, and complying with legal obligations.
We may share your personal data with:
We share relevant booking and guest information with property owners, managers, and on-site staff to facilitate your stay. This includes your name, contact details, arrival/departure times, guest count, and any special requests.
We engage trusted third parties who assist in operating our Platform, including payment processors, cloud hosting providers, email service providers, customer support tools, and analytics services.
We may disclose your data when required by law, court order, or government request, to protect our rights, property, or safety, to prevent fraud or security threats, or in connection with a merger, acquisition, or asset sale.
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.
We retain your personal data only as long as necessary for the purposes outlined in this policy:
Booking Records: 10 years from the date of your last booking, as required for tax and legal compliance.
Account Information: Until you request account deletion, plus a reasonable period for backup and legal purposes.
Communication Records: 3 years from the date of the communication.
Marketing Preferences: Until you withdraw consent or unsubscribe.
Technical Logs: Up to 12 months for security and troubleshooting purposes.
After the retention period, your data will be securely deleted or anonymized.
Under applicable data protection laws, you have the following rights:
Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
Right to Restriction: Request limitation of processing in certain circumstances.
Right to Data Portability: Receive your data in a structured, commonly used format and transfer it to another controller.
Right to Object: Object to processing based on legitimate interests, including profiling and direct marketing.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: File a complaint with a supervisory authority, such as the German Federal Commissioner for Data Protection (BfDI).
To exercise your rights, please contact us at privacy@theocho.com. We will respond within 30 days.
Essential Cookies: Required for the Platform to function, including session management and security features. These cannot be disabled.
Functional Cookies: Remember your preferences and settings to enhance your experience.
Analytics Cookies: Help us understand how visitors interact with our Platform, using services like Google Analytics.
Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness.
You can manage your cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect Platform functionality.
Our Platform does not currently respond to "Do Not Track" browser signals. However, you can opt out of tracking through our cookie settings or browser controls.
We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit (TLS/SSL) and at rest, access controls and authentication, regular security assessments and penetration testing, employee training on data protection, and incident response procedures.
While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.
Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information.
Our Platform may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our Platform or sending you an email. The "Last Updated" date at the top indicates when the policy was last revised.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
The Ocho – Privacy Team
Email: privacy@theocho.com
Data Protection Officer: dpo@theocho.com
Website: www.theocho.com
For complaints, you may also contact:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Website: www.bfdi.bund.de
By using The Ocho Platform, you acknowledge that you have read and understood this Privacy Policy.
