rapidbounce operates the rapidbounce.co website and provides digital marketing, hospitality technology, and property management services to accommodation providers across Greece and the Mediterranean. We are committed to protecting your privacy and handling your data with transparency and care.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our platforms.
1. Information We Collect
We collect information in the following categories:
- Personal Data: Name, email address, phone number, and other contact information you voluntarily provide through our contact forms, service agreements, or direct communication.
- Business Data: Company name, property information, accommodation details, and professional data relevant to the hospitality services we provide.
- Booking and Guest Data: When properties use our platform, we process reservation data including guest names, dates of stay, booking channel information, and payment references on behalf of property owners.
- Usage Data: Information about how you access and use our websites, including IP address, browser type and version, device type, operating system, pages visited, referring URLs, and time spent on pages.
- Communication Data: Records of correspondence when you contact us, including email content, form submissions, and customer support interactions.
2. How We Use Your Information
We use collected information for the following purposes:
- To provide, maintain, and improve our hospitality management and digital marketing services
- To process and manage property reservations, revenue data, and channel integrations on behalf of our clients
- To respond to your inquiries, support requests, and service-related communications
- To send administrative information, service updates, and relevant marketing communications
- To analyse usage patterns, monitor service performance, and improve our platforms
- To generate anonymised insights and analytics for our clients' business operations
- To comply with legal obligations and protect our rights and those of our users
3. Legal Basis for Processing
We process personal data under the following legal bases as defined by the GDPR:
- Contractual necessity: Processing required to fulfil our service agreements with property owners and partners
- Legitimate interests: Improving our services, ensuring platform security, and conducting business analytics
- Consent: For marketing communications and optional data collection — you may withdraw consent at any time
- Legal obligation: Compliance with applicable laws, tax regulations, and regulatory requirements
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your data with:
- Service Providers: Third-party companies that assist us in operating our business, including cloud hosting (Google Cloud Platform), analytics, email delivery, and payment processing services
- Channel Partners: Online Travel Agencies (Booking.com, Airbnb, Expedia, etc.), channel managers, and booking platforms as required to deliver our hospitality distribution services
- Payment Processors: Stripe and other payment service providers for secure transaction processing
- Marketing Platforms: Email marketing tools (Mailchimp) and advertising platforms (Google Ads, Meta) when you opt in to marketing communications
- Legal Requirements: When required by law, regulation, court order, or governmental authority
We require all third-party service providers to respect the security of your personal data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes.
5. Data Security
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:
- Encryption of data in transit (TLS/SSL) and at rest
- Role-based access controls and authentication mechanisms
- Regular security assessments and infrastructure monitoring
- Automated threat detection and intrusion prevention
- Secure development practices and code review processes
- Database backups with point-in-time recovery capabilities
6. Data Hosting and Infrastructure
Our platform and all associated data are hosted on Google Cloud Platform (GCP), specifically within the europe-west1 (Belgium) region. This means your data is stored and processed within the European Union, ensuring compliance with EU data residency requirements.
Our infrastructure includes:
- Compute: Google Cloud Run (europe-west1) — fully managed, auto-scaling containerised services
- Database: Google Cloud SQL for PostgreSQL (europe-west1) — managed relational database with automated backups, encryption at rest, and high availability
- Storage: Google Cloud Storage (EU multi-region) — for media assets and static files, with server-side encryption
- Networking: Google Cloud Load Balancing with managed SSL certificates and DDoS protection
- Monitoring: Google Cloud Operations Suite for logging, monitoring, and alerting
All data processing occurs within the European Union. We do not transfer primary data to servers outside the EU. Google Cloud Platform's europe-west1 region has SOC 2, ISO 27001, ISO 27017, and ISO 27018 certifications. Additionally, the europe-west1 region operates with 97% Carbon Free Energy (CFE), reflecting our commitment to environmentally responsible infrastructure.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods include:
- Active service data: Retained for the duration of our service agreement plus 12 months
- Booking and reservation data: Retained in accordance with applicable tax and accounting regulations (typically 5-10 years)
- Marketing data: Retained until you withdraw consent or unsubscribe
- Website analytics: Aggregated and anonymised after 26 months
- Support correspondence: Retained for 24 months after resolution
8. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restrict processing — request limitation of how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — withdraw previously given consent at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at enquiry@rapidbounce.co. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.
9. International Transfers
Our primary data processing takes place within the EU (Google Cloud Platform, europe-west1, Belgium). In limited cases, data may be accessed by third-party service providers located outside the EEA. When this occurs, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules of the third-party provider
10. Cookies and Tracking
We use cookies and similar technologies to enhance your browsing experience, analyse site traffic, and personalise content. The cookies we use include:
- Essential cookies: Required for basic website functionality (session management, security)
- Analytics cookies: Google Analytics — to understand how visitors interact with our site (anonymised IP)
- Marketing cookies: Meta Pixel, Google Ads — to measure advertising effectiveness (only with consent)
- Preference cookies: To remember your language selection and display preferences
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.
11. Third-Party Services
Our services integrate with third-party platforms, each governed by their own privacy policies:
- Analytics: Google Analytics, Google Tag Manager
- Advertising: Google Ads, Meta (Facebook/Instagram) Ads
- Social Media: LinkedIn, Facebook, Instagram, TikTok, X (Twitter)
- Email Marketing: Mailchimp
- Payments: Stripe
- Booking Channels: Booking.com, Airbnb, Expedia, and other OTAs via WebHotelier
- Maps: Google Maps
We encourage you to review the privacy policies of these services before interacting with them through our platform.
12. Children's Privacy
Our services are designed for business-to-business (B2B) use and are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and revising the "Last updated" date. For significant changes, we may also provide direct notification via email.
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please contact us:
15. Data Controller
The data controller for the purposes of the GDPR is:
RAPIDBOUNCE TECHNOLOGY SERVICES S.M.P.C.
Legal Representative: Achilleas Karydis, Manager
Lechouriti 1 & Louvari 14
12132 Peristeri, Athens
Attica, Greece
enquiry@rapidbounce.co
rapidbounce.co