Privacy Policy | SeoVillage

Privacy Policy

Privacy POLICY

 

Last revised on October 9, 2025

 

 

Scope of this Privacy Policy

 

This Privacy Policy sets out the basis on which SEOVILLAGE SIA, registration number 40203503114, legal address at Antonijas Street 16A – 35, Riga, LV-1010, Latvia (“SEOVILLAGE”, “we“, “us“, or “our“) collects, uses, discloses, and otherwise processes personal data of individuals (“guest(s)”, “you“, “your“) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, commonly referred to as the General Data Protection Regulation (“GDPR”).

 

We are committed to ensuring the lawful, fair, and transparent processing of your Personal Data (for the purposes of this Privacy Policy, “Personal Data” shall have the meaning given in Article 4(1) of the GDPR: any information relating to an identified or identifiable natural person) and to upholding your rights as a Data Subject (for the purposes of this Privacy Policy, “Data Subject” shall have the meaning given in Article 4(1) of the GDPR: an identified or identifiable natural person to whom the Personal Data relates under applicable data protection laws).

 

This Privacy Policy applies to the processing of Personal Data in connection with your interaction with any of our hospitality services and venues (“Hospitality Venues”), including, but not limited to:

  • Reservations made for accommodation at hotels or guest houses listed on our platform, whether made with or without account registration (i.e., as a “guest” user);
  • Your stay at any of our hotels or guest houses;
  • Your use of services at our restaurants, SPAs, or other hospitality-related venues;
  • Your interaction with our website, digital platforms, online services, and communications, including those via social media channels.

 

By accessing or using our services, including, but not limited to, services offered at our Hospitality Venues, you acknowledge that you have read and understood this Privacy Policy and, where required, consent to the processing of your Personal Data as described herein, to the extent permitted under applicable data protection laws, including the GDPR.

 

Please note that this Privacy Policy does not apply to the processing of Personal Data in the context of employment or recruitment activities. A separate privacy policy governs the processing of Personal Data for human resources purposes.

 

If you have any questions, requests, or concerns regarding this Privacy Policy or the processing of your Personal Data, you may contact us at any time using the contact details set out in Annex 1, or through our designated privacy communication channels.

 

Who We Are and How to Contact Us

 

SEOVILLAGE (please refer to the “Contact Details” in Annex 1) is a company registered in Latvia. We provide a variety of accommodation and leisure services through our network of Hospitality Venues.

 

For the purposes of this Privacy Policy, SEOVILLAGE acts as the Data Controller (X) of your Personal Data. This means that SEOVILLAGE determines the purposes and means of processing your Personal Data in relation to:

  • The operation and administration of our reservation system;
  • The management of SEOVILLAGE’s marketing, promotional, and communication activities; and
  • The maintenance of a database of guests who have stayed at, will stay at, or have used or will use any of our listed Hospitality Venues.

 

If you have any questions, requests, or concerns regarding this Privacy Policy or how your Personal Data is processed, you may contact us at any time using the contact details set out in Annex 1, or through our designated privacy communication channels.

 

What Personal Data Do We Collect?

 

Personal Data in the context of this Privacy Policy refers to any information that identifies you directly (e.g., your name) or indirectly (e.g., through your email address or telephone number). This may include, but is not limited to, your name, contact details, payment information, reservation history, preferences, and other relevant data.

 

The specific Personal Data we collect, and how we collect it, depends on the nature of your interaction with us. Generally, we process the following categories of Personal Data:

 

  • Core Identification & Contact Information: full name, email address, phone number, residential or billing address, passport or ID details (where legally required), date of birth, emergency contact information;
  • Reservation & Stay-Related Data: check-in/check-out dates, booking reference numbers, booking source (website, travel agency), room type, rate, and guest preferences (e.g., bed type, smoking/non-smoking), number of guests (including children), and any additional services requested (e.g., airport transfers, special packages);
  • Payment & Billing Information: credit/debit card details (tokenized or processed via secure third-party providers), billing address, payment status, invoice history, tax/VAT details (if applicable), payment method and status,
  • Preference & Profile Information: language preferences, loyalty status and data (if offered), stay and dining preferences (e.g., minibar items, late checkout, room temperature or pillow preference (if offered));
  • Health & Accessibility Information (Special Category Data): dietary restrictions (e.g., allergies, vegetarian/vegan), mobility/accessibility requirements, wellness-related data (e.g., massage or SPA treatment preferences, health forms), medical conditions (only when relevant and voluntarily provided);
  • Restaurant / SPA / Leisure Service Data: table or SPA booking details (time, number of guests, occasion), menu preferences, allergies, or notes, usage history of facilities (e.g., gym, SPA treatments), feedback forms or complaints;
  • Digital Interaction Data: IP address, device/browser data, cookies and tracking technologies, interaction logs (e.g., pages visited, forms submitted), marketing preferences and communication consent, geolocation (if using mobile apps or map integrations);
  • Security & Compliance Data: used for safety, fraud prevention, and legal obligations: CCTV footage (video and audio) (in public/common areas), incident reports or security logs, guest consent records (e.g., for marketing or data processing), records of transactions for audit or tax purposes.

 

For a complete overview of the Personal Data, we process about you, along with the relevant purposes and legal bases for such processing, please refer to the “List of Personal Data Processing Activities” in Annex 2.

 

How Do We Collect Your Personal Data?

 

We may collect or receive Personal Data from you through our website, mobile apps (if available), social media channels, customer service interactions, or when you stay at or use any of our Hospitality Venues.

 

In some instances, you provide Personal Data to us directly, for example:

  • When making a reservation;
  • During check-in or check-out;
  • When contacting us via customer service or submitting a request;
  • When subscribing to our marketing communications.

 

In other instances, we collect Personal Data automatically, for example:

  • Through the use of cookies and similar technologies when you browse our website or use our app (if available), enabling us to understand how you interact with our digital platforms.

 

We may also receive Personal Data about you from third-party sources, for example:

  • Travel booking platforms and travel agents;
  • Payment service providers or credit card companies;
  • Social media platforms, when you interact with our content or communicate with us via those channels;
  • Publicly accessible sources, including online reviews or feedback you submit on third-party platforms such as Tripadvisor.com, Booking.com, or Google.

 

We take reasonable steps to ensure that any third party from whom we receive Personal Data are lawfully permitted to share such data with us.

 

How We Use Your Personal Data

 

We process your Personal Data in accordance with applicable data protection laws, including the GDPR, and only where we have a valid legal basis to do so. These legal bases include:

  • Performance of a contract: to fulfil our obligations under a contract with you or to take steps at your request prior to entering into a contract (e.g., when you make a reservation or request specific services);
  • Compliance with legal obligations: to comply with applicable laws and regulatory requirements (e.g., collecting identification details upon check-in; retaining transaction records for tax and financial reporting purposes);
  • Legitimate interests: Where it is in our legitimate business interests to process your Personal Data, provided that such interests are not overridden by your rights and freedoms (e.g., we may process your Personal Data to operate, manage, evaluate, and improve our services and operations; to detect and prevent fraud, unauthorized transactions, or other unlawful activities; to protect against legal claims; and to enforce our internal policies and ensure compliance with applicable laws and industry standards.
  • Consent: where you have provided your explicit consent (e.g., when subscribing to our marketing communications or where required for the processing of special categories of Personal Data).

 

How we use your Personal Data depends on your relationship with us and how you interact with our services. For a detailed overview of how we use your Personal Data and the corresponding legal bases, please refer to the “List of Personal Data Processing Activities” in Annex 2.

 

We will only process special categories of Personal Data (such as health information or other sensitive data) with your explicit consent, or where we are otherwise legally permitted to do so (e.g., where processing is necessary to protect your vital interests or to comply with a legal obligation).

 

If you have any questions regarding how we collect, use, or safeguard your Personal Data, you may contact us at any time using the contact details set out in Annex 1, or through our designated privacy communication channels.

 

Sharing Your Personal Data

 

When we share your Personal Data as described below, we take appropriate technical and organizational measures to ensure that third-party recipients implement adequate safeguards to protect your Personal Data in accordance with applicable data protection laws, including the GDPR.

 

  1. We do not sell or share your Personal Data for third-party marketing

We do not disclose your Personal Data to third parties for their own direct marketing purposes. However, if you request us to share your Personal Data with third-party platforms (e.g., social networks), please note that those platforms may use your Personal Data in accordance with their own privacy policies, which we do not control.

 

  1. Sharing within SEOVILLAGE and affiliated entities

We may share your Personal Data with affiliated companies, subsidiaries, or other legal entities operating under SEOVILLAGE. Access will always be controlled on a need-to-know basis and will only be provided where it is necessary to deliver the requested services or to allow us to perform any necessary or legitimate functions (including operational, management, administrative, supervisory, or evaluative purposes).

 

  1. Sharing with Hospitality Venues (hotels, guest houses, restaurants, SPAs)

Where your interaction involves a specific Hospitality Venue, we may share your Personal Data with that venue to manage your booking, fulfil contractual obligations, process payments, accommodate service requests, or facilitate your stay. This includes both SEOVILLAGE-operated and independently operated venues listed on our platform.

 

In some cases, these venues may act as independent data controllers or joint controllers with SEOVILLAGE, depending on the nature of the relationship. You may request further information about specific venues and their data protection roles by contacting us at any time using the contact details set out in Annex 1, or through our designated privacy communication channels.

 

  1. Sharing with third-party service providers (processors)

We rely on trusted third parties to perform a range of business operations on our behalf. We always use our best efforts to ensure that all third parties we work with will keep your Personal Data secure. We only provide them with the information they need to perform the service, and we require that they do not use your Personal Data for any other purpose. For example, we may entrust services that require the processing of your Personal Data to:

  • Suppliers that provide customer care assistance for reservations, complaint handling, and/or loyalty operations;
  • Third parties that assist and help us in providing IT services, such as platform providers, hosting services, and maintenance and support for our databases as well as our software and applications;
  • Third parties that assist and help us in providing digital services (such as online check-in and check-out);
  • Digital service providers supporting mobile apps (if available), check-in tools, identity verification, or ratings, reviews, and survey platforms;
  • Advertising, marketing, digital, and social media agencies to help us deliver advertising, marketing, and campaigns, and analyze their effectiveness;
  • Payment processors and financial service providers for billing and fraud prevention;
  • Lawyers, auditors, financial advisors, and other third-party service providers in connection with their services to SEOVILLAGE.

 

All such providers are bound by contractual obligations to safeguard your data and act only on our instructions.

 

  1. Business transfers and acquisitions

If SEOVILLAGE or a part of its assets is acquired by a third party, Personal Data we hold relating to those assets will be one of the transferred assets. In such cases, your Personal Data will be processed by the buyer acting as the new controller, and its privacy policy will govern the processing of your Personal Data.

 

We may disclose your Personal Data to any regulatory, statutory, governmental, or other relevant authorities, agencies, or bodies and industry regulators, and any other person to whom SEOVILLAGE is compelled, required, or permitted to do so by law, rules or regulations, legal process or litigation, or to any person pursuant to any order of a court of competent jurisdiction or comparable legal process.

 

How We Protect Your Personal Data

 

We implement reasonable physical, technical, and organizational security measures to protect your Personal Data against unauthorized or unlawful processing, as well as accidental loss, destruction, or damage. These measures are designed to ensure an appropriate level of security based on the risks associated with the processing of your Personal Data.

 

Specifically, we operate data networks and systems that are secured by using industry-standard technologies and protocols. When transmitting Personal Data over untrusted networks, we use secure communication protocols to help protect the integrity and confidentiality of your information.

 

Access to your Personal Data is restricted to authorized personnel and trusted service providers who require it to perform their duties. Access is granted strictly on a need-to-know basis and only for legitimate business purposes.

 

While we strive to protect our systems, sites, operations, and information from unauthorized access, use, modification, and disclosure, the inherent nature of the internet as an open global communication medium, along with other risk factors, means we cannot guarantee that any information, either during transmission or while stored on our systems, will be completely secure from intrusion by others.

 

If you have any questions about how we safeguard your Personal Data, you may contact us at any time using the contact details set out in Annex 1, or through our designated privacy communication channels.

 

How Long Do We Keep Your Personal Data?

 

We retain your Personal Data only for as long as necessary to fulfill the processing purposes outlined in the “List of Personal Data Processing Activities” in Annex 2.

 

This means, for instance, that we will no longer store your Personal Data when our (contractual) relationship with you comes to an end, unless further storage is permitted or required under applicable law, including the GDPR.

 

To determine how long we will retain your Personal Data, we will consider several factors, including:

  • The purpose for which we hold your Personal Data;
  • Our legal and regulatory obligations in relation to that Personal Data, such as any financial reporting obligations;
  • Whether our relationship with you is ongoing, for example, if you continue to receive marketing communications or regularly browse our website or mobile apps (if available);
  • Any specific requests from you regarding the deletion of your Personal Data; and
  • Our legitimate interests in managing our own rights, such as the defense of any claims.

 

When we no longer need to use your Personal Data, it will either be removed from our systems and records or anonymized so that you can no longer be identified from it.

 

What Are Your Rights Regarding Your Personal Data?

 

The GDPR grants specific rights, summarized below, which you can, in principle, exercise free of charge, subject to statutory exceptions. These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another individual or if you ask us to delete information that we are legally required to retain or have compelling legitimate interests in keeping.

 

You have the following rights regarding how we process your Personal Data:

  • Information: You have the right to receive clear, transparent, and easily understandable information about how we use your Personal Data and what your rights are.
  • Rectification: You have the right to request that any inaccurate or incomplete Personal Data we hold about you be corrected or updated.
  • Deletion: You have the right to request that we delete your Personal Data, subject to certain exceptions — for instance, where we are required to retain it to comply with a legal obligation.
  • Withdraw Consent: Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. You can do so by unsubscribing from commercial emails, contacting us using the details in Annex 1, or through our designated privacy communication channels. Withdrawing your consent will not affect the lawfulness of processing carried out prior to the withdrawal. Please note that we may continue processing your Personal Data based on other legal grounds, as outlined in this Privacy Policy.
  • Access: Subject to certain exceptions, you have the right to access and receive a copy of the Personal Data we process about you. This will typically be provided electronically or in writing, and verbally where legally permitted. A reasonable fee may apply where allowed by law.
  • Restriction: You may request that we restrict the processing of your Personal Data in certain circumstances (for example, if you contest the accuracy of the Personal Data or object to its processing).
  • Portability: You have the right to request that we transmit the Personal Data we hold in respect of you to you or to another data controller.
  • Portability: You may request that your Personal Data be transmitted to you or to another data controller under specific conditions, including where this is technically feasible and legally required.
  • Objection: You have the right to object to the processing of your Personal Data under specific conditions, including when we process your Personal Data based on legitimate interests or for direct marketing purposes.

 

You can exercise any of these rights (where applicable) by contacting us at any time using the contact details set out in Annex 1, or through our designated privacy communication channels. We will respond within the timeframe required by applicable law, including the GDPR. In some cases, we may ask you to verify your identity before we can proceed with your request, to ensure that your Personal Data is not disclosed to anyone else.

 

If you are a resident of the European Economic Area and are not satisfied with our response or believe we have violated your data protection rights, you have the right to lodge a complaint with a competent Supervisory Authority (such as the data protection authority in your country of residence or work).

 

Your Marketing Choices

 

You have control over whether you receive direct marketing communications from us, such as promotional emails. We will always ask for your consent before sending you marketing communications. For example, we will request that you tick a box to indicate your consent to receive “news via email and commercial offers.” You can opt out of receiving such communications at any time. If you no longer wish to receive marketing communications or remain on a mailing list to which you previously subscribed, simply follow the unsubscribe link in any of our communications.

 

Your Obligations

 

We expect that you will only provide Personal Data about yourself to us. If you provide Personal Data about other individuals, you must ensure that you comply with any legal obligations related to sharing that information with us. Where necessary, you must also ensure that we are authorized to use, process, and transfer that information. In particular, and subject to applicable local laws, if you use a credit card not issued in your name, you confirm that the cardholder has consented to its use and agrees that we may collect, use, and disclose their Personal Data for the purpose of processing your transaction at our Hospitality Venues.

 

We also expect that the Personal Data you provide is accurate, and that you will promptly update us if any of your Personal Data changes.

 

Children

 

We do not knowingly collect or solicit Personal Data from anyone under the age of 18, nor do we knowingly allow such individuals to make bookings at our Hospitality Venues. If we learn that we have inadvertently collected Personal Data from a child under 18 without obtaining proper parental consent, we will take prompt action to remove that information.

 

If you believe we have inadvertently collected information from or about a child under the age of 18 (except as permitted under applicable laws, including the GDPR, in the context of using our Hospitality Venues), please contact us using the contact details set out in Annex 1 or through our designated privacy communication channels.

 

Changes to this Privacy Policy

 

We may update this Privacy Policy periodically. In the event of significant changes, we will notify you by posting the updated version on this page or through other appropriate communication channels typically used to communicate with you. Any changes to this Privacy Policy will take effect immediately upon being posted on our website, unless otherwise stated.

 

 

 

ANNEX 1 – Contact Details Of seovillage

 

SEO VILLAGE SIA

Registration number 40203503114

Legal address at Antonijas Street 16A – 35, Riga, LV-1010, Latvia

E-mail: [email protected]

 

 

 

ANNEX 2 – LIST OF PERSONAL DATA PROCESSING ACTIVITIES

 

Click here to see all activities