Effective as of October 1, 2018

The processing of personal data of this website,, and all related applications and software, available on the website or any third party services, including all services, tools and software (hereinafter jointly the "Website, Applications, and Software"; separately, for the website, the "Website"; separately, for the applications, the "Applications", and separately, for the hoste/hotel/accommodation management software, the “Software”) is subject to this Privacy Notice.

The Website, Applications, and Software are operated by Hostelpro OÜ, a private limited company registered under number 12892955 in the Republic of Estonia and whose registered office is at Ahtri 12, Tallinn city, Harju county, 10151 (hereinafter "Company" or we).

We recognize, respect and maintain the protection of your fundamental rights and freedoms and in particular your right to privacy in the context of any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (hereinafter the "Processing") of any information relating to an identified or identifiable user or guest where an identifiable user or guest is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (hereinafter the "Personal Data").

We do not knowingly attempt to solicit or receive Personal Data from children. The particular age of the children are defined differently in many countries, so any case involving a child will be reviewed individually.

We recognize that privacy is an ongoing responsibility, and so we will follow and, from time to time, improve this Privacy Notice as we undertake new personal data practices or adopt new privacy and security rules. Our business model may also change and it may require changes to the current version of the Privacy Notice.

In case if in the light of the GDPR you are a data controller as a hostel, hotel or accommodation owner and, accordingly, we are a data processor, please contact us and we will take all necessary steps to become compliant. We have an accessible standard data processing agreement. Regardless of our contractual relations, we have been taking necessary steps to comply with article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”).

In other cases, you may be a client of the hostel, hotel or accommodation which has collected and processed your Personal Data. In such cases, we act only in accordance with instructions of the data controller.

Regardless of your status, we may be a data controller in cases when we directly collect or process your Personal Data for providing our services and other business interests which are in compliance with the applicable laws..

  1. Personal Data and Processing

We process different types of Personal Data and all types of Personal Data are categorized according to our role. 

We collect your name, hostel/hotel/accommodation name, telephone number, address, email, and links to your hostel/hotel/accommodation website or social media in order to contact you, send you a download link to the Software and analyze your hostel/hotel/accommodation. Here we count on contract and legal interests as legal grounds.

We store name, birthday, residency, nationality, passport/ID number, age, gender, and credit card information of guests of hostels/hotels/accommodations, and other Personal Data which hostel/hotel/accommodation employees collect to provide their services. We do not collect this Personal Data and we presume that a hostel/hotel/accommodation has a legal ground to process such Personal Data. If we become aware that a hostel/hotel/accommodation does not comply with this rule or any applicable data protection law, we may terminate their account and access to the Website, Applications, and Software.

We may send newsletters to hostels/hotels/accommodations and their consumers. We count on the legal interests when sending newsletters to hostels/hotels/accommodations. We send newsletters to hostels/hotels/accommodations’ consumers relying on consent unless there are legal interests on which we may count.

The Website, Applications, and Software may also use pixel tags and targeted ads, also known as beacons, spotlight tags or web bugs, to improve understanding of traffic, visitor behavior, and response to promotional campaigns, as a supplement to our server logs and other methods of traffic and response measurement.

There is also information about your computer hardware and software that is automatically collected by us. This information can include: your IP address, browser type, domain names, access times and referring Website, Applications, and Software addresses. We use this information for the operation of the Company service, to maintain quality of the service, and to provide general statistics regarding use of the Website, Applications, and Software.

We use different third parties to provide our Services. We use Paypal to process payments. We use Amazon Web Services to store information on their servers.

We are not responsible for the privacy statements or other content on websites outside of Company's Website, Applications, and Software.

The Website, Applications, and Software will disclose your or your guests' Personal Data, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on us or the Website, Applications, and Software; (b) protect and defend our rights or property; (c) act under exigent circumstances to protect the personal safety of our clients and users; and, (d) in other cases provided by the applicable law of Estonia.

  1. Use of Cookies

The Website, Applications, and Software use "cookies" to help personalize your online experience. A cookie is a parcel of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server or text file that is placed on your hard disk by a Website, Applications, and Software' server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Website, Applications, and Software' server that you have returned to a specific page. For example, if you personalize Website, Applications, and Software' pages, or register with the Website, Applications, and Software or services, a cookie helps us to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Website or Applications, the information you previously provided can be retrieved, so you can easily use our features that you customized.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies, if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of Company's services or the Website, Applications, and Software you visit and use.

  1. Security of your Personal Data

Your account may be protected by password which you choose. We use industry standard measures to protect the personal information that is stored in our database. We limit the access to your personal information to those account holders and employees who need access to perform their job function, such as our client service personnel. If you have any questions about Company's security measures, please contact us.

Although we take appropriate measures to safeguard against unauthorized disclosures of information and we have our internal Security Policy, but no data transmission is guaranteed to be 100% secure and there are always risks.

  1. Controlling your Personal Data

Within your passcode-protected client account, you can see, review, and change your personal and account information. We do retain personal information from closed accounts to comply with law, prevent fraud, collect any commissions owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our site policies, and take other actions permitted by law. If you believe you have submitted erroneous information that you cannot edit through your client account, please contact us.

  1. Recipients of Personal Data

The recipients of the collected data is the highest management level and employees of the Company. We have appropriate security and organizational arrangements with employees and freelancers when applicable, especially we have Security Policy, a standard data processing agreement, non-disclosure agreements, and internal privacy instructions.

The personal data collected by us is processed in our headquarter in Estonia.

  1. Data Subject’s Rights

You may choose not to provide us with Personal Data. If you choose to do so, you can restrictively continue to visit Website and Applications and browse their pages, but we will not be able to provide you the full range of services without some parts of your Personal Data.

You may turn off cookies in your browser via settings. You can block cookies on your browser refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the Website, Applications, and Software and browse their pages, but Website, Applications, and Software and certain services will not work properly.

You may ask us to refrain from using your data for marketing (when applicable). You can opt out from marketing by emailing us or contacting via the contact form.

You can exercise the following rights when applicable by sending us an email or contacting via the contact form.

You have the right to access information about you, especially:

- the categories of data;

- the purposes of data processing;

- third parties to whom the data disclosed;

- how long the data will be retained and the criteria used to determine that period;

- other rights regarding the use of your data.

You have the right to make us correct any inaccurate Personal Data about you.

You may object to using your Personal Data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behavior).

You have the right to the data portability of your data to another service or website/application. We will give you a copy of your data in readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.

You have the right to be “forgotten”. You may ask erasing any Personal Data about you, if it is no longer necessary for us to store the data for purposes of your use of the Website, Applications, and Software.

You have the right to lodge a complaint regarding the use of your data by us. You can address any complaint to your national regulator (see the list at

In the context of the right to access information we shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster or later.

  1. Retention Period

Our retention practice depends on the type of data we collect, regulatory burden, and how we use the Personal Data. The retention period may also be based on criteria that include legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.

Please contact us to receive a detailed information regarding the retention period of your Personal Data.

  1. Changes to this Privacy Notice

At our sole discretion, we may change the Privacy Notice at any time. If you continue to use the Website or Applications it means that you agree to the updated Privacy Notice. We will notify about such a change in accordance with the procedure set in the Terms and Conditions.

  1. Advertisement

Advertisement appearing on our Website may be delivered to you by advertising partners, who may set cookies. These cookies allow the advertisement server to recognize your computer each time they send you an online advertisement to compile information about you. This information allows advertisement networks to deliver targeted advertisement that they believe will be of most interest to you. This Privacy Notice covers the use of cookies by Company and does not cover the use of cookies by any advertisers.

  1. Transfer

We use Amazon Web Services to store information on their servers in the USA. The USA has not received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Therefore, we rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to The USA personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest in a manner that does not outweigh your rights and freedoms. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Notice. We also enter into data processing agreements and model clauses with our vendors whenever appropriate.

  1. Contact Information

Please contact us via or +37060788435 (9 a.m.-5 p.m. CET) with any questions regarding the Privacy Notice or other related matters. Please report any violations of the Privacy Notice by contacting us.