In accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and Estonian law on personal data protection
Spixes OÜ (hereinafter "Spixes", "we", "the Company") attaches paramount importance to the protection of its users' personal data.
This Privacy Policy aims to inform you about how we collect, use, share and protect your personal data in the context of using the Spixes platform (hereinafter "the Platform").
This policy applies to all Platform users: Hostels (accommodation establishments) and Backpackers (travelers).
SPIXES OÜ
Legal form: Osaühing (private limited liability company under Estonian law)
Registration number: [PENDING ALLOCATION]
Registered office: Tallinn, Estonia
Data protection contact email: privacy@spixes.com
Legal representatives: Nicolas Michaud, Jules [Last name], Guillaume [Last name]
Status: Under appointment
Email: dpo@spixes.com
When registering on the Platform, we collect the following data:
To fight fraud and ensure security, we may ask you to provide:
We use cookies and tracking technologies. Consult our Cookie Policy for more information.
We process your personal data for the following purposes, on the indicated legal bases:
| Purpose | Legal basis (GDPR) |
|---|---|
| Creation and management of your user account | Contract performance (art. 6.1.b) |
| Provision of connection services | Contract performance |
| Payment processing (Premium Subscription) | Contract performance |
| Identity verification and fraud prevention | Legitimate interest (art. 6.1.f) + Legal obligation (art. 6.1.c) |
| Platform improvement and new feature development | Legitimate interest |
| User experience personalization (recommendations, matching) | Legitimate interest |
| Sending transactional communications (confirmations, notifications) | Contract performance |
| Sending newsletters and marketing communications | Consent (art. 6.1.a) – with opt-in |
| Compliance with legal and regulatory obligations | Legal obligation |
| Response to competent authority requests | Legal obligation |
| Dispute and complaint management | Legitimate interest |
| Statistical analyses and market studies (anonymized data) | Legitimate interest |
| Platform security and cyberattack prevention | Legitimate interest |
| Social Space functioning (groups, events, interactions) | Contract performance |
| Moderation of content published in Social Space | Legitimate interest |
Your personal data may be communicated to the following categories of recipients:
Authorized Spixes personnel (developers, customer service, moderation team, management)
In case of legal obligation or request from a competent judicial or administrative authority.
In case of merger, acquisition, asset sale or restructuring, your data may be transferred to the acquiring third party.
Your personal data is hosted on servers located within the European Union / European Economic Area (EU/EEA).
Some of our processors may be located in third countries (outside EU/EEA).
In this case, we ensure that the transfer is framed by one of the following guarantees:
You can obtain a copy of appropriate guarantees by contacting us at: contact@spixes.com.
We retain your personal data only for the duration necessary for the purposes for which it was collected, in compliance with legal obligations.
| Data category | Retention period |
|---|---|
| Active account data | Duration of Platform use + 3 years after last activity |
| Deleted account data (by user) | Immediate deletion, except legal obligations |
| Billing and payment data | 10 years (accounting and tax obligation) |
| Identity verification data | 5 years after end of contractual relationship |
| Connection logs and technical data | 12 months (legal security obligation) |
| Cookies | In accordance with Cookie Policy (13 months maximum) |
| Litigation data | Duration of procedure + applicable limitation periods |
| Social Space data (groups, events, posts) | Duration of group/event existence + 1 year after deletion or closure |
In accordance with GDPR, you have the following rights:
You have the right to obtain confirmation that your data is being processed and to access this data.
You may request correction of inaccurate or incomplete data.
You may request deletion of your data in the following cases:
You may request temporary suspension of your data processing in certain cases (contesting accuracy, unlawful processing, etc.).
You have the right to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.
You may object at any time to processing of your data based on legitimate interest, particularly for commercial prospection purposes.
If processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of prior processing.
You may define directives concerning the fate of your data after your death, in accordance with Article 85 of GDPR and applicable Estonian law (Personal Data Protection Act).
You have the right to lodge a complaint with the competent supervisory authority:
To exercise your rights, you may:
We undertake to respond within one (1) month from receipt of your request. This period may be extended by two months in case of complexity or multiplicity of requests.
Spixes implements all appropriate technical and organizational measures to guarantee a level of security adapted to the risk, including:
In case of personal data breach likely to pose a high risk to your rights and freedoms, we undertake to:
The Platform is strictly reserved for persons of legal age (18 years old).
Spixes does not knowingly collect personal data concerning minors.
If you are aware that a minor has provided personal data on the Platform, please contact us immediately at: contact@spixes.com.
We will proceed with immediate deletion of this data.
Use of cookies and tracking technologies is detailed in our Cookie Policy.
You can manage your cookie preferences at any time via the cookie management banner or your browser settings.
Spixes reserves the right to modify this Privacy Policy at any time, particularly to comply with any legal, regulatory or technical evolution.
Any substantial modification will be notified to you by:
Modifications will take effect thirty (30) days after their notification.
Continued use of the Platform after modifications take effect constitutes acceptance of the new policy.
For any question regarding protection of your personal data or to exercise your rights, you may contact:
This Privacy Policy is governed by Regulation (EU) 2016/679 (GDPR) and Estonian legislation on personal data protection (Personal Data Protection Act).