Privacy Statement - Beachfront Only Application
Last Updated: November 17, 2023
The Beachfront Only guest application and the services supporting its functionality are developed and maintained by DACK, Inc. for Beachfront Only Vacation Rentals. In this document, "we" and "us" refer to DACK, Inc. providing services on behalf of Beachfront Only.
Your privacy is important to us. This privacy statement explains our collection, use, and disclosure of personal data related to individuals logged into our apps (“guests”) as well as to visitors to our apps, devices, and other products and services (“visitors”) (the “sites and services”). This privacy statement applies to DACK, Inc. and to our controlled affiliates and subsidiaries (“DACK”). This statement applies to our sites and services that display or reference this statement, but it does not apply to any sites and services that display or reference a different privacy statement.
Some of DACK’s sites and services are intended for and provided to businesses and other organizations, and not individual consumers or end-users (such as our guests or visitors). In some cases, in providing those sites and services, we process personal data of operators, guests, or visitors at the direction of our enterprise customers. When we do, we do so as a service provider or a “data processor” to those organizations, but we do not control and are not responsible for the privacy practices of those organizations. This privacy statement does not apply to personal data we process as a service provider or data processor on behalf of our enterprise customers. If you are a consumer end-user of one of those organizations, you should read that organization’s privacy statement and direct any privacy inquiries to that organization.
PERSONAL DATA WE COLLECT
The personal data we collect depends on how you interact with us, the sites and services you use, and the choices you make.
We collect information about you from different sources and in various ways when you use our sites and services, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.
Information you provide directly. We collect personal data you provide to us. For example:
• Name and contact information. We collect name and contact details such as email address, postal address, and phone number.
• Demographic data. In some cases, such as when you participate in surveys, we request that you provide age and similar demographic details.
• Payment information. If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.
• Content and files. We collect the photos, documents, descriptions, or other files you upload to our sites and services; and if you send us email messages or other communications, we collect and retain those communications.
• Biometric information. When an operator wishes to authenticate guests, guests can choose to provide a copy of their government-issued identification and take a photograph of their face each of which will be scanned and matched for the purposes of authenticating the guest’s identity.
Information we collect automatically. When you use our sites and services, we collect some information automatically. For example:
• Identifiers and device information. When you visit our websites or app, our servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the Mobile IDs and Similar Technologies section below, our websites and online sites and services store and retrieve mobile IDs and other data.
• Geolocation data. Depending on your device and app settings, we collect precise geolocation data when you use our apps or online sites and services.
• Usage data. We automatically log your activity on our websites, apps and connected products, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.
• Other sensor data. We log your use of smart devices (connected smart locks and thermostats) if those devices are integrated with our services at your accommodations.
Information we create or generate. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.
Information we obtain from third-party sources. We also obtain any of the above categories of information from third parties. These third-party sources include, for example:
• Data brokers. Data brokers and aggregators from which we obtain data to supplement the data we collect.
• Third party partners. Third party applications and sites and services, including social networks you choose to connect with or interact with through our sites and services.
• Co-branding/marketing partners. Partners with which we offer co-branded sites and services or engage in joint marketing activities.
• Service providers. Third parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.
• Publicly available sources. Public sources of information such as open government databases.
• Other users. Operators and guests may manually input information about guests and visitors in our site and sites and services.
When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain sites and services or features, those sites and services or features may not be available or fully functional.
MOBILE IDs AND SIMILAR TECHNOLOGIES
We use mobile analytics, mobile IDs, and similar technologies to operate our services and to help collect data, including usage data, identifiers, and device information.
What are mobile IDs and similar technologies?
Mobile analytics and mobile IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our third-party analytics to access these mobile IDs.
How do we and our partners use mobile IDs and similar technologies?
We, our analytics partners and third-party providers, use these technologies in our app or their services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when accessed through our service, including personal information about your online activities over time and across different websites or online sites and services. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes.
We use Mixpanel as our third-party analytics for our mobile apps. More information about Mixpanel is available here: https://mixpanel.com/legal/privacy-policy/
To learn about their privacy practices, click on the link above.
What controls are available?
• Account deletion. On our iOS app you may initiate an account deletion. Please contact privacy@dackinc.com for Android.
• Contact DACK. Please contact privacy@dackinc.com for data deletion, opt out and privacy requests.
OUR USE OF PERSONAL DATA
We use the personal data we collect for purposes described in this privacy statement or otherwise disclosed to you. For example, we use personal data for the following purposes:
Purposes of Use - Categories of Personal Data
Product and service delivery. To provide and deliver our services, including troubleshooting, improving, and personalizing those sites and services.
Categories: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences
Business operations. To operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
Categories: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, sensor data, inferences
Product improvement, development, and research. To develop new services or features, and conduct research.
Categories: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, sensor data, inferences
Personalization. To understand you and your preferences to enhance your experience and enjoyment using our sites and services.
Categories: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, sensor data, inferences
Customer support. To provide customer support and respond to your questions.
Categories: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, sensor data, inferences
Communications. To send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
Categories: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, sensor data, inferences
Marketing. To communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners (see the Choice and Control section of this privacy statement for how to change your preferences for promotional communications).
Categories: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, sensor data, inferences
We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.
OUR SHARING OF PERSONAL DATA
We share personal data with your consent or as necessary to complete your transactions or provide the sites and services you have requested or authorized. In addition, we share each of the categories of personal data described above, with the types of third parties described below, for the following business purposes:
• Public information. You may select options available through our sites and services to publicly display and share your name and/or username and certain other information, such as your profile, demographic data, content and files, or geolocation data.
• Third parties you interact with. When you choose to interact with third party sites and services or interact with third parties on our app, for example, to rent a scooter or provide property management services to you, those third parties may receive information about you, including your name and other contact information, and other information like demographic data, device information and identifiers, content and files, or geolocation data.
• Service providers. We share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and sites and services may need access to personal data to provide those functions.
• Financial sites and services & payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial sites and services.
• Affiliates. We enable access to personal data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access is needed to provide our sites and services and operate our business.
• Corporate transactions. We may disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
• Legal and law enforcement. We will access, disclose, and preserve personal data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
• Security, safety, and protecting rights. We will disclose personal data if we believe it is necessary to:
o protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
o operate and maintain the security of our sites and services, including to prevent or stop an attack on our computer systems or networks; or
o protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
Third party analytics companies also collect personal data through our apps including identifiers and device information (such as device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data. These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others.
Please note that some of our sites and services include integrations, references, or links to sites and services provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or allow us to share personal data with them, that data is governed by their privacy statements.
Finally, we may share de-identified information in accordance with applicable law.
CHOICE AND CONTROL OF PERSONAL DATA
Access, correction, and deletion. If you wish to access, correct, or delete personal data about you that we hold, you may access your account by logging into the DACK sites and services you use. Additionally, you can delete your account from the profile tab inside the app.
If you are unable to access certain personal data we have via the means described above, you can request access by contacting us as described at the bottom of this privacy statement. However, to the extent permitted by applicable law, we reserve the right to charge a fee or decline requests that are unreasonable or excessive, where providing the data would be prohibited by law or could adversely affect the privacy or other rights of another person, where deleting data would interfere with a legal or business obligation that requires retention of the data, or where we are unable to authenticate you as the person to whom the data relates.
Communications preferences. You can choose whether to receive promotional communications from us by email, SMS, and telephone. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in that message or by contacting us as described in the Contact Us section below. These choices do not apply to certain informational communications including surveys and mandatory service communications.
Choices for Mobile IDs and Similar Technologies. See the Mobile IDs section for choices on other analytics and controls.
EUROPEAN DATA PROTECTION RIGHTS
If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:
• You can request access to, and rectification or erasure of, personal data;
• If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
• If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing;
• You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
• For residents of France, you can send us specific instructions regarding the use of your data after your death.
To make such requests or contact our Data Protection Officer, please use the contact information at the bottom of this statement. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the sites and services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests.
CALIFORNIA “SHINE THE LIGHT” DISCLOSURE
Under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.
RETENTION OF PERSONAL DATA
We retain personal data for as long as necessary to provide the sites and services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different sites and services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example,
• When inviting guests to join your reservation, you may grant DACK permission to access your phone’s contacts; however, it is not required, and we only store invited guests’ name, phone number, and email so they can sign up and view your reservation.
• DACK requests your current location and passes it to navigation apps as a starting location when you want directions to the unit, but we do not store your location data or collect it other than when you want directions.
• We store your phone number, name, and email associated with your account to pair you to your reservations. We retain this data so that you can immediately access reservations booked in the future.
LOCATION OF PERSONAL DATA
The personal data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. The storage location(s) are chosen to operate efficiently and improve performance. We take steps designed to ensure that the data we collect under this statement is processed and protected according to the provisions of this statement and applicable law wherever the data is located.
Location of Processing European Personal Data. We transfer personal data from the European Economic Area (EEA), United Kingdom (UK), and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
SECURITY OF PERSONAL DATA
We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction.
To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
CHANGES TO THIS PRIVACY STATEMENT
We will update this privacy statement when necessary to reflect changes in our sites and services, how we use personal data, or the applicable law. When we post changes to the statement, we will revise the "Last Updated" date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.
HOW TO CONTACT US
If you have a privacy concern, complaint, or a question for DACK please contact us at privacy@dackinc.com
Our address is 12100 Wilshire Blvd Ste 800 Los Angeles CA 90025 Telephone: +1 213 293-9738
Our data protection representative for the European Economic Area and Switzerland can be reached at privacy@dackinc.com or 12100 Wilshire Blvd Ste 800 Los Angeles CA 90025 Telephone: +1 213 293-9738