Baunz Privacy Policy

1. Data Controller

The data controller is Baunz Limited, with registered office at 7 Florinis Street, Greg Tower, 1065, Nicosia, Cyprus

2. Types of Data Collected

Baunz collects and processes the following categories of personal data:

• Identifying data (first and last name)
• Contact details (email, phone number)
• Booking information (facility, date and time)
• Payment information (via Stripe)
• Messages or communications exchanged with Baunz support
• Usage and navigation data through analytics tools (e.g., Mixpanel, Sentry, technical and analytical cookies)
• OTP (One-Time Password) delivery data (e.g., email/phone number for login)

3. Purposes and Legal Bases for Processing

Personal data is processed for the following purposes:

• Managing bookings (contract performance)
• Processing payments (contract performance)
• Allowing facility owners operational access (legitimate interest)
• Fulfilling legal and tax obligations (legal obligation)
• Fraud prevention and security management (legitimate interest)
• Service communications (e.g., confirmations, cancellations, support)
• Analyzing usage and improving the platform (user consent where applicable)
• User authentication via OTP codes (contract performance / legitimate interest)

4. Data Processing and Security Measures

Data is processed using secure IT systems and organizational controls, including:

• TLS encryption in transit
• Two-factor authentication for admin access
• Logging and monitoring via Sentry
• Access restricted to authorized personnel only

Facility owners only view minimal booking data through a read-only dashboard and cannot export or save user data.

5. Data Retention

Personal data is retained:

• For the duration of the user contract
• For up to 14 days after the scheduled booking, in the facility owner dashboard
• For up to 10 years for legal, tax, or accounting obligations, where applicable

6. Data Subject Rights

Users may exercise the following rights at any time:

• Access their data
• Request correction of inaccurate or incomplete data
• Request deletion ("right to be forgotten")
• Restrict or object to processing
• Request data portability
• File a complaint with the Italian Data Protection Authority (Garante Privacy)

Requests should be sent to privacy@baunz.it.

7. Data Recipients and Transfers

Data may be shared only with:

• Authorized staff (e.g., Baunz team, system administrators)
• Service providers strictly necessary to operate Baunz (e.g., Stripe, Mixpanel, Sentry, OTP providers)
• Public authorities when required by law

Data is not transferred outside the European Economic Area (EEA) without appropriate safeguards.

8. Cookies and Tracking Technologies

Baunz uses technical and analytical cookies, as well as tools such as Mixpanel and Sentry, to improve platform performance. Upon first access, users may grant or withhold consent through a cookie banner.

More details are available in our separate Cookie Policy.

9. Profiling and Automated Decision-Making

Baunz does not carry out profiling or make decisions based solely on automated processing that produce legal or significant effects.

10. Changes to this Policy

Baunz reserves the right to update this policy at any time. Updates will be posted on the platform and will take effect from the date of publication.

For further information, contact privacy@baunz.it.