Language

Legal

Privacy policy

Last updated: April 2026

We take your privacy seriously. This is an English summary. The full Dutch (Nederlands) text on this site is the legally complete version, especially where it describes processing and retention in detail. By using our services you also refer to the Dutch version for precision.

1. Data controller

Eextase Boutique Hotel is responsible for processing personal data in connection with this website, bookings and your stay. Contact: info@eextase.nl.

2. Data we process

  • Booking and contact: name, email, phone, stay dates, room, guests, optional notes.
  • Payments: transaction status and method via Mollie; we do not receive full card or bank login details (processed by Mollie).
  • Check-in: identity verification and night register data as required by law (we do not copy your ID and do not record your citizen service number).
  • Admin logins: handled by Clerk (admin users only) with email and security session data.
  • Technical: IP, browser, pages visited, for security, debugging and limited analytics — see full Dutch text for full detail.

3. Purposes and legal basis (GDPR)

We process data only with a valid legal basis under the GDPR, including contract performance, legal obligation, legitimate interests (e.g. security) and, where needed, consent. The complete list is in the Dutch version.

4. Retention, processors, transfers

We keep data no longer than necessary (e.g. tax records up to 7 years). We use processors such as Mollie (payments), Convex (data hosting), Clerk (auth), and Vercel (hosting). Some providers are outside the EEA; transfers are safeguarded with Standard Contractual Clauses and appropriate measures. We do not sell your data.

5. Cookies, security, your rights, complaints

  • We use essential cookies only; further tracking would require your consent in advance via a future banner if introduced.
  • We use TLS (HTTPS) and follow industry-appropriate security practices. Payments are in PCI-DSS–certified systems via Mollie.
  • You have GDPR rights (access, rectification, erasure, restriction, objection, portability, withdraw consent) — request via the email address above, typically within one month.
  • You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl. For the legally complete statement and updates, the Dutch (NL) version of this page is authoritative.