🔒 Privacy Policy - Hotel Bedding Ratings Extension (Text Version)
Last updated: September 2025

Data Controller:
Alex Christophe
Email: alex_christophe@hotmail.com
This extension is operated from Germany

1. Introduction

This Privacy Policy explains how the Hotel Bedding Ratings Chrome Extension ("we", "our", or "the Extension") collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG), and other applicable privacy laws.

2. Data We Collect

2.1 Hotel Rating Data

Hotel Information: Hotel name, address, and unique identifiers extracted from Booking.com pages
Rating Data: Your ratings for bed size, comfort, bedcover size/comfort, and pillow size/comfort
Submission Time: Date and time when ratings are submitted
2.2 Technical Data for Abuse Prevention

IP Address: Your internet connection's IP address (processed for rate limiting)
Browser Fingerprint: Technical characteristics of your browser (canvas rendering, screen resolution, timezone, hardware specs) to prevent duplicate submissions
3. Legal Basis for Processing (GDPR Article 6)

Legitimate Interest (Article 6(1)(f)): Processing rating data to provide hotel bedding quality information to other users
Legitimate Interest (Article 6(1)(f)): Processing IP addresses and browser fingerprints to prevent abuse and ensure data quality
Consent (Article 6(1)(a)): By using this extension and submitting ratings, you consent to data processing as described
4. How We Use Your Data

Rating Aggregation: Combine individual ratings to show percentage-based summaries (e.g., "62% found beds too soft")
Abuse Prevention: Limit submissions to 1 rating per hotel per week per IP address and browser
Service Improvement: Analyze usage patterns to improve the extension functionality
5. Data Sharing and Recipients

No Third-Party Sharing: We do not sell, rent, or share your personal data with third parties
Aggregated Data Only: Only anonymized, aggregated rating percentages are displayed to other users
Service Providers: Data is stored on MongoDB Atlas (cloud database) and processed via Render (cloud hosting) - both are GDPR-compliant services
6. Data Retention

Rating Data: Stored indefinitely to maintain historical rating accuracy
IP Addresses: Retained for 1 year for abuse prevention, then automatically deleted
Browser Fingerprints: Retained for 1 year for abuse prevention, then automatically deleted
7. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15): Request information about your personal data we process
Right to Rectification (Article 16): Request correction of inaccurate personal data
Right to Erasure (Article 17): Request deletion of your personal data under certain circumstances
Right to Restrict Processing (Article 18): Request limitation of processing under certain circumstances
Right to Data Portability (Article 20): Request your data in a structured, machine-readable format
Right to Object (Article 21): Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (does not affect lawfulness of prior processing)
8. Data Security

Encryption: All data transmission uses HTTPS encryption
Access Controls: Database access is restricted and authenticated
Regular Updates: Security measures are regularly reviewed and updated
Data Minimization: We collect only data necessary for the service functionality
9. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

Using cloud providers with GDPR compliance certifications
Standard Contractual Clauses (SCCs) where applicable
Adequacy decisions by the European Commission where available
10. Cookies and Local Storage

This extension does not use cookies. Limited local storage may be used to store extension preferences locally on your device.

11. Children's Privacy

This extension is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted with an updated "Last updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.

13. Contact Information

For privacy-related inquiries, data subject requests, or complaints:
Email:alex_christophe@hotmail.com
Response time: Within 30 days as required by GDPR

Data Protection Officer (if applicable):
[DPO Contact Information if you have one]

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

German Data Protection Authority:
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Website: www.bfdi.bund.de

15. Compliance

This extension and its data processing practices comply with:

EU General Data Protection Regulation (GDPR)
German Federal Data Protection Act (BDSG)
ePrivacy Directive
Chrome Web Store Developer Program Policies