Privacy Policy – TocoRate

TocoRate ("we", "us", "our") is a product of IT Nest Limited, a company registered in Hong Kong (Company No. 77297048) with a trading address at 66 Paul Street, London, EC2A 4NA, United Kingdom.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website (tocorate.com) and our competitor price monitoring service.

1. Data Controller

The data controller responsible for your personal data is:

IT Nest Limited
66 Paul Street, London, EC2A 4NA, United Kingdom
Email: [email protected]

EU/EEA Representative (GDPR Article 27):
Prighter Group GmbH
Schellinggasse 3/10, 1010 Vienna, Austria
Portal: https://app.prighter.com/portal/15136688062

2. What Data We Collect

Data you provide directly:

Name and email address (when you contact us or sign up)
WhatsApp or Telegram contact details (when you message us)
Business name and property details (when you subscribe to our service)
Competitor property lists (hotels/rentals you ask us to monitor)
Payment information (processed by Stripe; we do not store card details)

Data collected automatically when you visit our website:

IP address
Browser type and version
Pages visited and time spent
Referring website
Device type and screen resolution

We use Cloudflare Web Analytics for website analytics, which does not use cookies and does not track individual users across sites.

3. How We Use Your Data

We use your personal data for the following purposes:

Service delivery: To set up and operate your competitor price monitoring, generate reports, and deliver them to you via email, WhatsApp, or Telegram.
Communication: To respond to your inquiries, send service-related notifications, and provide customer support.
Billing: To process payments and send invoices.
Service improvement: To understand how our website and service are used and to improve them.
Legal compliance: To comply with applicable laws and regulations.

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

Contract performance (Article 6(1)(b)): Processing necessary to deliver the service you subscribed to.
Legitimate interest (Article 6(1)(f)): Website analytics, service improvement, and fraud prevention.
Consent (Article 6(1)(a)): Where you have given explicit consent, such as opting in to marketing communications.
Legal obligation (Article 6(1)(c)): Where processing is required by law.

5. Data Sharing

We share your personal data only with the following categories of recipients, and only to the extent necessary:

Stripe, Inc. – payment processing
DataForSEO – competitor price data retrieval (we send hotel identifiers only, not your personal data)
Cloudflare, Inc. – website hosting and analytics
Email delivery services – to send you reports and communications

We do not sell your personal data to third parties. We do not share your data with advertisers.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and Hong Kong. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. After you cancel your subscription:

Account and contact data: deleted within 90 days
Price monitoring data and reports: deleted within 90 days
Billing records: retained for 7 years as required by applicable tax law
Website analytics data: aggregated and anonymized, no personal data retained

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate personal data.
Erasure: Request deletion of your personal data.
Restriction: Request restriction of processing of your personal data.
Portability: Request transfer of your personal data in a machine-readable format.
Objection: Object to processing based on legitimate interest.
Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are in the EU/EEA, you may also contact our EU Representative at https://app.prighter.com/portal/15136688062.

You have the right to lodge a complaint with a supervisory authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk. For EU residents, contact your local data protection authority.

9. Cookies

Our website does not use cookies for tracking or analytics. Cloudflare Web Analytics operates without cookies and without collecting personally identifiable information.

If we introduce cookies in the future, we will update this policy and implement appropriate consent mechanisms.

10. Children

Our service is intended for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS/SSL), secure access controls, and regular security reviews.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top. We encourage you to review this page periodically. Material changes will be communicated via email to active subscribers.

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

IT Nest Limited
66 Paul Street, London, EC2A 4NA, United Kingdom
Email: [email protected]