Privacy Policy

1. Who we are

This Privacy Policy describes how CSB II Holding B.V., trading as “Gonomi” (“Gonomi”, “we”, “us”), processes personal data in connection with the Gonomi hospitality experience platform (the “Platform”). We are established in the Netherlands and registered with the Dutch Chamber of Commerce under number 90012135.

For questions about this Policy or to exercise your rights, contact us at founders@getnomi.nl.

2. What data we collect

Depending on how you interact with us, we may process:

• Contact data: name, email address, phone number, company, role.
• Guest data: for guests of partner hotels, limited identifiers (e.g. name, room number, stay dates) and the content of messages exchanged via the Platform.
• Booking data: experiences requested or booked, preferences, payment status.
• Technical data: IP address, device and browser information, log files, cookies and similar technologies.

3. Why we process it

We process personal data to:

• provide and operate the Platform under our agreement with the hotel;
• respond to guest enquiries and facilitate experience bookings;
• reconcile and process payments together with our payment providers;
• improve the Platform and develop new features (in aggregated or pseudonymised form where possible);
• comply with legal, tax and accounting obligations.

We rely on the legal bases of contract performance, our legitimate interests in running and improving our business, consent (where required, e.g. for non-essential cookies), and compliance with legal obligations.

4. Sharing

We share personal data only as necessary:

• with partner hotels, in respect of their own guests;
• with experience suppliers, to fulfil a booking the guest has requested;
• with vetted service providers (hosting, payments, messaging, analytics) acting as processors under written agreements;
• with authorities or other third parties where required by law.

5. International transfers

Where personal data is transferred outside the European Economic Area, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

6. Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting or reporting requirements. Booking records are typically retained for seven (7) years in line with Dutch tax law.

7. Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your personal data, and the right to data portability. To exercise these rights, contact founders@getnomi.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration. No system is perfectly secure; we will notify the relevant parties of any personal data breach as required by law.

9. Changes

We may update this Policy from time to time. The current version is always available at this URL with an effective date at the top.