Privacy & Data Protection Policy (GDPR)

Last updated: February 2026

1. Introduction

Welcome to EHHA, an international non-profit association representing the short-term rental accommodation industry in Europe.

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and protect personal data when you visit our website https://ehha.eu, engage with our activities, or communicate with us.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data Controller

Association Name: EHHA

Registered Address:

Rue Abbé Cuypers 3, 1040 Etterbeek, Belgium

Email: info@ehha.eu

3. Who This Policy Applies To

This policy applies to:

  • Website visitors

  • Members and prospective members

  • Partner organizations

  • Industry stakeholders

  • Event participants

  • Newsletter subscribers

  • Individuals contacting us

4. Personal Data We Collect

Information You Provide Directly

We may collect:

  • Name and job title

  • Organization name

  • Email address

  • Phone number

  • Country and professional affiliation

  • Membership application information

  • Event registration details

  • Communications and correspondence

  • Newsletter subscription information

Information Collected Automatically

When you visit our website we may collect:

  • IP address

  • Browser type and version

  • Device information

  • Usage data and website interactions

  • Referring URLs

  • Cookie data

Information from Third Parties

Where applicable, we may receive data from:

  • Member organizations

  • Event partners

  • Public professional sources

  • Analytics providers

5. Purposes of Processing

We process personal data to:

  • Operate and maintain our website

  • Represent and advocate for the short-term rental sector

  • Manage membership and stakeholder relationships

  • Provide industry information and policy updates

  • Organize events, meetings, and consultations

  • Send newsletters and communications (where permitted)

  • Improve website functionality and user experience

  • Ensure security and prevent misuse

  • Comply with legal obligations

6. Legal Basis for Processing (GDPR Article 6)

We process personal data on the following legal grounds:

  • Consent — for newsletters, cookies, and optional communications

  • Contractual necessity — membership management and event participation

  • Legal obligation — regulatory compliance

  • Legitimate interests — advocacy activities, network management, and website improvement

Where processing is based on consent, you may withdraw consent at any time.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Ensure website functionality

  • Analyze website traffic

  • Improve user experience

  • Manage preferences

You may manage cookie settings through our cookie banner or browser controls.

8. Data Sharing and Recipients

We do not sell personal data.

We may share data with:

  • IT and website hosting providers

  • Email and communication service providers

  • Event management platforms

  • Professional advisors

  • Regulatory authorities where required by law

All service providers are required to process data in compliance with GDPR.

9. International Data Transfers

As an international association, personal data may be processed outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission

  • Transfers to countries with adequacy decisions

  • Contractual data protection obligations

10. Data Retention

We retain personal data only as long as necessary for:

  • Membership and stakeholder management

  • Event administration

  • Legal and regulatory compliance

  • Legitimate organizational purposes

When data is no longer required, it is securely deleted or anonymized.

11. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request erasure of your data

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with a data protection supervisory authority

12. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or loss.

13. Third-Party Websites

Our website may contain links to external websites. We are not responsible for their privacy practices or content.

14. Children’s Data

Our website and services are intended for professionals and organizations. We do not knowingly collect personal data from children under 16.

15. Changes to This Privacy Policy

We may update this policy from time to time. Updates will be published on this page with a revised “Last updated” date.

16. Contact

For questions regarding this Privacy Policy or our data protection practices:

EHHA

Email: info@ehha.eu

Address: Rue Abbé Cuypers 3, 1040 Etterbeek, Belgium