RoomForDay.com Privacy Policy Last updated: June 9, 2025 1. Introduction and Identity of the Data Controller Welcome to RoomForDay.com (hereinafter "we", "our", or "RoomForDay"). We are strongly committed to protecting the confidentiality of your personal data. This privacy policy aims to inform you transparently about how we collect, use, share, and protect your data when you use our website and services. The data controller for your data is [Name of your legal entity, e.g., IZZY], whose registered office is located at [Full address of your registered office] and can be contacted at the email address: dataprivacy@dayuse.com. 2. Key Definitions To facilitate your understanding of this policy, here are some important definitions: Personal Data: Any information relating to an identified or identifiable natural person (e.g., a name, an email address, an IP address). Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means (e.g., collection, recording, organization, storage, retrieval, consultation, use, disclosure, destruction). Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal data. Data Subject: The natural person to whom the processed personal data relates (that's you!). GDPR: The General Data Protection Regulation (EU Regulation 2016/679 of April 27, 2016), which is the main European data protection law. 3. The Personal Data We Collect We collect personal data in different ways, depending on how you interact with our services: 3.1. Data you provide directly to us When you use our site or services, you may provide us with information directly, particularly when: Creating an account: Name, first name, email address, phone number, password. Making a reservation: Information necessary for the reservation (hotel details, dates, specific services, special requests), payment information (credit card number, expiration date, security code - note: please specify here if you do not store this information and use a secure payment provider who handles this data). Communicating with us: Messages you send us via contact forms, email, phone, or chat. Subscribing to our newsletters or alerts: Your email address. Participating in surveys, contests, or promotions.

3.2. Data collected automatically When you browse our site, we automatically collect certain information through technologies such as cookies. This data may include: Connection information: Your IP address, browser type, operating system, unique device identifiers. Website usage data: The pages you have visited, the time spent on our site, actions performed (clicks, searches), the website that referred you to RoomForDay.com. Location data: If you enable the location function on your device and consent to it. 4. Purposes and Legal Bases for Processing We process your personal data only when we have a valid legal basis to do so. Here are the main purposes for which we use your data and the corresponding legal bases: Managing your reservations and performing services (Legal basis: Performance of a contract): We use your data to process, confirm, and manage your hotel reservations, handle payments, and provide you with the hotel services you have booked through RoomForDay. Managing your user account (Legal basis: Performance of a contract): Your information is necessary to allow you to create, access, and manage your RoomForDay account, including viewing your reservations and preferences. Communicating with you (Legal basis: Performance of a contract or Legitimate interest): We may send you reservation confirmation emails, stay reminders, important information related to our services, or respond to your questions and support requests. Sending marketing communications and newsletters (Legal basis: Your consent): With your explicit consent, we may send you newsletters, special offers, and personalized promotions about our services or those of our partners. You have the right to withdraw this consent at any time. Improving our services and user experience (Legal basis: Legitimate interest): We analyze the use of our site and services to understand how users interact with RoomForDay.com. This allows us to optimize our features, ergonomics, the relevance of our offers, and resolve any technical issues. Website security and fraud prevention (Legal basis: Legitimate interest and/or Legal obligation): We implement measures to protect our systems, detect and prevent fraudulent activities, and ensure the security of our users and services. Compliance with legal and regulatory obligations (Legal basis: Legal obligation): We process your data to comply with applicable laws, regulations, and legal requests from competent authorities (e.g., tax, accounting obligations). 5. Recipients of Your Personal Data Your personal data may be shared with the following categories of recipients, only to the extent necessary and in accordance with this policy: Hotels and partner establishments: To finalize and manage your reservation, we transmit the necessary information (name, first name, stay dates, specific preferences) to the hotel concerned. Third-party service providers: We use third-party companies to help us provide our services. This includes, for example, secure payment providers, data analytics solutions (like Google Analytics), hosting services, email sending platforms, customer support services. These providers act on our behalf and are subject to strict contractual obligations of confidentiality and data protection. Legal and regulatory authorities: We may be required to disclose your data if required by law, regulation, a court order, or an official request from an administrative authority. In the event of a merger or acquisition: If RoomForDay.com or our legal entity [Name of your legal entity] is involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the third party concerned.

5. Recipients of Your Personal Data Your personal data may be shared with the following categories of recipients, only to the extent necessary and in accordance with this policy: Hotels and partner establishments: To finalize and manage your reservation, we transmit the necessary information (name, first name, stay dates, specific preferences) to the hotel concerned. Third-party service providers: We use third-party companies to help us provide our services. This includes, for example, secure payment providers, data analytics solutions (like Google Analytics), hosting services, email sending platforms, customer support services. These providers act on our behalf and are subject to strict contractual obligations of confidentiality and data protection. Legal and regulatory authorities: We may be required to disclose your data if required by law, regulation, a court order, or an official request from an administrative authority. In the event of a merger or acquisition: If RoomForDay.com or our legal entity [Name of your legal entity] is involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the third party concerned. 6. Transfer of Data Outside the EU/EEA In certain cases, your personal data may be transferred to countries outside the European Economic Area (EEA) if our service providers or partners are based there. In such situations, we ensure that appropriate safeguards are in place to ensure a level of data protection equivalent to that of the GDPR. These safeguards may include, for example, the use of Standard Contractual Clauses (SCCs) adopted by the European Commission, or adequacy decisions where the European Commission has recognized that the third country offers an adequate level of data protection. 7. Retention Period of Your Data Your personal data is retained for no longer than is necessary for the purposes for which it is processed, and in compliance with applicable legal and regulatory obligations: Your user account data is retained as long as your account is active. In case of prolonged inactivity (generally 3 years) or account deletion by you, your data will be anonymized or deleted, unless a legal obligation requires us to retain it longer. Data relating to your reservations is retained for the period necessary for the performance of the contract and post-contractual legal obligations (e.g., tax and accounting obligations, generally 10 years). Data used for direct marketing purposes (sending newsletters, offers) is retained for a maximum period of three years from the last contact with the data subject, unless you withdraw your consent before this deadline. Cookies are retained for a maximum duration of thirteen (13) months from their placement on your terminal.

8. Your Data Protection Rights In accordance with the General Data Protection Regulation (GDPR) and applicable laws, you have the following rights regarding your personal data: Right of access: Obtain confirmation that your data is being processed and obtain a copy of it. Right to rectification: Request the correction of inaccurate or incomplete data concerning you. Right to erasure ("right to be forgotten"): Request the deletion of your personal data under certain conditions (e.g., if the data is no longer necessary for the purposes for which it was collected). Right to restriction of processing: Request the suspension of the processing of your personal data in certain cases (e.g., while verifying the accuracy of the data). Right to object: Object to the processing of your data for certain purposes, particularly for reasons relating to your particular situation, or for direct marketing. Right to data portability: Receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and transmit it to another data controller. Right to withdraw your consent: Where the processing of your data is based on your consent (e.g., for sending newsletters), you can withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Right to lodge a complaint with the CNIL: If you believe your rights have not been respected, you have the option to lodge a complaint with the competent supervisory authority in France, the Commission Nationale de l'Informatique et des Libertés (CNIL). Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 Website: www.cnil.fr To exercise these rights, you can contact us at the dedicated email address: dataprivacy@dayuse.com. We commit to responding to your request within one month. 9. Security of Your Data We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction. These measures include: Pseudonymization and/or encryption of certain data. Firewalls and intrusion detection systems. Physical and logical access controls to premises and systems. Regular backup procedures. Awareness and training of our staff on data protection. Despite our efforts, no method of transmission over the Internet or electronic storage is entirely secure. Therefore, we cannot guarantee absolute security.

10.4. Managing your cookie preferences When you first visit our site, a cookie consent banner allows you to choose whether to accept or refuse certain types of cookies. You can modify your cookie preferences at any time via the link [Insert here the link to your cookie management tool, generally located in the site's footer or a link like "Manage my cookies"] or by adjusting your web browser settings. Disabling certain cookies (particularly strictly necessary cookies) may affect our site's functionality and render some parts of the site unusable. 11. Changes to the Privacy Policy We may modify this privacy policy to adapt it to any new practice, technological evolution, or applicable legislation and regulation. Any modification will come into effect upon its publication on this page. The date of the last update will be indicated at the top of this page. We encourage you to regularly consult this page to stay informed of any updates.