Privacy Policy

Holiday Home NordHuys — How we handle your personal data

Version 1.0  ·  Effective 1 July 2026
This Privacy Policy explains how IXM3 BV processes personal data in connection with direct bookings of the holiday home “NordHuys”, located at Klemskerkestraat 26, 8450 Bredene, Belgium, in Holiday Park Zeewind II. This Privacy Policy should be read together with our Booking Terms.

1. Who we are

The data controller is:

IXM3 BV
Mezenstraat 80
3060 Leefdaal, Belgium
VAT / enterprise number: BE 1015.479.835
E-mail: michael.debruyn88@gmail.com

In this Privacy Policy, “we”, “us” and “our” refer to IXM3 BV.

2. Personal data we process

We may process the following personal data:

  • Booking and contact details: name, address, e-mail address, telephone number, booking dates, number of guests, age category of guests, arrival time and booking preferences.
  • Billing and payment details: billing details, amounts paid, payment status, bank-transfer details, Stripe payment reference and refund information. We do not store full card details.
  • Guest information: information reasonably required to manage the Booking, including pet information, vehicle details, proof of identity where reasonably required, and information required for tourist-tax, registration, safety or legal obligations.
  • Stay and access information: check-in and check-out details, access instructions, key or access-device information, smart-lock or digital-access codes where used, and communications during the Stay Period.
  • Security deposit and damage information: information relating to damage, missing items, excessive cleaning, late check-out, nuisance, breach of park rules, deductions from the Security Deposit and supporting evidence such as descriptions, invoices or photos.
  • Communication and complaint data: e-mails, messages, complaints, requests, reviews, feedback and any related correspondence.
  • Wi-Fi and security-related information: information necessary to provide, secure or manage Wi-Fi access, digital access, technical issues or misuse reports, where applicable.

3. Why we process personal data

We process personal data for the following purposes:

  • to receive, assess, confirm, manage and administer booking requests and Bookings;
  • to communicate with Guests before, during and after the Stay Period;
  • to process payments, refunds, Security Deposits, invoices and accounting records;
  • to provide check-in instructions, access to the Accommodation and practical stay information;
  • to comply with tourist-tax, accounting, tax, safety, registration and other legal obligations;
  • to manage House Rules, park rules, security, damage, lost items, complaints and disputes;
  • to prevent fraud, misuse, unlawful Wi-Fi use, unauthorised group bookings, nuisance or damage; and
  • to establish, exercise or defend legal claims.

4. Legal bases

We process personal data on the following legal bases under the GDPR:

  • Performance of a contract — where processing is necessary to handle booking requests, confirm and perform Bookings, provide access to the Accommodation, communicate with the Guest and manage payments.
  • Legal obligation — where processing is necessary for accounting, tax, tourist-tax, safety, registration or other statutory obligations.
  • Legitimate interests — where processing is necessary to protect the Accommodation, manage Security Deposit deductions, prevent damage or misuse, handle complaints, maintain evidence, recover amounts due, secure access systems and defend legal claims.
  • Consent — where legally required, for example for certain optional communications or non-essential cookies, if used.

The GDPR requires controllers to inform data subjects about the purposes, legal bases, recipients, retention periods and rights relating to the processing of personal data.

5. Who receives personal data

We may share personal data with the following recipients where necessary:

  • payment service providers, including Stripe, banks and card/payment providers;
  • accountants, tax advisers, legal advisers and insurers;
  • IT, hosting, website, booking-form, e-mail, cloud-storage, smart-lock or technical service providers;
  • cleaning, maintenance, repair, key-management or property-support providers;
  • Holiday Park Zeewind II or park management where necessary for access, safety, nuisance, park-rule compliance or incident handling;
  • public authorities, police, courts, tax authorities or local authorities where required by law or necessary to comply with a legal obligation or to establish, exercise or defend a legal claim.

Stripe and other payment providers may process payment data under their own terms and privacy notices.

6. International transfers

We aim to process personal data solely within the European Economic Area. Where a service provider processes personal data outside the EEA, we will rely on appropriate safeguards where required, such as an adequacy decision or standard contractual clauses.

7. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes described above.

As a general rule:

  • booking, payment, invoice and accounting records are kept for the statutory accounting and tax retention period;
  • booking correspondence and guest administration are kept for as long as necessary to manage the Booking and any related claims;
  • Security Deposit, damage, complaint and dispute records may be kept until the matter is resolved and for the applicable limitation period;
  • access codes are deactivated after the Stay Period, unless earlier deactivation is required for security reasons;
  • optional marketing data, if any, is kept until consent is withdrawn or the communication is no longer relevant.

8. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure or alteration.

Access to personal data is limited to persons and service providers who need it for the purposes described in this Privacy Policy.

9. Your rights

Subject to the conditions and limits under the GDPR, you may have the right to:

  • access your personal data;
  • correct inaccurate or incomplete personal data;
  • request deletion of your personal data;
  • restrict processing;
  • object to processing based on legitimate interests;
  • receive certain personal data in a portable format;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the competent data protection authority. In Belgium, the competent authority is the Gegevensbeschermingsautoriteit / Autorité de protection des données.

10. How to contact us

For privacy questions or to exercise your rights, contact us at:

IXM3 BV
Mezenstraat 80
3060 Leefdaal, Belgium
VAT / enterprise number: BE 1015.479.835
E-mail: michael.debruyn88@gmail.com

We may ask you to provide reasonable information to verify your identity before responding to a request.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be made available on the Website or Booking Page.

© IXM3 BV. All rights reserved.