Applicable to all Users (Guests, Hosts, and Organizations)
Operated by Tomin Group International Inc. (Monkstays) — Québec, Canada
legal@monkstays.com www.monkstays.com
Effective Date: January 1st, 2026.
1. Purpose and Scope
1.1 Purpose.
This Privacy Policy (“Policy”) explains how Monkstays collects, uses, stores, shares, and protects personal information obtained through its digital hospitality marketplace platform.
1.2 Scope.
It applies to every person or organization (“User”) who visits the Platform, creates an account, lists accommodations, or completes a booking.
1.3 Legal Basis.
Processing complies with Québec’s Act respecting the protection of personal information in the private sector (Law 25), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and—where applicable—the EU General Data Protection Regulation (GDPR).
2. Data Controller and Contact
2.1 The controller of personal information is Tomin Group International Inc., operating as Monkstays, Québec, Canada.
2.2 Questions, access requests, or complaints may be directed to:
Email: legal@monkstays.com Subject: Privacy Request.
3. Information Collected
3.1 Contact Data: email, postal address, phone number.
3.2 Account and Profile Data: login credentials, communication preferences, and booking history.
3.3 Financial Data: payment information processed securely by authorized payment service providers; Monkstays does not store card numbers. Payment processing is handled by PCI-DSS-compliant third-party providers (Stripe), which act as independent data controllers for payment information.
3.4 Usage Data: IP address, device type, browser information, cookies, and analytics logs.
3.5 Verification Data: documents or photos submitted for identity or institutional verification.
3.6 Communications: messages exchanged through the Platform’s internal system.
3.7 Optional Spiritual Context Data: when voluntarily shared, e.g., retreat preferences; collected only when voluntarily provided by the User and processed under explicit consent where legally required.
4. Purposes of Processing
4.1 To create and manage user accounts and verify identity.
4.2 To process and confirm bookings, payments, and refunds.
4.3 To ensure platform safety, fraud prevention, and dispute resolution.
4.4 To communicate service updates, confirmations, and lawful marketing notices.
4.5 To comply with tax, audit, and record-keeping obligations.
4.6 To analyze usage trends and improve platform performance.
4.7 To respect religious and contemplative environments while maintaining lawful neutrality.
5. Legal Bases for Processing
Processing is carried out under one or more of the following bases:
(a) User consent;
(b) performance of a contract (booking or host agreement);
(c) compliance with legal obligations;
(d) legitimate interest in operating a secure and efficient marketplace.
6. Data Sharing and Recipients
6.1 Hosts and Guests. Essential booking data is shared only between the confirmed Host and Guest.
6.2 Service Providers. Limited data may be shared with authorized infrastructure, technology, and payment service providers who assist Monkstays in delivering its services. All such providers operate under strict confidentiality and data protection agreements. Service providers are prohibited from using personal data for their own marketing or independent commercial purposes.
6.3 Authorities. Information may be disclosed when legally required or to enforce the Terms of Service.
6.4 No Sale. Monkstays never sells personal data to third parties.
7. International Transfers and Storage
7.1 Personal information is stored on secure servers located in Canada, European Economic Area (EEA), and/or other jurisdictions with comparable data protection standards, depending on the location of authorized service providers.
7.2 Canada is recognized by the European Commission as providing an adequate level of protection for commercial organizations under PIPEDA.
7.3 Appropriate contractual safeguards (Standard Contractual Clauses) are applied for any cross-border transfer.
8. Data Retention
8.1 Information is retained as long as necessary to:
(a) maintain an active account;
(b) fulfill bookings and obligations;
(c) comply with tax, legal, or audit requirements;
(d) prevent fraud and resolve disputes.
8.2 Inactive data is securely deleted or anonymized after statutory retention periods expire.
9. User Rights
Depending on the jurisdiction, Users may:
(a) access and obtain a copy of their data;
(b) request correction of inaccuracies;
(c) withdraw consent and request erasure (“right to be forgotten”);
(d) restrict or object to processing;
(e) request data portability;
(f) file a complaint with the Commission d’accès à l’information du Québec, or users located in the European Economic Area may also contact their local supervisory authority or another regulator.
Requests can be made via legal@monkstays.com. Proof of identity may be required.
10. Cookies and Tracking
10.1 Monkstays uses functional and analytical cookies to operate the Platform.
10.2 Users may manage cookie preferences through browser settings; disabling cookies may limit certain features. Non-essential cookies (such as analytics or marketing cookies) are activated only after User consent through the Platform’s cookie consent mechanism.
10.3 Users may withdraw or modify cookie consent at any time through the “Cookie Settings” link available on the Platform.
11. Data Security
11.1 All communications and transactions are protected by TLS/SSL encryption.
11.2 Personal data is stored in encrypted databases with access limited to authorized staff bound by confidentiality.
11.3 Regular backups and security audits are performed to prevent unauthorized access, loss, or alteration. In the event of a confidentiality incident presenting a risk of serious harm, Monkstays will notify affected individuals and the Commission d’accès à l’information du Québec as required by Law 25.
12. Children’s Privacy
Monkstays is not directed to persons under 18 years of age. Users must be at least 18 years old to create an account or make bookings.
13. Automated Decisions and Profiling
Monkstays does not make decisions solely based on automated processing that produces legal or similarly significant effects on Users.
14. Updates to this Policy
14.1 Monkstays may revise this Policy to reflect legal or operational changes.
14.2 The updated version will bear a new “Effective Date” and be published on the Platform. Continued use constitutes acceptance.
15. Governing Law
This Policy is governed by the laws of Québec and Canada. Any dispute shall be brought before the civil courts of Montréal, Québec.
16. Account Deletion
Users may request deletion of their account by contacting legal@monkstays.com. Certain data may be retained where legally required.
End of Monkstays Privacy Policy (English Version)