Privacy Policy

Privacy Policy

Last Updated: March 10th, 2026

This Privacy Policy (this “Policy”) describes how Luxury Lodges US Holdings, LLC, together with its subsidiaries and affiliates (collectively, “Beckons”, “we”, “us”, or “our”), may collect, use, disclose, and otherwise process personal information in connection with our hospitality and experiential travel services.

This Policy applies to personal information collected through our websites, booking and reservation systems, on-property interactions, and other touchpoints throughout your relationship with us. If you have questions about this Policy or our privacy practices, please contact us using the details in the HOW TO CONTACT US section below.

I. SCOPE

This Policy applies to personal information that we collect directly from you, that you provide to us, or that we receive from third parties in connection with our hospitality and experiential travel operations. This includes information relating to guests and prospective guests, individuals who make inquiries or communicate with us, visitors to our websites and digital platforms, individuals whose information is provided to us in connection with bookings or experiences, business contacts (including travel agents, partners, and suppliers), and job applicants.

This Policy does not apply to our current or former employees, contractors, or service providers acting in that capacity, or to their family members, dependents, or beneficiaries with respect to personal information we collect in the employment context. Information about our employment-related privacy practices is available in our separate employee privacy notice.

Certain jurisdictions provide additional privacy rights or impose specific obligations. Where applicable, jurisdiction-specific information is included in the JURISDICTIONAL SUPPLEMENTS section at the end of this Policy.

II. PERSONAL INFORMATION WE COLLECT

For purposes of this Policy, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual.

We collect personal information that is reasonably necessary to operate our properties, provide our services, communicate with you, personalize and improve guest experiences, and comply with applicable legal obligations. The categories of personal information we collect may include:

Contact and Identification Information. We may collect your name, professional title, date of birth, postal address, email address, telephone number, preferred language, and communication preferences.

Reservation, Transaction, and Preference Information. We may collect information relating to reservation details (such as arrival and departure dates, accommodation type, number of guests, and package selections), transaction history and payment status, and preferences you choose to share (including room, dining, activity, and accessibility preferences). Where you book through a travel agent or intermediary, we receive the information necessary to fulfill your reservation.

Travel and Itinerary Information. We may collect flight details, transportation arrangements, and related information to facilitate your arrival and coordinate experiences on your behalf.

On-Property and Guest Service Information. During your stay, we may collect information relating to your use of property amenities, services requested, experiences participated in, purchases made, feedback provided, and any incidents or issues that arise during your stay.

Images and Recordings. We may operate closed-circuit television cameras in public areas for security and safety purposes, which may capture images of you. We may also take photographs or videos during property events or experiences.

Location Information. We may collect approximate location information derived from IP address or similar technologies when you interact with our websites. We do not intentionally collect precise geolocation data (such as GPS-level location) unless you expressly enable location-based features on your device in connection with a specific service.

Website and Digital Interaction Information. When you visit our websites or interact with our digital platforms, we may automatically collect technical and usage information such as IP address, browser type, device and operating system, referring website, pages viewed, features used, and information collected through cookies and similar technologies. Please see COOKIES AND OTHER TRACKING TECHNOLOGIES below for more information.

Inferences. We may derive or generate inferences about you from other personal information we collect, such as preferences, interests, and anticipated needs, to personalize services and communications.

Information about Others. We may collect personal information about other individuals when you provide it to us, such as travel companions, family members, or emergency contacts. By providing this information, you represent that you are authorized to do so and that you have informed those individuals that their personal information has been shared with us and directed them to this Policy.

Employment and Recruitment Information. If you apply for a role with us, we may collect information relevant to evaluating your candidacy, such as resumes, employment history, education, references, and other interview materials.

Other Information You Provide. We may collect other information that you voluntarily provide to us, including through forms, surveys, promotions, or other interactions with us.

Sensitive Personal Information

Some privacy laws distinguish between ordinary personal information and information that is classified as “sensitive,” “special category,” or otherwise subject to heightened protections. The classification and legal requirements applicable to a particular data type vary depending on the jurisdiction.

Where necessary to provide our services or comply with applicable law, we may collect and use the following types of personal information, which may be considered sensitive under some privacy laws:

Health and Dietary Information. Where you voluntarily provide it, we may collect information relating to medical conditions, allergies, mobility requirements, or dietary restrictions relevant to your stay or experiences. We use this information solely to accommodate your needs and provide safe and appropriate services.

Payment and Billing Information. We may collect payment card details, billing addresses, and related financial information necessary to process payments, refunds, or adjustments.

Account Information. If you create an online account with us, we may collect your username, password, and related authentication information.

Government-Issued Identification Information. We may collect information from government-issued identification documents, such as passport or driver’s license information, where required by law or necessary for specific services, including for identification, security, and legal compliance purposes.

III. HOW WE COLLECT PERSONAL INFORMATION

We may collect personal information through a variety of methods, including through:

Direct Interactions. We may collect information that you provide directly to us when you make a reservation, communicate with us, request services, provide feedback, or apply for employment.

Automatically. We may automatically collect certain information when you visit our website or use our digital platforms, including through the use of cookies, web beacons, and similar technologies. Please see COOKIES AND OTHER TRACKING TECHNOLOGIES below for more information.

From Third Parties. We may receive information about you from various third parties, including travel agents, booking platforms, experience providers, payment processors, marketing partners, identity verification services, social media platforms, and other business partners and service providers, as well as from publicly available sources.

Inferences and Internal Generation. We, and third parties acting on our behalf, may also create or infer personal information about you based on our interactions with you and our analysis of other personal information processed under this Policy.

IV. HOW WE USE PERSONAL INFORMATION

We may use personal information for the purposes described below:

Communications and Services. We may use personal information to provide and administer the hospitality and travel services you request, including managing reservations, facilitating check-in and check-out, providing guest services, arranging and coordinating activities and experiences, and processing payments. We may also use personal information to communicate with you about your reservation and related matters, including confirming bookings, providing pre-arrival and stay-related information, responding to inquiries and feedback, sending post-stay surveys or communications, and maintaining records of our communications with you.

Types of personal information used for these purposes may include: Contact and Identification Information; Reservation, Transaction, and Preference Information; Travel and Itinerary Information; On-Property and Guest Service Information; Location Information; Website and Digital Interaction Information; Information about Others; Health and Dietary Information; Payment and Billing Information; Account Information; and Government-Issued Identification Information.

Personalization and Experience Enhancement. We may use personal information to personalize and enhance your experience with us, including recognizing you upon arrival and anticipating your needs, tailoring services and experiences to your preferences, remembering your preferences across stays, and providing recommendations based on your interests and past interactions.

Marketing and Promotional Communications. Where permitted by applicable law and consistent with your preferences, we may use personal information to send you marketing and promotional communications about our properties, as well as services, experiences, promotions, and activities offered by us, our affiliates, or our other partners that may be of interest to you. We may also send news and updates relating to our properties and affiliated entities within the Beckons family of companies. You may opt out of marketing communications at any time as described in the MARKETING COMMUNICATIONS section below.

Security, Safety, and Fraud Prevention. We may use personal information to protect the security and safety of our guests, staff, and properties, including operating security cameras and access control systems, verifying your identity, detecting and preventing fraud, illegal activity and policy violations, investigating and responding to security incidents, and maintaining the physical safety and security of our premises.

Types of personal information used for these purposes may include: Any personal information as reasonably necessary or required for these purposes, subject to applicable legal requirements.

Legal Compliance and Enforcement. We may use personal information to comply with applicable laws and regulations, respond to lawful requests from regulatory authorities and other government bodies, exercise or defend legal claims, enforce our terms and conditions and other agreements, manage complaints and disputes, and maintain records required by law.

Types of personal information used for these purposes may include: Any personal information as reasonably necessary or required for these purposes, subject to applicable legal requirements.

Internal Business Operations. We may use personal information to conduct our internal business operations, including maintaining business records and accounts, conducting audits, quality assurance and training, analyzing guest feedback and improving our services, developing new products, services and experiences, conducting market research and business analytics, and managing our relationships with vendors and partners.

Types of personal information used for these purposes may include: Contact and Identification Information; Reservation, Transaction, and Preference Information; Travel and Itinerary Information; On-Property and Guest Service Information; Location Information; Inferences; Website and Digital Interaction Information; Payment and Billing Information; Account Information; and Government-Issued Identification Information.

Employment and Recruitment. We may use personal information to evaluate candidates for employment, manage recruitment processes, and comply with employment law requirements.

Types of personal information used for these purposes may include: Contact and Identification Information; Government-Issued Identification Information; and Employment and Recruitment Information.

V. DISCLOSURE OF PERSONAL INFORMATION

We may disclose personal information to the categories of recipients described below for the purposes outlined in this Policy:

Affiliated Entities. We may disclose personal information to other properties and affiliated entities within our corporate group, including to facilitate reservations, coordinate guest services, maintain consistent guest profiles, provide information about services and various promotions that might be of interest to you, and support centralized business operations.

Service Providers and Vendors. We may engage third-party service providers and vendors to perform services on our behalf, and we may disclose personal information to them as necessary for them to perform those services. These service providers may include booking and reservation platforms, payment processors and financial service providers, information technology and cloud computing providers, website hosting and analytics services, marketing and communications platforms, customer relationship management providers, security and fraud prevention services, and professional advisors including lawyers, accountants, and consultants.

Business Partners. We may disclose personal information to business partners and other third parties to facilitate reservations, bookings, and other services you request or that are provided in connection with your stay or experience. This may include travel agents and booking platforms, transportation providers, tour operators and experience providers (such as guides, outfitters, and excursion companies), on-site or ancillary service providers, and other partners involved in delivering requested products or services, promotions, experiences, tours, or other similar activities. Where you book through an intermediary, we may share information about your reservation and stay to facilitate your booking and for administrative and record-keeping purposes.

These third parties act independently and are responsible for their own privacy practices. We are not responsible for how such third parties process personal information once disclosed to them, and their processing is governed by their own privacy notices. We encourage you to review the privacy practices of any third-party providers with whom you engage.

Regulatory Authorities. We may disclose personal information to regulatory authorities and other government bodies where required or permitted by law, including in response to lawful requests, subpoenas, court orders or other legal processes, to comply with regulatory reporting requirements, to assist in investigations, and to protect the rights, property, or safety of ourselves, our guests, or others.

Parties to Corporate Transactions. We may disclose personal information to prospective parties, their advisers, and their representatives for due diligence and transaction purposes in connection with actual or proposed corporate transactions such as mergers, acquisitions, restructurings, or asset sales. If a transaction proceeds, personal information may be transferred to the acquiring or successor entity.

Other Parties. We may disclose personal information to other parties where you have consented to the disclosure, where disclosure is necessary to protect the health or safety of any individual, where disclosure is necessary to exercise or defend legal claims, or where otherwise required or permitted by applicable law.

VI. “Selling” and “Sharing” for Cross-Context Behavioral Advertising

We do not sell personal information for monetary consideration. However, some privacy laws define the terms “sale” and “sharing” broadly to include certain disclosures of personal information to third parties, including where personal information is disclosed for cross-context behavioral advertising or similar purposes.

In particular, we may engage in “sales” or “sharing” of personal information when we engage in marketing campaigns with or on behalf of third-party partners, or we may “sell” or “share” for cross-context behavioral advertising purposes, or grant access to personal information to our marketing partners or other advertisers in relation to joint promotions or other marketing initiatives.

We do not knowingly “sell” or “share” Payment and Billing Information, Health and Dietary Information, Government-Issued Identification Information, or the personal information of individuals under the age of 16.

Where required by applicable law, you may have the right to opt out of the “sale” or “sharing” of your personal information, including the use of your personal information for cross-context behavioral advertising. You may exercise these rights by contacting us using the details provided in the HOW TO CONTACT US section or, where supported, by using recognized opt-out preference signals such as the Global Privacy Control (GPC).

For more information about your rights to opt out, please see the PRIVACY RIGHTS section and applicable JURISDICTIONAL SUPPLEMENTS below.

VII. COOKIES AND OTHER TRACKING TECHNOLOGIES

When you visit our websites or interact with our digital platforms, we and/or our third-party partners may use cookies or similar tracking technologies to collect information about your interactions, operate our websites, and enhance your experience. This may include:

Essential cookies that are strictly necessary to enable the website to operate and provide core functionality;
Functional cookies that remember your preferences and settings and provide enhanced functionality;
Analytics cookies that help us understand how visitors use the website, measure performance, and improve our services; and
Marketing or advertising cookies to show relevant advertisements, measure their effectiveness, limit how often advertisements are shown, and support social media features.

We may use cookies under the following circumstances and for the following reasons:

To provide you with services and related features available through our websites;
To authenticate users and prevent fraudulent use of user accounts;
To identify whether users have accepted the use of cookies on a website;
To compile data about website traffic and how users use the website to offer a better website experience;
To understand visitor preferences for future visits, such as remembering language preference, to provide a more personal experience, and to avoid you having to re-enter your preferences every time you visit the website; and/or
To track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website.

Managing Cookies and Tracking Technologies

You have several options for managing cookies and tracking technologies, including:

Browser Settings. Most web browsers allow you to control cookies through their settings. You can typically configure your browser to accept all cookies, reject all cookies, or delete cookies that have already been placed. The process for managing cookies varies by browser, so please refer to your browser’s help documentation for instructions. Please note that if you disable or delete cookies, some features of our website may not function properly.

Do Not Track Signals. Some web browsers transmit “Do Not Track” signals to websites. There is currently no industry standard for how websites should respond to these signals. At present, our websites do not respond to Do Not Track signals, but we continue to monitor developments in this area.

Cookie Consent Tools. When you first visit our website in certain jurisdictions, you may be presented with a cookie consent banner or tool that allows you to accept or decline certain categories of cookies. You can change your preferences at any time by accessing the cookie settings link in the footer of our website.

Opt-Out Tools. Some third-party advertising providers participate in industry self-regulatory programs that allow individuals to opt out of receiving targeted (interest-based) advertising. These opt-outs are administered by the programs themselves and can be accessed through their websites, including those operated by the Digital Advertising Alliance (DAA) at www.aboutads.info/choices, the Network Advertising Initiative (NAI) at www.networkadvertising.org/choices, or similar organizations in your jurisdiction.

Please refer to the JURISDICTIONAL SUPPLEMENTS section below for more information about your specific rights with respect to cookies and similar tracking technologies.

VIII. PRIVACY RIGHTS

You may have certain rights under applicable privacy laws regarding the collection, use, and disclosure of your personal information. These rights vary depending on the jurisdiction in which you reside and may include the following:

Right to Know. You may have the right to confirm whether we are processing your personal information and to access that information.

Right to Correct. You may have the right to correct inaccuracies in your personal information, taking into account the nature of the data and our purposes for processing.

Right to Delete. You may have the right to request deletion of personal information you have provided to us or that we have obtained about you.

Right to Data Portability. You may have the right to obtain a copy of your personal information in a portable, readily usable format, to the extent technically feasible.

Right to Opt Out of “Sales” or “Sharing”. As mentioned above, you may have the right to opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising.

Right to Opt Out of Automated Profiling. You may have the right to opt out of automated profiling that would produce legal or other similarly significant effects; however, we do not use personal information to make automated decisions in any situation where you would have a legal right to opt out.

Right to Limit Use of Sensitive Personal Information. You may have the right to request that we restrict the use of Sensitive Personal Information; however, we already limit the use of your Sensitive Personal Information to uses that are necessary to perform reasonably expected services or as required or permitted by law.

Right to Non-Discrimination. You may have the right under some privacy laws not to receive discriminatory treatment for exercising your rights.

Exercising Your Privacy Rights

To exercise your rights under applicable privacy law, please contact us using the details provided in the HOW TO CONTACT US section below. We will respond within the timeframe required by applicable law, which may vary depending on your jurisdiction. Please refer to the JURISDICTIONAL SUPPLEMENTS section below for more information.

When permitted by law, we may charge a reasonable fee to cover the costs of responding to a request, particularly where requests are manifestly unfounded, excessive, or repetitive. If we decline to take action on your request, we will inform you of the reasons for our decision and, where applicable, provide information about your right to appeal. If your appeal is denied, you may contact your relevant supervisory authority.

For your security and to help ensure that unauthorized third parties do not access your personal information, we may require you to verify your identity before we can act on your request. If you are requesting to exercise privacy rights on behalf of someone else (as an authorized agent), we may also require verification of your identity, as well as proof of authorization by the applicable individual.

There may be information we will not return in response to an access request, such as information that would affect the privacy of others or interfere with legal requirements. Similarly, there may be reasons why we cannot comply with a deletion request, such as the need to retain your personal information to provide you services, to complete a transaction, to comply with a legal obligation, or for other purposes permitted by applicable law. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Marketing Communications

You can opt out of receiving marketing communications from us at any time by following the unsubscribe instructions included in our marketing emails or by contacting us using the details provided in the HOW TO CONTACT US section.

Please note that even if you opt out of marketing communications, we may continue to send you transactional and service-related communications about your reservations, stays, and related matters.

Cross-Context Behavioral Advertising and Personalized Advertising Choices

If you do not want us to disclose your personal information for cross-context behavioral advertising purposes, to the extent we engage in such activities, you can request to opt out by contacting us using the details provided in the HOW TO CONTACT US section. You may also be able to exercise this opt-out right by using the GPC signal or other opt-out tools described in the Managing Cookies and Tracking Technologies section above.

Cookies and Tracking Technologies Choices

As explained above, we may use cookies and similar tracking technologies on our websites to provide a personalized experience and, in some cases, to deliver cross-context behavioral or other targeted advertising. Please see the Managing Cookies and Tracking Technologies section above for more information about your cookie choices.

Please refer to the applicable JURISDICTIONAL SUPPLEMENTS section below for more information about your specific rights under applicable privacy law.

IX. INTERNATIONAL TRANSFERS

Please note that, given the nature of our business, your personal information may be transferred to, stored, and processed in countries other than the country in which you reside.

Different countries have different privacy laws, and some may not provide the same level of protection as the laws of your home country. Where we transfer personal information internationally, we implement appropriate safeguards to protect your information and comply with requirements regarding such transfers, as required by applicable law.

For guests and individuals located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please refer to the JURISDICTIONAL SUPPLEMENTS for those jurisdictions below for additional information about international transfers and the safeguards we apply.

X. DATA RETENTION

We retain personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, as described in this Policy. In determining appropriate retention periods, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and applicable legal, regulatory, accounting or other requirements.

When personal information is no longer required for the purposes for which it was collected and we have no legal basis to retain it, we will securely delete or de-identify the information. In some circumstances, we may anonymize or de-identify personal information so that it can no longer be associated with you, in which case we may use such anonymized or de-identified information without further notice to you.

XI. SECURITY

We implement technical, administrative, and physical security measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures may include encryption of data in transit and at rest where appropriate, access controls that limit access to personal information on a need-to-know basis, regular security assessments and testing, staff training on privacy and data security, and physical security measures at our properties and offices.

While we take reasonable steps to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.

XII. CHILDREN’S PRIVACY

Our services are not directed at or intended for use by children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without the consent of a parent or guardian. If you believe we have collected personal information from a child without appropriate consent, please contact us so that we can take appropriate steps.

Where children stay at our properties with their families or guardians, we collect only the information reasonably necessary to provide accommodation and services, and we do so with the understanding that the accompanying adult has authority to provide such information on the child’s behalf.

XIII. THIRD-PARTY WEBSITES AND SERVICES

Our website may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to those third-party websites and services. We encourage you to review the privacy policies of any third-party websites you visit.

Similarly, where we arrange experiences, tours, or activities with third-party providers, those providers operate independently and handle your personal information in accordance with their own privacy practices. We are not responsible for the privacy practices of these third-party providers, and we encourage you to review their privacy policies before participating in any third-party experiences.

XIV. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Policy on our website with a revised “Last Updated” date.

We encourage you to review this Policy periodically to stay informed about how we handle your personal information. Your continued use of our services after we post changes to this Policy constitutes your acceptance of those changes.

XV. HOW TO CONTACT US

If you have questions about this Privacy Policy or our privacy practices, wish to exercise any of your privacy rights, or have concerns about how we have handled your personal information, please contact us at:

privacy@beckons.com

PO Box 596
Avalon, NSW 2107, Australia

We will respond to your inquiry in accordance with applicable law and endeavor to address any concerns you may have.

XVI. JURISDICTIONAL SUPPLEMENTS

The following Supplements provide additional information required by the privacy laws of specific jurisdictions. If you are a resident of one of the jurisdictions listed below, the applicable Supplement may apply to you in addition to the main body of the Policy.

1. CALIFORNIA

California Notice at Collection

California law requires that we provide California residents with certain disclosures at or before the point of collection of personal information, including the categories of personal information collected, the purposes for collection, and whether personal information is sold or shared. This Section provides those disclosures.

The California Consumer Privacy Act (CCPA) defines “personal information” to mean “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

The main body of this Policy describes the types of personal information we collect in categories that are commonly understood; however, the CCPA requires us to disclose the personal information we have collected about consumers using the following statutory categories. Some of the categories include very different types of information within the same category, and certain personal information may fall into multiple categories. How we use and how long we keep the information within each category will vary, and not all types of information within the same category will be used for all the purposes listed.

As required by the CCPA, we may collect the following categories of personal information from the sources below and disclose such personal information to the third parties below, and in each case, for the purposes described below:

Categories of personal information and examples	Sources	Disclosed in last 12 months to the following third parties	Purpose of collection and use
Identifiers, such as name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers	Direct interactions; automatically when you visit our websites or use our networks or devices; from third parties, including business partners and service providers	Affiliated entities; service providers and other third parties, including business partners; regulatory authorities	Communications and Services; Personalization and Experience Enhancement; Marketing and Promotional Communications; Security, Safety, and Fraud Prevention; Legal Compliance and Enforcement; Internal Business Operations; Employment and Recruitment
Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories	Direct interactions; automatically when you visit our websites or use our networks or devices; from third parties, including business partners and service providers	Affiliated entities; service providers and other third parties, including business partners; regulatory authorities	Communications and Services; Personalization and Experience Enhancement; Marketing and Promotional Communications; Security, Safety, and Fraud Prevention; Legal Compliance and Enforcement; Internal Business Operations; Employment and Recruitment
Protected classification characteristics under California or federal law, such as age (40 years or older), national origin, marital status, gender, veteran or military status	Direct interactions, such as when you sign up for an offer for veterans; from third parties who make inferences regarding your household, such as marital status or the age ranges of people within your household	Affiliated entities; service providers; regulatory authorities	Communications and Services; Personalization and Experience Enhancement; Marketing and Promotional Communications; Security, Safety, and Fraud Prevention; Legal Compliance and Enforcement; Internal Business Operations; Employment and Recruitment
Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies	Direct interactions; automatically when you visit our websites; from third parties, including business partners and service providers we use to support our business	Affiliated entities; service providers and other third parties, including business partners; regulatory authorities	Communications and Services; Personalization and Experience Enhancement; Marketing and Promotional Communications; Security, Safety, and Fraud Prevention; Legal Compliance and Enforcement; Internal Business Operations
Biometric information, such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, scans of the hands or face geometry, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data	N/A	N/A	N/A
Internet or other electronic network activity information, such as browsing history, search history, and information regarding your interaction with one of our internet websites, applications, or an advertisement	Automatically when you visit our websites or use our networks or devices; from third parties, including business partners and service providers	Affiliated entities; service providers and other third parties, including business partners	Communications and Services; Personalization and Experience Enhancement; Marketing and Promotional Communications; Security, Safety, and Fraud Prevention; Legal Compliance and Enforcement; Internal Business Operations; Employment and Recruitment
Geolocation data	N/A	N/A	N/A
Sensory data, such as audio, electronic, visual, thermal, olfactory, or similar information	Automatically from our systems, such as when your image or voice is recorded or captured in surveillance camera footage	Affiliated entities; service providers; regulatory authorities	Communications and Services; Security, Safety, and Fraud Prevention; Legal Compliance and Enforcement; Internal Business Operations
Inferences drawn from other personal information, such as profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes	Automatically from our systems or through internal generation	Affiliated entities; service providers and other third parties, including business partners; regulatory authorities	Communications and Services; Internal Business Operations; Marketing and Promotional Communications
Sensitive Personal Information, such as Social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents mail, email and text messages; genetic data and biometric information; information collected and analyzed concerning a consumer’s health; or information collected and analyzed concerning a consumer’s sex life or sexual orientation. Some personal information included in this category may overlap with other categories. We do not collect all of these examples of Sensitive Personal Information, nor do we use all types of Sensitive Personal Information for the purposes described below	Direct interactions, such as when you create an account or make a payment with us; automatically from our systems when you use or interact with our services that collect this information or when you opt in to certain features of our services; from third parties	Affiliated entities; service providers and other third parties, including business partners; regulatory authorities	Communications and Services; Personalization and Experience Enhancement; Security, Safety, and Fraud Prevention; Legal Compliance and Enforcement; Internal Business Operations; Employment and Recruitment

We do not collect all of the examples of Sensitive Personal Information listed above, nor do we use all types of Sensitive Personal Information for all of the purposes described. We limit our use of Sensitive Personal Information to purposes permitted by the CCPA that do not require offering a right to limit, including providing and improving our services, ensuring security and integrity, and complying with legal obligations.

For all enumerated categories listed above, we may disclose personal information to service providers as described in the DISCLOSURE OF PERSONAL INFORMATION section of this Policy.

Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, subject to the retention criteria set forth in the DATA RETENTION section above. Retention periods vary based on the nature of the information, the purposes for which it was collected, and applicable legal requirements.

“Sale” and “Sharing” of Personal Information

As described in the “Selling” and “Sharing” for Cross-Context Behavioral Advertising section of the Policy, we do not sell personal information for monetary consideration. However, some privacy laws define the terms “sale” and “sharing” broadly to include certain disclosures of personal information to third parties, including where personal information is disclosed for cross-context behavioral advertising or similar purposes.

We may have disclosed the following categories of personal information for cross-context behavioral advertising purposes in the preceding 12 months: Identifiers, including Contact and Identification Information, Internet or Electronic Network Activity Information, and Inferences.

California Privacy Rights

As a California resident, you may have the following rights under the CCPA:

Right to Know. You may have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the purposes for collecting, selling, or sharing the information, the categories of third parties to whom we disclosed the information, and the categories of personal information we sold or shared.

Right to Delete. You may have the right to request that we delete personal information we have collected from you, subject to certain exceptions.

Right to Correct. You may have the right to request that we correct inaccurate personal information that we maintain about you.

Right to Opt Out of Sale/Sharing. You may have the right to opt out of the “sale” of your personal information and the “sharing” of your personal information for cross-context behavioral advertising purposes.

Right to Limit Use of Sensitive Personal Information. You may have the right to limit our use of Sensitive Personal Information to certain purposes permitted by the CCPA. However, we already limit our use of Sensitive Personal Information to such purposes.

Right to Non-Discrimination. You may have the right not to receive discriminatory treatment for exercising your privacy rights.

To exercise your rights, you or your authorized agent may submit a request by contacting us using the details provided in the HOW TO CONTACT US section. We will verify your identity before processing your request by matching information you provide with information we maintain about you.

California “Shine the Light” Law

Residents of California also have the right to request information regarding third parties to whom we have disclosed certain categories of personal information during the preceding year for the third parties’ direct marketing purposes under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83). Personal information under this California law means “any information that when it was disclosed identified, described, or was able to be associated with an individual.” If you are a California resident and would like to make such a request, please contact us using the details provided in the HOW TO CONTACT US section.

2. EEA, SWITZERLAND, AND UNITED KINGDOM

This Supplement applies to individuals located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”) and addresses requirements under the General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), the Swiss Federal Act on Data Protection (“FADP”), and related data protection legislation.

Data Controller

For the purposes of EEA, Swiss, and UK data protection law, Luxury Lodges US Holdings, LLC is the controller of your personal data under this Privacy Policy. Our contact details are provided in the HOW TO CONTACT US section above.

Legal Bases for Processing

We process your personal data only when we have a valid legal basis to do so. The legal bases we rely on may include the following:

Contract. We may process personal data where necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract. This includes processing to manage reservations, provide accommodation and services, process payments, and communicate with you about your stay.

Legitimate Interests. We may process personal data where necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests may include operating and improving our business, providing and enhancing guest experiences, ensuring the security and safety of our properties, guests, and staff, preventing fraud and enforcing our policies, marketing our services to guests (where not based on consent), and conducting analytics and business development. You may contact us for more information about how we balance our legitimate interests against your rights and freedoms.

Legal Obligation. We may process personal data where necessary to comply with a legal obligation to which we are subject, such as maintaining accounting records, responding to lawful requests from authorities, and complying with health and safety requirements.

Consent. We may process personal data based on your consent where you have given clear consent for us to process your data for a specific purpose, such as receiving marketing communications or the processing of certain categories of sensitive personal data. Where we rely on consent, you have the right to withdraw your consent at any time by contacting us using the details in the HOW TO CONTACT US section, without affecting the lawfulness of processing based on consent before its withdrawal.

Vital Interests. We may also process personal data where necessary to protect the vital interests of you or another person.

Special Categories of Personal Data

We may process special categories of personal data (such as health information or dietary requirements related to religious beliefs) where you have given explicit consent, where processing is necessary to protect vital interests, where processing is necessary for the establishment, exercise, or defense of legal claims, or where another lawful basis under GDPR applies.

Your Rights

Under EEA, Swiss, and UK data protection law, you may have the following rights in relation to your personal data:

Right of Access. You may have the right to obtain confirmation of whether we process personal data about you and to access that data, along with certain additional information, such as the purposes of processing, the categories of personal data concerned, and the recipients to whom the data has been or will be disclosed.

Right to Rectification. You may have the right to have inaccurate personal data rectified and, taking into account the purposes of the processing, to have incomplete personal data completed.

Right to Erasure. You may have the right to have your personal data erased in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent (where consent is the legal basis), or where the data has been unlawfully processed.

Right to Restrict Processing. You may have the right to restrict our processing of your personal data in certain circumstances, such as where you contest the accuracy of the data, where processing is unlawful but you oppose erasure, or where you have objected to processing pending verification of our legitimate grounds.

Right to Data Portability. You may have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible, where processing is based on consent or contract and is carried out by automated means.

Right to Object. You may have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will stop processing your data for that purpose. Where you object to processing based on legitimate interests, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Relating to Automated Decision-Making. You may have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you, except in certain circumstances permitted by law. We do not currently make solely automated decisions that produce legal or similarly significant effects.

To exercise any of these rights, please contact us using the details provided in the HOW TO CONTACT US section above. We will respond to your request within one month, or otherwise within the timeframe permitted by applicable law, and we may extend this period as permitted under applicable law.

International Transfers

Where we transfer your personal data outside the EEA, UK, or Switzerland, we ensure that appropriate safeguards are in place to protect your data in accordance with data protection law. These safeguards may include:

Transfers to countries that have been determined by the European Commission, UK authorities, or Swiss authorities to provide an adequate level of data protection;
Transfers subject to Standard Contractual Clauses adopted by the European Commission or UK authorities (as applicable);
Transfers to organizations in the United States that participate in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, or the Swiss-U.S. Data Privacy Framework, as applicable; or
Other appropriate safeguards permitted by law.

You may contact us for more information about the specific safeguards we apply to international transfers of your personal data.

Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can attempt to resolve your concern. You also have the right to lodge a complaint with a supervisory authority. This may be the supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

For the UK, you may contact the Information Commissioner’s Office (ICO).

For the EEA, you may contact the supervisory authority in the relevant member state.

For Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).

3. AUSTRALIA

This Supplement applies to individuals located in Australia and addresses requirements under the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Australian Privacy Principles (“APPs”).

Collection and Use of Personal Information

We collect, use, and disclose personal information for the purposes described in the Privacy Policy, including to provide hospitality and travel services, communicate with guests, personalize experiences, operate our properties, and comply with legal obligations. Where required by the Privacy Act, we will take reasonable steps at or before the time of collection (or as soon as practicable thereafter) to notify you of the matters set out in APP 5, including the purposes of collection and the types of third parties to whom we may disclose personal information.

Collection of Sensitive Information

Under Australian law, certain categories of personal information are classified as “sensitive information,” including health information, racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, genetic information, and biometric information and templates. We collect sensitive information only where:

You have consented to the collection;
The collection is required or authorized by or under law (including applicable law of a foreign country); or
The collection is otherwise permitted under the Privacy Act (including where collection is necessary to prevent or lessen a serious threat to life, health, or safety).

Where we collect sensitive information, such as dietary requirements related to religious practices or health information relevant to your stay, we do so only to the extent reasonably necessary to provide you with appropriate services and accommodate your needs.

Anonymity and Pseudonymity

You have the option of not identifying yourself, or of using a pseudonym, when dealing with us in relation to a particular matter unless it is impracticable for us to deal with you on that basis, or we are required or authorized by or under law or a court or tribunal order to deal with individuals who have identified themselves. As a practical matter, we generally require you to identify yourself to make a reservation, check in to a property, or receive our hospitality services.

Direct Marketing

We may use personal information to send you direct marketing communications in accordance with applicable laws. You may opt out of receiving direct marketing communications from us at any time by using the unsubscribe mechanism included in the communication or by contacting us using the details in the HOW TO CONTACT US section. We will comply with any request to opt out of direct marketing within a reasonable period.

Access and Correction

You may have the right to request access to the personal information we hold about you and to request correction of any information that is inaccurate, out of date, incomplete, irrelevant, or misleading. To make a request, please contact us using the details provided in the HOW TO CONTACT US section. We will respond within the timeframe required by applicable law. We may charge a reasonable fee for providing access to your information (but we will not charge an excessive amount), and we will not charge you for making a request or for correcting information.

We may refuse access or correction in certain circumstances permitted by the Privacy Act, such as where providing access would have an unreasonable impact on the privacy of other individuals or where the request is frivolous or vexatious. If we refuse a request, we will provide you with written reasons for the refusal and information about how to complain about our decision.

Notifiable Data Breaches

If we experience a data breach involving personal information that is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under the Privacy Act, including by notifying affected individuals and the Office of the Australian Information Commissioner where required.

Complaints

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, you may lodge a complaint with us using the contact details provided. We will acknowledge your complaint and investigate and respond within the timeframes required by applicable law. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”).

Cross-Border Disclosure

We may disclose your personal information to recipients located outside Australia, including to affiliated entities, service providers, and partners in Canada, New Zealand, Chile, the EEA, the United Kingdom, the United States, and other countries where we operate or have business relationships.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles in relation to the information, unless an exception applies under the Privacy Act (such as where you have consented after being informed that the APPs may not apply to the overseas recipient).

4. NEW ZEALAND

This Supplement applies to individuals located in New Zealand and addresses requirements under the Privacy Act 2020 and the Information Privacy Principles (“IPPs”).

Collection of Personal Information

We collect personal information directly from you where reasonably practicable. Where we collect personal information from third parties such as travel agents or booking platforms, we take reasonable steps to ensure you are aware of the collection, the fact that the information was collected from a third party, and the purposes for which the information will be used, unless such notification would prejudice the purposes of collection or is not reasonably practicable in the circumstances.

Storage and Security

We take reasonable steps to protect personal information from unauthorized access, use, modification, disclosure, or other misuse, and to ensure that personal information is protected against loss. We store personal information securely using physical and electronic safeguards appropriate to the sensitivity of the information.

Access and Correction

You have the right to request access to the personal information we hold about you and to request correction of any information that is inaccurate. To make a request, please contact us using the details provided in the HOW TO CONTACT US section. We will respond within the timeframe required by applicable law. If we refuse a request, we will provide you with the reasons for our decision and information about how to complain.

We may refuse access in certain circumstances permitted by the Privacy Act 2020, such as where disclosure would endanger the safety of any individual, would prejudice legal proceedings, or where the request is frivolous or vexatious. We will not charge you for making an access or correction request or for making a correction.

Unique Identifiers

We will not assign you a unique identifier for the purposes of our operations unless the assignment is reasonably necessary for us to carry out one or more of our functions efficiently.

Privacy Breach Notification

If we experience a privacy breach that has caused or is likely to cause serious harm, we will comply with the notification requirements under the Privacy Act 2020, including notifying affected individuals and the Office of the Privacy Commissioner where required.

Complaints

If you have concerns about how we have handled your personal information, you may lodge a complaint with us using the contact details provided. We will investigate your complaint and respond within a reasonable period. If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner.

Disclosure Overseas

We may disclose your personal information to recipients located outside New Zealand, including in Australia, Canada, Chile, the United Kingdom, and the United States.

Before disclosing personal information overseas, we will ensure that one of the following applies:

The recipient is subject to privacy laws that provide comparable safeguards to the Privacy Act 2020 (including countries prescribed by New Zealand regulations);
The recipient is bound by a scheme, contract, or other binding legal arrangement that provides comparable safeguards and that the individual can enforce; or
We have obtained your express authorization for the disclosure after informing you that the recipient may not be required to protect your information in a way that provides comparable safeguards.

5. CANADA

This Supplement applies to individuals located in Canada and addresses requirements under the Personal Information Protection and Electronic Documents Act (“PIPEDA”), the British Columbia Personal Information Protection Act (“BC PIPA”), and other applicable Canadian federal and provincial privacy legislation.

We collect, use, and disclose personal information only with your knowledge and consent, except where permitted or required by law. By providing personal information to us or using our services, you agree to our collection, use, and disclosure of that information in accordance with this Policy.

In some circumstances, your consent may be implied from your actions or the circumstances, such as when you make a reservation and provide information necessary to fulfill that reservation. In other circumstances, we may seek your express consent, such as for marketing communications or the collection of sensitive information.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw consent, we may not be able to provide you with certain services or information. We will inform you of the implications of withdrawing consent when you make such a request.

Identifying Purposes

We identify the purposes for which personal information is collected at or before the time of collection. The purposes for which we collect, use, and disclose personal information are described in the How We Use Personal Information and Disclosure of Personal Information sections of this Policy.

Limiting Collection and Use

We limit the collection of personal information to that which is necessary for the purposes we have identified. We do not collect personal information indiscriminately. We use personal information only for the purposes for which it was collected, except with your consent or as permitted or required by law.

Accuracy

We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date for the purposes for which it is to be used. You can help us maintain accurate records by informing us of any changes to your personal information.

Access and Correction

You have the right to request access to the personal information we hold about you and to challenge its accuracy and completeness. To make a request, please contact us using the details provided in the HOW TO CONTACT US section. We will respond within the timeframe required by applicable law. We may charge a minimal fee to cover the cost of responding to your request, which we will inform you of before processing your request.

We may refuse access in certain circumstances permitted by law, such as where the information is subject to solicitor-client privilege, where disclosure would reveal confidential commercial information, or where the information was collected in the course of an investigation. If we refuse access, we will provide you with the reasons for the refusal.

Complaints

Federal: Office of the Privacy Commissioner of Canada.

British Columbia: Office of the Information and Privacy Commissioner for British Columbia.

British Columbia-Specific Requirements

If you are a resident of British Columbia or your personal information is collected, used, or disclosed in British Columbia, the British Columbia Personal Information Protection Act (“BC PIPA”) applies to our handling of your personal information.

Under BC PIPA, we are required to designate an individual responsible for compliance with privacy legislation. Inquiries or complaints regarding our privacy practices in British Columbia should be directed to the contact information provided in the HOW TO CONTACT US section.

We will only collect, use, and disclose your personal information for purposes that a reasonable person would consider appropriate in the circumstances. We will make reasonable security arrangements to protect your personal information from unauthorized access, collection, use, disclosure, copying, modification, or disposal.

Before disposing of or destroying documents containing personal information, we will take reasonable steps to ensure the personal information is no longer reasonably recoverable.

6. CHILE

This Supplement applies to individuals located in Chile and addresses requirements under Law 19,628 on the Protection of Private Life (the “Chilean Data Protection Law”), as may be amended from time to time.

Data Protection Principles

We process personal data in accordance with Chilean data protection law, including the principles of lawfulness, purpose limitation, proportionality, accuracy, transparency, and security.

Legal Basis for Processing

Under Chilean law, we may process personal data where we have obtained your consent (which may be express or implied depending on the type of data), where processing is authorized by law, where data comes from publicly available sources, or where data is necessary for the performance of a contract.

Sensitive Data

Under Chilean law, sensitive data includes data relating to physical or mental health characteristics, moral facts, ideological and political opinions, religious beliefs, racial or ethnic origin, sexual orientation, and information relating to the private life or intimate sphere of a person. We collect sensitive data only with your express consent and only where necessary to provide our services or as otherwise permitted by law.

Your Rights

Under Chilean law, you MAY have the following rights in relation to your personal data:

Right of Access. You may have the right to request information about your personal data held by us, including confirmation of whether we hold data about you, the content of such data, and the source of the data.

Right to Rectification. You may have the right to request modification of your personal data where it is inaccurate, incomplete, misleading, or no longer current.

Right to Deletion (Cancellation). You may have the right to request deletion of your personal data where it has been stored without legal basis, where the data has become obsolete, or where retention is no longer necessary for the purposes for which it was collected.

Right to Object (Revocation). You may have the right to revoke your consent for the processing of your personal data where we rely on consent as the legal basis, and to object to processing in other circumstances permitted by law.

To exercise your rights, please contact us using the details provided in the HOW TO CONTACT US section. We will respond to your request within the time period required by applicable Chilean law.

Complaints

If you have concerns about how we handle your personal data, you may contact us using the details provided. You may also seek remedies through the competent civil courts in Chile, which have jurisdiction over data protection matters under Chilean law.

Data Transfers

Where we transfer your personal data outside of Chile, we will do so in accordance with applicable Chilean law and ensure that appropriate safeguards are in place to protect your data.

Be The First To Know.

Welcome!