Privacy Policy for saraniresort.com

We maintain an unwavering dedication to protecting and preserving all personal data provided by our website visitors and service users, implementing robust and comprehensive security measures throughout our services and operations.

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. In this role, we are responsible for implementing and maintaining robust data protection measures across all our operations and services.

We may process usage data (“usage data”), which comprehensively includes browser type, operating system, page views, navigation paths, timing and duration of visits, click patterns, device information, and referral sources. This information is collected through automated tracking technologies, server logs, and cookies and may include session identifiers, IP addresses, and browsing preferences. The source of this data is our analytics tracking system and server monitoring tools. We process this information for several important purposes, including improving website performance, analyzing user behavior, optimizing user experience, and enhancing security measures, which enables us to deliver personalized content, improve navigation, and protect against unauthorized access. The legal basis for this processing is our legitimate interests in monitoring and improving our website services and protecting our platform from misuse.

We may process account data (“account data”), which comprehensively includes name, email address, telephone number, billing address, payment information, account preferences, and communication settings. This information is collected through registration forms, account creation processes, and direct user input and may include subscription preferences, account security settings, and notification preferences. The source of this data is the user’s direct submission during account creation and subsequent updates. We process this information for managing user accounts, processing payments, providing customer support, and maintaining service records, which enables us to authenticate users, process transactions, and provide personalized services. The legal basis for this processing is the performance of a contract between you and us and our legitimate interests in proper administration of our website and business.

We may process profile data (“profile data”), which comprehensively includes biographical information, profile pictures, preferences, interests, booking history, and user-generated content. This information is collected through profile customization, booking processes, and user interactions and may include travel preferences, special requests, and accommodation history. The source of this data is user submissions and interaction with our services. We process this information for personalizing user experience, improving service delivery, facilitating bookings, and enhancing customer service, which enables us to provide tailored recommendations, customize communications, and improve service quality. The legal basis for this processing is our legitimate interests in providing personalized services and managing our customer relationships effectively.

Your Rights:

Right to Access: You have the right to obtain confirmation about whether we process your personal data and to receive a copy of that data in a structured format. This includes the ability to request specific information about your data, verify the lawfulness of processing, and understand how your data is being used. To exercise this right, you can submit a formal request through our dedicated data access portal or contact our privacy team directly. We will respond within 30 days and may require government-issued identification, proof of address, and account verification to verify your identity.

Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete data completed. This includes the ability to update contact information, correct factual errors, and supplement incomplete records. To exercise this right, you can access your account settings directly or submit a correction request through our support system. We will process your request within 15 days and may require account credentials, supporting documentation, and verification of changes to confirm your identity.

Right to Erasure: You have the right to request the deletion of your personal data when there is no compelling reason for its continued processing. This includes the ability to remove account information, delete usage history, and withdraw previous consent. To exercise this right, you can initiate a deletion request through our privacy center or contact our data protection officer. We will respond within 30 days and may require written confirmation, account password, and identity verification documents to verify your identity.

Right to Restrict Processing: You have the right to limit the ways in which we use your personal data, particularly when you have concerns about accuracy or processing methods. This includes the ability to pause processing activities, temporarily restrict data usage, and limit automated processing. To exercise this right, you can submit a restriction request through our privacy settings or contact our support team. We will respond within 20 days and may require account verification, written explanation, and proof of identity to verify your identity.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and transmit it to another service provider. This includes the ability to download your data, transfer account information, and receive data in machine-readable format. To exercise this right, you can use our data export tool or submit a portability request through our website. We will respond within 30 days and may require two-factor authentication, account ownership verification, and identity confirmation to verify your identity.Data Processing and Security Measures

We process Service Data which includes reservation details, accommodation preferences, special requests, and check-in/check-out information. This processing involves automated booking systems and manual review by our hospitality staff, enabling us to provide seamless accommodation services. For example, in the context of resort operations, this includes managing room assignments, dietary requirements, and amenity requests. The legal basis for this processing is the performance of our service contract with guests, specifically the fulfillment of accommodation bookings and related services.

We process Technical Data which includes device information, IP addresses, browser type, and website interaction patterns. This processing involves automated logging systems and analytics tools, enabling us to optimize website performance and user experience. For example, this includes monitoring page load times, tracking user navigation patterns, and identifying technical issues. The legal basis for this processing is our legitimate interest in maintaining and improving our online services.

We process Communication Data which includes email correspondence, chat logs, feedback forms, and customer service interactions. This processing involves customer relationship management systems and communication platforms, enabling us to provide effective guest support and service. For example, this includes handling inquiries, processing special requests, and addressing concerns. The legal basis for this processing is both contract fulfillment and legitimate interests in maintaining guest relationships.

We process Transaction Data which includes payment information, booking details, and purchase history. This processing involves secure payment gateways and booking management systems, enabling us to process reservations and related transactions. For example, this includes processing room charges, amenity purchases, and refunds. The legal basis for this processing is contract performance and legal obligations related to financial transactions.

We process Preference Data which includes accommodation preferences, dining choices, and service customization options. This processing involves guest profile management systems, enabling us to personalize guest experiences. For example, this includes room type preferences, dietary restrictions, and preferred amenities. The legal basis for this processing is consent and legitimate interests in providing personalized services.

Security Measures

Our comprehensive encryption protocols ensure end-to-end protection of your data, incorporating industry-standard algorithms and regular security updates to maintain data integrity. This includes regular security assessments and penetration testing by qualified professionals.

We implement multi-layered security infrastructure, including advanced firewalls and intrusion detection systems that continuously monitor for and prevent unauthorized access attempts. This infrastructure undergoes regular updates and enhancements.

Access to personal data is strictly controlled through role-based permissions, multi-factor authentication, and detailed access logs. We maintain comprehensive audit trails of all data access and modifications.

Our continuous monitoring systems provide real-time threat detection and automated response protocols, ensuring immediate action against potential security threats.

We maintain comprehensive backup procedures with encrypted offsite storage and regular recovery testing, ensuring data availability and integrity.

All staff undergo regular security awareness training and must comply with detailed data protection protocols, including specific training for handling sensitive data.

International Transfers

We may transfer your personal data to countries outside your jurisdiction. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses, Binding Corporate Rules, and certified compliance frameworks. Each international transfer is conducted under strict protocols that ensure:
– Adequate data protection standards
– Compliant processing procedures
– Enforceable data subject rights
– Effective legal remedies

International transfers are protected by ISO 27001 standards, GDPR requirements, and industry-specific certifications, ensuring compliance with international data protection regulations. We implement additional measures including:
– Regular compliance audits
– Data protection impact assessments
– Documented transfer mechanisms
– Continuous monitoring procedures

Regarding international transfers, you maintain specific rights including:
– Right to information about transfers
– Right to object to transfers
– Right to withdraw consent
– Right to data protection guarantees

Data Retention

We maintain specific retention periods for different data categories:

Account Information: 7 years from last activity for legal and business requirements
Usage Data: 2 years for service improvement and analysis
Transaction Records: 10 years for financial and tax compliance
Communication History: 3 years for customer service and dispute resolution
Technical Logs: 1 year for security and performance monitoring

These retention periods are determined by:
– Legal requirements
– Business purposes
– Technical necessities
– User preferences

Special circumstances affecting retention:
– Legal obligations
– Dispute resolution
– Security investigationsCookie Policy for saraniresort.com

Essential cookies are fundamental to website functionality. These cookies manage user authentication, maintain security protocols, and ensure basic site operations. We use them specifically for:
– User authentication during booking sessions
– Security measures to protect guest information
– Basic site operations for resort availability
– Session management during reservation processes
– Technical stability across booking platforms

Functional cookies enhance your experience by remembering your preferences. They enable:
– Language preferences for international guests
– Region-specific resort content and rates
– User interface customization for booking preferences
– Feature optimization for room selection
– Personalized settings for returning guests

Analytics cookies help us understand user behavior. They collect information about:
– Page interactions with resort amenities
– Navigation patterns through booking flows
– Feature usage of virtual resort tours
– Session duration on property pages
– User preferences for accommodation types

Performance cookies assess and improve website operation by:
– Monitoring site speed during peak booking periods
– Identifying technical issues in reservation systems
– Optimizing content delivery of property images
– Analyzing user experience in booking flows
– Tracking system performance across devices

Cookie Management

You can control cookie preferences through:
– Browser settings
– Cookie consent tools
– Privacy preferences
– Account settings

GDPR Compliance

For EU residents, we ensure:
– Explicit consent mechanisms
– Data minimization in guest profiles
– Purpose limitation for collected data
– Storage limitations on booking information
– Processing transparency

CCPA Compliance

California residents have additional rights:
– Right to know about personal information collected
– Right to delete personal data
– Right to opt-out of data sales
– Right to non-discrimination
– Right to access collected information

COPPA Compliance

Regarding users under 13:
– Age verification requirements
– Parental consent procedures
– Limited data collection
– Special protection measures
– Parental access rights

Updates and Changes

Policy updates involve:
– Regular review procedures
– User notifications
– Consent renewal when required
– Clear change documentation
– Continuous compliance monitoring

Contact Information

For privacy-related inquiries:
– Primary Contact: [email protected]
– Response Time: Within 48 hours
– Verification Required: For data-related requests
– Available Support: Privacy concerns, data requests, rights exercise

This policy was created specifically for saraniresort.com and covers all associated services within the hospitality industry.