Privacy Policy
Viceroy Hotel and Resorts (accessible at: viceroyhotelandresorts.com) is committed to protecting the privacy and personal data of our guests, visitors, and users. We recognize the importance of safeguarding the information you entrust to us. This Privacy Policy outlines how we collect, use, share, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
1. Commitment to Privacy and Data Protection
At Viceroy Hotel and Resorts, privacy is a priority. We are dedicated to maintaining strong protections for the personal data we process. We believe in transparency regarding our data handling practices and are committed to processing your data in a lawful, fair, and secure manner. Whether you are making a reservation, browsing our services, or interacting with us, we want you to feel confident that your information is treated with the utmost care.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all personal data collected through viceroyhotelandresorts.com and associated services, including but not limited to reservations, account management, marketing communications, and customer support.
For the purposes of applicable data protection regulations, Viceroy Hotel and Resorts is the data controller responsible for the processing of your personal data.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
Includes information about how you use our website and services, such as IP address, browser type, browser version, device identifiers, time zone settings, usage logs, and interactions with features and pages.
b. Account Data
Includes your full name, billing address, shipping address, email address, phone number, and any login credentials used when creating an account.
c. Profile Data
Includes your stay preferences, past bookings, dining choices, feedback, special requests, loyalty program participation, and behavioral insights derived from your interactions with our services.
d. Communication Data
Includes any correspondence or inquiries you send to us, such as email communications, support tickets, call records, and other contact history related to guest services.
e. Technical Data
Includes device type, operating system, screen size, hardware settings, operating system version, app versions, language settings, and referral URLs.
f. Transaction Data
Includes purchase records, transaction amounts, payment method, delivery or service fulfillment details, and relevant billing information.
g. Preference Data
Includes marketing communication preferences, newsletter subscriptions, opt-in/opt-out choices, and information about interests in specific services or promotions.
4. Legal Bases for Processing
We rely on the following legal bases under GDPR for processing your personal data:
– Consent: where you actively give permission (e.g., subscribing to newsletters or accepting marketing cookies).
– Contract: where processing is necessary to perform a contract or respond to your requests before entering into one (e.g., processing reservations).
– Legitimate Interests: including improving services, security, fraud prevention, and personalization—provided these interests are not overridden by your privacy rights.
– Legal Obligation: where we are required to process data to comply with applicable laws or regulatory requirements.
Under the CCPA, we collect and use data for disclosed business purposes and do not sell personal data unless explicitly stated with appropriate mechanisms for opting-out.
5. Your Rights
Subject to applicable laws, you have the following rights with respect to your personal data:
– Right of Access: To request a copy of the personal data we hold about you.
– Right to Rectification: To request correction of any inaccurate or incomplete data.
– Right to Erasure: To request deletion of your personal data, subject to legal or contractual obligations.
– Right to Restriction: To request limited processing where you contest accuracy or legality.
– Right to Data Portability: To receive data in a structured, commonly used format and transmit it to another controller.
– Right to Object: To object to processing carried out under legitimate interests or direct marketing.
To exercise any of these rights, please contact us at [email protected]. We may request verification of your identity before fulfilling these requests.
6. Security Measures
We implement comprehensive technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:
– Industry-standard encryption for data transmission and storage.
– Role-based access controls and authentication protocols.
– System and process audits to evaluate vulnerabilities.
– Internal staff training on privacy principles and data management.
– Routine data backup and recovery procedures.
7. International Transfers
As a global hospitality operator, your personal data may be processed outside of your home country. Whenever we transfer data internationally, we ensure appropriate safeguards are in place:
– Standard Contractual Clauses approved by the European Commission.
– Adequacy decisions issued by regulators.
– Binding corporate rules and additional contractual protections.
We take measures to ensure your data enjoys a level of protection consistent with applicable privacy laws regardless of where it is processed.
8. Data Retention
We retain your data only as long as necessary for the purposes for which it was collected, or as required by law. Retention periods vary by data category:
– Account and Transaction Data: retained for up to seven (7) years for legal and accounting purposes.
– Marketing and Preference Data: retained until you withdraw consent or unsubscribe.
– Usage and Technical Data: retained for up to two (2) years for analytics and performance optimization.
– Communication Data: retained for up to three (3) years for quality assurance and service history.
Data is securely deleted or anonymized upon expiry of the applicable retention period.
9. Cookie Policy
Our website uses cookies to enhance your browsing experience and to provide tailored content. We categorize cookies as follows:
– Essential Cookies: Required for site functionality, secure login, and reservations.
– Functional Cookies: Enable enhanced personalization, such as saved preferences.
– Performance and Analytics Cookies: Collect aggregated usage statistics.
– Marketing Cookies: Facilitate targeted advertising and track campaign performance.
10. Cookie Management and Compliance with GDPR & CCPA
Upon your first visit to viceroyhotelandresorts.com, you will be prompted with cookie consent options. You may modify your preferences at any time through the cookie settings interface. We honor all “Do Not Track” (DNT) browser configurations and provide clear opt-out options under CCPA guidelines.
Consumers have the right to opt-out of the sale or sharing of their personal information and may do so using the features provided on our website or by emailing [email protected].
11. Children’s Privacy
Our website and services are not directed to children under the age of 13. We do not knowingly collect or process personal data from children without verified parental consent. If we become aware that we have inadvertently collected such data, we will delete it without delay.
12. Policy Updates and User Notifications
We reserve the right to amend this Privacy Policy to reflect changes in our operations, legal requirements, or privacy best practices. Significant changes will be communicated prominently on viceroyhotelandresorts.com and, where required by law, we will seek your consent before those changes take effect.
13. Contact Us
For inquiries, concerns, or to exercise your data protection rights, please contact us at:
Email: [email protected]
We are committed to ensuring that your privacy is respected and upheld in accordance with the highest standards. If you have privacy-related questions or requests, we encourage you to reach out.