Privacy Policy
Las Fuentes Inn (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring the confidentiality, integrity, and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our website, lasfuentesinn.com. We act in full compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We encourage you to read this policy carefully to understand your rights and how we process your personal data.
1. Commitment to Privacy and Data Protection
Your privacy is our priority. We are committed to maintaining the confidentiality of your personally identifiable information and upholding the principles of data minimization, purpose limitation, and lawful, fair, and transparent processing. We implement appropriate measures to prevent unauthorized access, misuse, or disclosure of your information.
2. Scope of this Policy and Our Role as Data Controller
This Privacy Policy applies to all personal data collected via our website, lasfuentesinn.com. For the purposes of data protection laws, Las Fuentes Inn is the data controller of all personal information collected through the website and is responsible for determining the purposes and means of processing your personal data.
3. Categories of Personal Data We Process
We collect and process the following categories of data:
a) Usage Data:
Includes data such as your IP address, browser type, access times, referring URLs, pages viewed, length of visits, and navigational paths within our website.
b) Account Data:
Includes your full name, billing address, email address, and phone number provided when creating an account or making a booking.
c) Profile Data:
Includes your service preferences, past bookings, behavioral data within our website, and other information used to personalize your experience.
d) Communication Data:
Includes correspondence with our support team, inquiries submitted via contact forms, and interaction history.
e) Technical Data:
Includes information about your device (such as device ID, operating system, browser settings, screen resolution) and system configuration data.
f) Transaction Data:
Includes details of services purchased, payment card data (in an encrypted format), transaction history, and delivery or service fulfillment details.
g) Preference Data:
Includes your marketing and communication preferences, consents given, and product or service interests selected during your interactions with lasfuentesinn.com.
4. Legal Bases for Processing
We process your personal data only where we have a legal basis to do so. The applicable bases include:
– Consent: when you give us clear permission to process your data (e.g., for marketing communications).
– Contractual Necessity: when data processing is required to enter into or perform a contract with you (e.g., service bookings).
– Legitimate Interests: where processing is necessary for our legitimate business purposes and those interests are not overridden by your fundamental rights (e.g., website analytics and fraud prevention).
– Legal Obligation: where the processing is necessary to comply with applicable laws and regulations.
5. Your Rights
Subject to applicable data protection laws, you have the right to:
– Access: request confirmation of what personal data we process and receive a copy.
– Rectification: request correction of inaccurate or incomplete data.
– Erasure: request the deletion of data where there is no lawful reason to retain it.
– Restriction: request the restriction of processing under certain circumstances.
– Portability: obtain a structured, commonly used, machine-readable copy of your personal data and transfer it to another provider.
To exercise your rights, please contact us at [email protected]. We will respond in accordance with applicable laws and within regulatory timeframes.
6. Security Measures
We maintain appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of your data. These measures include:
– Encryption of data in transit and at rest
– Role-based access controls and system authentication
– Regular system updates and vulnerability assessments
– Secure data backup and disaster recovery systems
– Ongoing privacy awareness and cybersecurity training for staff
While we strive to protect your information, no system can be completely secure. We encourage you to use caution when disclosing personal data online.
7. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA) or other jurisdictions with differing data protection standards, we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses approved by the European Commission
– Compliance with regional regulations under adequacy decisions or certification mechanisms
You may contact us for more information regarding international transfers and the applicable safeguards.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, regulatory, accounting, or reporting requirements.
– Usage and Technical Data: retained for up to 12 months
– Account and Profile Data: retained for the duration of your customer relationship, plus up to 3 years after last interaction
– Transaction Data: stored for a minimum of 7 years for legal compliance
– Communication Data: retained for up to 18 months
– Preference Data: maintained until you withdraw your consent
Upon expiration of these periods, data will be securely deleted or anonymized.
9. Cookie Policy
We use cookies to enhance your experience, analyze site traffic, and improve our services. Our cookie categories include:
– Essential Cookies: required for website functionality (e.g., login, security)
– Functional Cookies: remember preferences and enhance usability
– Analytical Cookies: help us understand usage patterns and optimize performance
– Performance Cookies: monitor website performance metrics, like load time
10. Cookie Management and Compliance
You may manage or decline cookies at any time through your browser settings or our cookie consent tool, provided in compliance with GDPR and CCPA requirements. Cookies that are not strictly necessary will only be placed with your explicit consent.
Under CCPA, California residents may also opt out of the sale of personal data (note: we do not sell your personal data). For more information, contact [email protected] or refer to our Cookie Preferences link on lasfuentesinn.com.
11. Children’s Privacy
We do not knowingly collect or solicit personal information from children under the age of 13. If we become aware that such data has been collected without verified parental consent, it will be deleted. Parents or guardians with concerns may contact us directly at [email protected].
12. Policy Updates and Notification
We reserve the right to modify or update this Privacy Policy at any time. When changes occur, they will be posted on lasfuentesinn.com, and where required, we will notify you by appropriate means. Continued use of the website after such changes signifies acceptance of the updated policy.
13. Contacting Us
For questions, concerns, or to exercise your data protection rights, please contact our Data Protection Contact at:
Email: [email protected]
Website: https://lasfuentesinn.com
We are committed to maintaining your trust and ensuring your privacy. If you believe your data has been handled in a manner that is not compliant with applicable privacy laws, you have the right to lodge a complaint with a supervisory authority.
This Privacy Policy reflects our dedication to GDPR and CCPA compliance. For any inquiries about privacy or data usage, please reach out to us at [email protected].