Privacy Policy for Las Fuentes Inn
We maintain an unwavering dedication to protecting and preserving all personal data provided by our website visitors and service users, implementing robust and comprehensive security measures throughout our services and operations.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. In this role, we are responsible for implementing and maintaining robust data protection measures across all our operations and services.
We may process usage data (“usage data”), which comprehensively includes browser type, operating system, page views, navigation patterns, timing of visits, device information, and interaction metrics. This information is collected through automated logging systems, cookies, and analytics tools and may include duration of stay on pages, preferred amenities viewed, and booking patterns. The source of this data is our analytics software and website monitoring systems. We process this information for several important purposes, including improving website performance, enhancing user experience, analyzing booking trends, and optimizing our service offerings, which enables us to provide personalized recommendations, streamline the booking process, and enhance our accommodation services. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.
We may process account data (“account data”), which comprehensively includes name, email address, telephone number, postal address, booking history, payment information, and communication preferences. This information is collected through registration forms, booking systems, and direct communication and may include loyalty program participation, special requests, and preferred room types. The source of this data is the information you provide during account creation and subsequent interactions. We process this information for managing reservations, processing payments, communicating about bookings, and maintaining customer relationships, which enables us to provide seamless check-in services, personalized stay experiences, and efficient customer support. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process profile data (“profile data”), which comprehensively includes dietary preferences, room preferences, special assistance requirements, loyalty program status, and stay history. This information is collected through preference settings, feedback forms, and direct communications and may include anniversary dates, preferred amenities, and special occasion information. The source of this data is your voluntary submissions and previous stay information. We process this information for personalizing your experience, providing targeted offerings, maintaining service quality, and enhancing customer satisfaction, which enables us to deliver customized services, anticipate needs, and improve overall guest experience. The legal basis for this processing is our legitimate interests in providing personalized and enhanced services to our users.
Your Rights:
Right to Access: You have the right to obtain confirmation about whether we process your personal data and request copies of this data. This includes the ability to review what information we hold about you, verify the lawfulness of processing, and understand how your data is being used. To exercise this right, you can submit a written request through our designated data protection contact channels, specifying the information you wish to access. We will respond within 30 days and may require proof of identity, current address, and additional verification documents to protect your privacy.
Right to Rectification: You have the right to request correction of inaccurate personal data and complete any incomplete personal data we hold about you. This includes the ability to update contact information, correct booking details, and modify preference settings. To exercise this right, you can access your account settings online or contact our customer service team with specific correction requests. We will process valid requests within 15 days and may require supporting documentation, identity verification, and confirmation of changes.
Right to Erasure: You have the right to request the deletion of your personal data when there is no compelling reason for its continued processing. This includes the ability to remove account information, delete booking history, and withdraw consent for data processing. To exercise this right, you must submit a formal deletion request through our privacy portal or customer service channels. We will process valid requests within 30 days and may require account password, government-issued ID, and written confirmation of deletion request.
Right to Restrict Processing: You have the right to limit the ways in which we use your personal data when you have concerns about its accuracy or our processing methods. This includes the ability to pause promotional communications, limit data sharing, and temporarily freeze account processing. To exercise this right, you can adjust your privacy settings or submit a formal restriction request. We will implement restrictions within 7 days and may require account verification, specific restriction parameters, and confirmation of restriction scope.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and transmit this data to another service provider. This includes the ability to export booking history, transfer loyalty points, and move personal preferences to another platform. To exercise this right, you can request a data export through our secure portal or customer service channels. We will provide the data within 30 days and may require identity verification, destination service provider details, and format preferences.Data Processing and Security
We process Service Data which includes reservation details, guest preferences, room assignments, and special requests. This processing involves automated booking systems and manual staff input, enabling us to provide accommodation services and personalized guest experiences. For example, in the context of hospitality, this includes dietary requirements, check-in preferences, and room type selections. The legal basis for this processing is the performance of our service contract with guests, specifically the fulfillment of accommodation bookings and related services.
We process Technical Data which includes device information, IP addresses, browser types, and website interaction patterns. This processing involves automated logging systems and analytics tools, enabling us to maintain website functionality and improve user experience. For example, this includes monitoring page load times, analyzing navigation patterns, and optimizing booking workflows. The legal basis for this processing is our legitimate interest in providing and improving our digital services.
We process Communication Data which includes email correspondence, phone records, and customer service interactions. This processing involves customer relationship management systems and communication platforms, enabling us to respond to inquiries and maintain guest relationships. For example, this includes pre-arrival communications, special requests handling, and post-stay feedback. The legal basis for this processing is the fulfillment of guest services and our legitimate interest in maintaining customer relations.
We process Transaction Data which includes payment information, booking details, and purchase history. This processing involves secure payment gateways and booking management systems, enabling us to process reservations and maintain financial records. For example, this includes room charges, additional service purchases, and refund processing. The legal basis for this processing is the performance of our service contract and compliance with financial regulations.
We process Preference Data which includes marketing preferences, room preferences, and service customization choices. This processing involves preference management systems and guest profiles, enabling us to personalize guest experiences and communications. For example, this includes newsletter subscriptions, room location preferences, and amenity choices. The legal basis for this processing is consent and legitimate interest in providing personalized services.
Security Measures
Our comprehensive encryption protocols ensure end-to-end protection of your data, incorporating industry-standard algorithms and regular security updates to maintain data integrity. This includes regular security assessments and penetration testing by qualified professionals.
We implement multi-layered security infrastructure, including advanced firewalls and intrusion detection systems that continuously monitor for and prevent unauthorized access attempts. This infrastructure undergoes regular updates and enhancements.
Access to personal data is strictly controlled through role-based permissions, multi-factor authentication, and detailed access logs. We maintain comprehensive audit trails of all data access and modifications.
Our continuous monitoring systems provide real-time threat detection and automated response protocols, ensuring immediate action against potential security threats.
We maintain comprehensive backup procedures with encrypted offsite storage and regular recovery testing, ensuring data availability and integrity.
Regular third-party security audits verify our compliance with international security standards and best practices.
International Data Transfers
We may transfer your personal data to countries outside your jurisdiction. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses, Binding Corporate Rules, and approved certification mechanisms. Each international transfer is conducted under strict protocols that ensure:
– Adequate data protection standards
– Compliant processing procedures
– Enforceable data subject rights
– Effective legal remedies
International transfers are protected by EU Standard Contractual Clauses, Privacy Shield Framework, and ISO 27001 standards, ensuring compliance with GDPR and local data protection laws. We implement additional measures including:
– Regular compliance audits
– Data protection impact assessments
– Documented transfer mechanisms
– Continuous monitoring procedures
Regarding international transfers, you maintain specific rights including:
– Right to information about transfers
– Right to object to transfers
– Right to withdraw consent
– Right to data protection guarantees
Data Retention
We maintain specific retention periods for different data categories:
Account Information: 7 years after last activity to comply with business and tax regulations
Usage Data: 2 years for service improvement and analysis
Transaction Records: 7 years to meet financial and tax obligations
Communication History: 3 years for customer service and dispute resolution
Technical Logs: 1 year for security and performance monitoring
These retention periods are determined by:
– Legal requirements
– Business purposes
– Technical necessities
– User preferences
Special circumstances affecting retention:
– Legal obligations
– Dispute resolution
– Security investigationsCookie Policy for Las Fuentes Inn
Essential cookies serve fundamental functions for basic website operations at lasfuentesinn.com. These cookies process authentication tokens, session identifiers, and security parameters to enable core functionality. In our hospitality context, these cookies maintain your reservation details, room preferences, and secure login status throughout your booking process.
Functional cookies enhance your experience by remembering your preferences and selections. They process language choices, regional settings, and interface customizations to enable a personalized browsing experience. At Las Fuentes Inn, these cookies remember your preferred room types, special requests, and dietary preferences for future visits.
Analytics cookies help us understand how guests interact with our website. They collect anonymous data about page views, booking patterns, and feature usage to improve our services. For example, they track which room types are most viewed and how users navigate through our booking process.
Performance cookies assess and optimize website operation by monitoring technical metrics. They track load times, server response rates, and system performance to ensure smooth functionality. These cookies help us maintain fast booking processes and stable website performance during peak reservation periods.
Cookie Management
You can manage your cookie preferences through your browser settings, our cookie consent banner, or your account preferences. We respect your right to control your data and provide clear options for adjusting cookie settings.
GDPR Compliance
For our European Union guests, we implement strict data protection measures including explicit consent mechanisms, data minimization practices, and transparent processing procedures. We limit data collection to necessary information and maintain clear storage limitations.
CCPA Compliance
California residents are entitled to specific rights regarding their personal information, including the right to know what data we collect, request deletion, opt-out of data sales, and receive equal service regardless of privacy choices.
COPPA Compliance
We implement strict measures for users under 13, including age verification and parental consent requirements. We limit data collection from young users and provide special protection measures for any necessary information processing.
Privacy Updates and Changes
We regularly review and update our privacy practices to maintain compliance and protect user data. When significant changes occur, we notify users and obtain renewed consent where required.
Contact Information
For privacy-related inquiries:
Primary Contact: [email protected]
We respond to all privacy concerns within 48 hours and require verification for data-related requests.
This policy was created specifically for lasfuentesinn.com and covers all associated services within the hospitality industry.