Privacy Policy for lews-castle.com
1. Introduction
Lews Castle (“we,” “us,” or “our”) operates lews-castle.com and is fully committed to safeguarding the privacy and personal data of all its users and visitors. We recognize the importance of privacy and data protection as fundamental rights and are dedicated to handling your personal information with care, transparency, and in full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and store your personal data, and what rights you have in relation to that information.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through your use of lews-castle.com, including any services and features offered on or through the site. Lews Castle acts as the “data controller” under applicable data protection laws for personal data collected via this website. As data controller, we determine the purposes and means of processing your information.
3. Categories of Personal Data We Process
We process various categories of personal data depending on your interaction with our website and services:
a) Usage Data:
– Information about how you interact with our website, including IP address, browser type and version, device model, language preferences, time zone settings, referring URLs, and browsing paths.
b) Account Data:
– Personal identifiers and contact information, including your full name, email address, mailing address, and phone number, typically collected when you create an account or book services.
c) Profile Data:
– Information about your preferences, past bookings or purchases, behavior on the website, and other data used to personalize content or improve user experience.
d) Communication Data:
– Records of any correspondence you have with us, including support inquiries, messages sent through the website, and interaction history with our customer service team.
e) Technical Data:
– Device-specific data gathered via cookies or server logs, such as operating system details, browser configuration, screen resolution, and system performance metrics.
f) Transaction Data:
– Details of bookings or purchases made through our website, including billing and shipping information, payment method, and transaction history (excluding full card numbers, which are handled by PCI-DSS compliant services).
g) Preference Data:
– Marketing and communication preferences, opt-in/out records, and information about your interests in our offerings.
4. Legal Bases for Processing Personal Data
Under European and California privacy laws, we use the following lawful bases to process your information:
– Contractual Necessity: When processing is necessary to fulfill a service or transaction you request (e.g., completing a booking).
– Consent: When you have clearly given us permission to process your data for specific purposes (e.g., email marketing).
– Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights (e.g., analytics to improve our services).
– Legal Obligation: When processing is required to comply with legal or regulatory obligations.
5. Your Rights
Under GDPR and CCPA, you have rights concerning the personal data we hold about you. These include:
– Right of Access: Obtain confirmation and a copy of your personal data.
– Right to Rectification: Correct incomplete or inaccurate data.
– Right to Erasure: Request deletion of your data, subject to legal exceptions.
– Right to Restrict Processing: Request a temporary or permanent halt to the processing of some or all of your data.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format or request its direct transfer to another controller.
– Right to Object: Object to processing based on legitimate interests or for marketing purposes.
– Right to Opt-Out (CCPA): California residents may request that we do not sell or share their personal information.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement industry-standard security protocols to protect your data. These include:
– Encryption of data in transit and at rest.
– Role-based access management and multi-factor authentication.
– Secure server environments and regular vulnerability assessments.
– Periodic data backups to prevent loss.
– Staff training in data protection and privacy best practices.
7. International Transfers
Your personal data may be transferred to, stored in, or processed outside your country of residence, including in countries that may not provide equivalent levels of data protection. Where applicable, we rely on Standard Contractual Clauses or other lawful data transfer mechanisms to ensure adequate safeguards in accordance with GDPR and similar standards.
8. Data Retention
We only retain your personal data for as long as necessary for the purposes outlined in this Policy and to comply with legal, regulatory, accounting, or reporting requirements. Specifically:
– Usage and technical data: Retained for 12 months.
– Account and profile data: Retained for the life of your account and up to 7 years after termination.
– Communication data: Retained for up to 5 years from the latest contact.
– Transactional data: Retained for regulatory and tax compliance up to 7 years.
– Marketing preference data: Retained until you withdraw consent or opt out.
9. Cookie Policy
Lews-castle.com uses cookies and similar tracking technologies to enhance user experience, collect website statistics, and facilitate marketing efforts.
Types of cookies include:
– Essential Cookies: Required for functionality such as logging in and processing bookings.
– Functional Cookies: Remember your preferences and settings (e.g., language).
– Analytics Cookies: Collect aggregate data on how visitors use the site, helping us improve performance.
– Performance and Advertising Cookies: Used to deliver relevant promotional content and measure the effectiveness of marketing campaigns.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, you will be offered a clear and granular choice to accept or reject cookies (other than essential cookies) upon visiting our site. You can manage cookie preferences at any time through your browser settings or through the cookie management tool available on lews-castle.com. California residents may further opt out of the sale or sharing of personal data by submitting a verifiable request via [email protected].
11. Children’s Privacy
Lews Castle does not knowingly collect, maintain, or process personal data from individuals under the age of 13. If we become aware that personal data has been collected inadvertently from a child under 13 without parental consent, we will take immediate steps to delete the information. Parents or guardians who believe we may have collected such data should contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, our services, or data processing practices. Where such changes are material, we will notify users by posting a corresponding notice on lews-castle.com or by contacting you via email if appropriate.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: [email protected]
Website: https://lews-castle.com
We are committed to maintaining full compliance with applicable data protection laws and to keeping your information safe, transparent, and secure. Please reach out to us with any privacy-related inquiries or concerns.