Privacy Policy

Last updated: December 28, 2025

At Beach Luxe Vacation ("we," "us," "our," or "the Company"), we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, share, and protect your information when you visit our website www.beachluxevacation.com (the "Website") or use our services (the "Service").

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) where it applies to individuals in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK); the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents; the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws for Canadian residents; and other relevant US state privacy laws.

By using our Service, you agree to the collection and use of your information as described in this policy.

1. Who We Are (Data Controller)

Beach Luxe Vacation is the data controller responsible for your personal data.

Contact details:

• Address: 111-112 Beach Lane, West Bay Street, Nassau, Bahamas
• Email: concierge@beachluxevacation.com
• Phone: +1 (786) 297-7871

If you have any questions about this policy or how we handle your data, please contact us using the details above.

2. Personal Data We Collect

We may collect the following types of personal data:

• Contact and identity data: First name, last name, email address, phone number, billing and shipping address including city, state or province, and ZIP or postal code.
• Payment data: Processed through third-party payment providers. We do not store full payment card details.
• Account data: Information you provide when creating an account through our Firebase authentication system, such as email address and authentication credentials. Firebase handles authentication securely and their privacy practices are governed by Google's Privacy Policy.
• Usage data: IP address, browser type and version, device type, operating system, pages visited, time and date of visits, time spent on pages, unique device identifiers, and other diagnostic data.
• Tracking data: Information collected via cookies, web beacons, and similar technologies. See Section 8 for more details.

We collect this data directly from you when you book a vacation, contact us, or create an account, or automatically as you use our Website.

We do not collect sensitive personal information such as racial or ethnic origin, health data, or biometric data unless necessary and with your explicit consent where required.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

• To provide and maintain our Service, including processing bookings and reservations.
• To manage your account and registration through our Firebase authentication system.
• To perform contracts, including fulfilling vacation bookings or purchases.
• To communicate with you, including sending confirmations, updates, and responses to inquiries.
• To send marketing communications about similar products, services, offers, or events, only where you have consented or where permitted by law.
• To analyze usage, improve our Website and services, and monitor performance.
• For security, fraud prevention, and legal compliance.
• In connection with business transfers, such as mergers or acquisitions.

Legal Bases for Processing under GDPR, PIPEDA, and similar laws where applicable:

• Performance of a contract with you, such as processing bookings.
• Your consent, such as for marketing emails.
• Our legitimate interests, such as improving the Website and fraud prevention, provided these do not override your rights.
• Compliance with legal obligations.

4. Sharing and Disclosure of Your Personal Data

We may share your data with:

• Service providers: Third parties who help us operate the Service, including payment processors like Fygaro, hosting providers, analytics tools, email services, and Firebase for authentication services. These providers are contractually required to protect your data and use it only for the services they provide to us.
• Business partners or affiliates: For joint offers or services, only with your consent where required.
• In business transfers: During mergers, acquisitions, or asset sales.
• Legal authorities: When required by law, court order, or to protect our rights, safety, or property.

We use Fygaro for payment processing. Their Privacy Policy is available at: https://www.fygaro.com/en/w/privacy/.

We use Firebase Authentication, provided by Google, for account management and authentication services. Firebase's privacy practices are governed by Google's Privacy Policy, available at: https://policies.google.com/privacy.

Sale or Sharing of Personal Data under CCPA/CPRA and similar US state laws:

We do not sell your personal data for money. However, certain sharing of data with analytics or advertising partners via cookies may be considered "sharing" for targeted advertising under some laws. We do not share personal data for cross-context behavioral advertising.

International Transfers: Your data may be processed or transferred outside the Bahamas, Canada, or your country of residence, including to the US or EU. Where required under GDPR or PIPEDA, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.

5. Data Retention

We keep your personal data only as long as necessary for the purposes described, or as required by law, such as for tax or accounting records. Usage data is generally retained for a shorter period, except where needed for security, functionality improvements, or legal reasons. Once no longer needed, we securely delete or anonymize your data.

6. Your Rights

Your rights vary by jurisdiction, but generally include:

• Access
• Correct/Rectify
• Delete/Erase
• Opt-out
• Object/Restrict
• Data portability
• Withdraw consent
• Non-discrimination

For California residents under CCPA/CPRA: Additional rights include opting out of sale or sharing, though we do not sell data, limiting sensitive data use, and knowing categories shared for business purposes.

For Canadian residents under PIPEDA: Rights to access, challenge accuracy, and complain to the Office of the Privacy Commissioner of Canada.

For EU/UK residents under GDPR: As previously detailed, including the right to lodge a complaint with a supervisory authority.

To exercise any rights, contact us using the details in Section 1. We will respond within the required timeframe, such as 45 days under CCPA or one month under GDPR.

You can opt out of marketing at any time via unsubscribe links or by contacting us.

7. Do Not Sell or Share My Personal Information (CCPA/CPRA and Similar Laws)

We do not sell your personal data. If practices change, we will update this policy and provide a clear "Do Not Sell or Share My Personal Information" link on our homepage.

8. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to improve your experience, analyze usage, and deliver personalized content.

Types of cookies we use:

• Necessary/Essential Cookies: Required for the Website to function, including authentication and security.
• Preference/Functionality Cookies: Remember your choices, such as language preferences and login details.
• Analytics/Performance Cookies: Help us understand how visitors use the Website.

You can manage cookies through your browser settings or our cookie consent tool. Rejecting non-essential cookies may affect Website functionality.

9. Children's Privacy

Our Service is not intended for children under 13, or 16 in some jurisdictions. We do not knowingly collect personal data from children under these ages without parental consent. If we discover such data has been collected, we will delete it promptly. Parents or guardians should contact us if concerned.

10. Security of Your Data

We implement appropriate technical and organizational measures to protect your data. However, no internet transmission or electronic storage is 100% secure.

11. Links to Third-Party Websites

Our Website may link to external sites. We are not responsible for their content or privacy practices. Please review their policies.

12. Changes to This Privacy Policy

We may update this policy periodically, at least annually where required. Significant changes will be communicated via email or a prominent notice on our Website. The "Last updated" date reflects the latest version.

13. Contact Us

For questions, concerns, rights requests, or complaints, contact us at the details in Section 1.

Thank you for trusting Beach Luxe Vacation with your personal information.