Privacy Policy
Effective Date: December 9, 2024
Introduction
Luxestay (“we,” “our,” or “us”) is committed to protecting your personal information and respecting your privacy in compliance with global data protection laws, including the GDPR, CCPA, NDPA (2023), and other applicable privacy regulations.
This Privacy Policy explains how we collect, use, share, and protect your personal data and outlines your rights regarding its use. By accessing or using Luxestay’s services, you agree to this policy.
1. Scope
- Applies to all users of Luxestay’s platform, including hosts, travellers, property buyers, and vendors.
- Covers personal data collected through our website, mobile applications, and related services.
- Ensures fairness and transparency for all users globally.
2. Data Controller and Local Representatives
Luxestay operates as the Data Controller under GDPR Article 4(7). For jurisdictions requiring local representation, we appoint representatives to comply with local laws.
3. What Data We Collect
3.1 Personal Information You Provide
- Account details (name, email, phone number, password).
- Transaction details (payment info and booking history).
- Identity verification documents (e.g., government-issued ID).
- Communication records (queries, complaints, feedback).
3.2 Automatically Collected Information
- Device info (IP, browser type, OS).
- Usage data (session duration, clicks, interactions).
- Cookies and tracking technologies (analytics, advertising).
3.3 Third-Party Information
- From payment processors, analytics partners, and public sources.
4. Legal Bases for Processing Personal Data
| Legal Basis | Description |
|---|---|
| Consent | Data processed with explicit consent (e.g., marketing, cookies). You can withdraw consent anytime. |
| Contractual Necessity | Required to perform contracts, such as bookings and transactions. |
| Legal Obligation | To comply with tax, AML, and other legal requirements. |
| Legitimate Interests | Improving services, fraud detection, and analytics with respect for your rights. |
5. How We Use Your Information
- To process bookings, payments, and property listings.
- To personalize user experience with tailored content.
- To communicate service updates, offers, and policy changes.
- To comply with legal requirements and prevent fraud.
6. Data Sharing
- Shared with service providers (payment, storage, analytics).
- Disclosed when required by law or for fraud prevention.
- International transfers secured via Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs).
7. Data Retention
Personal data is retained only as long as necessary:
- Booking records — 7 years.
- Marketing preferences — until consent withdrawal.
8. Your Rights
- Access — request a copy of your data.
- Correction — fix inaccuracies.
- Deletion — request deletion subject to legal exceptions.
- Objection — opt-out of specific processing activities.
9. Security Measures
- Encryption (TLS) for data in transit and at rest.
- Multi-factor authentication (MFA).
- Regular security audits and access controls.
- ISO/IEC 27001 compliance and secure backups.
11. Cross-Border Compliance
Luxestay complies with international data protection laws, including GDPR (EU), CCPA (USA), and NDPA (Nigeria).
12. Updates to This Policy
We may revise this policy periodically. Major updates will be communicated via email or platform announcements.
13. Contact Information
For questions or to exercise your data rights, please contact:
Email: info@luxestay.com