Privacy Policy for FourSeasonsYosemite.com
At Four Seasons Yosemite (“we,” “us,” or “our”), accessible via fourseasonsyosemite.com (the “Website”), we are committed to respecting and protecting your privacy and safeguarding the personal data you entrust to us. This Privacy Policy explains how we collect, use, disclose, and protect your information when you interact with our Website. We maintain the highest standards of data protection in accordance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other applicable laws.
1. Commitment to Privacy and Data Protection
We value your fundamental rights to privacy, transparency, and data security. Our commitment is to manage your personal information lawfully, fairly, and transparently, ensuring your data is processed responsibly and only for legitimate purposes.
2. Scope of This Policy and Data Controller Responsibility
This Privacy Policy applies to all users of fourseasonsyosemite.com and any related services or digital platforms where this policy is posted or referenced. We act as the “Data Controller” under the GDPR and the “Business” under the CCPA for any personal data collected through our Website. For any data protection inquiries, you may contact us at [email protected].
3. Categories of Data We Process
We may collect and process various types of personal data, which include but are not limited to:
a. Usage Data:
Information about your interactions with our Website, such as IP address, browser type/version, operating system, device type, geographic location, web pages visited, referral URLs, session durations, and clickstream data.
b. Account Data:
When you create an account or make a purchase, we collect data such as your full name, billing/shipping address, phone number, and email address.
c. Profile Data:
Includes preferences, user behavior on the Website, previous bookings, accommodation interests, and survey responses.
d. Communication Data:
Includes your communications with us via contact forms, email threads (including via [email protected]), customer service interactions, and support tickets.
e. Technical Data:
Comprises device-specific information, system settings, operating system versions, language preferences, and unique device identifiers.
f. Transaction Data:
Includes payment details (processed securely via external providers), service history, booking reference numbers, invoices, and delivery or fulfillment data.
g. Preference Data:
Includes marketing consents, newsletter subscriptions, and information on your preferred products or service categories.
4. Legal Bases for Processing Personal Data
We process personal data only when we have a valid legal basis under applicable data protection laws. Depending on your interaction with our Website, processing may be based on:
– Your consent (e.g., subscribing to a newsletter),
– The performance of a contract (e.g., booking a room or activity),
– Our legitimate interests (e.g., improving service performance or marketing analysis),
– Legal obligations (e.g., tax reporting, compliance).
5. Your Rights Under GDPR and CCPA
Subject to applicable laws, you have the following rights regarding your personal data:
– Right of Access: You can request information about the personal data we hold about you.
– Right to Rectification: You can request correction of inaccurate or incomplete data.
– Right to Erasure: You can request deletion of your personal data where no valid reason exists for its continued processing.
– Right to Restriction: You can request us to limit the processing of your data in certain circumstances.
– Right to Data Portability: You can request that your data be provided in a structured, commonly used, machine-readable format.
– Right to Object/Opt-Out: You can object to the use of your data for direct marketing or where processing relies on our legitimate interests.
– Right Not to Be Subject to Automated Decision-Making: We do not use your data for profiling or automated decision-making.
– Right Not to Be Discriminated Against for Exercising Rights: We provide equal service regardless of your privacy choice selections.
To exercise any of these rights, contact us at [email protected].
6. Security Measures
We implement robust technical and organizational measures to secure your personal data from unauthorized access, disclosure, alteration, or destruction. These include, but are not limited to:
– Encryption of data in transit and at rest,
– Access controls based on need-to-know principles,
– Regular data privacy and security training for staff,
– Secure server and firewall architecture,
– Routine monitoring, logging, and auditing of systems.
7. International Data Transfers
Where applicable, your data may be transferred across borders to service providers or affiliates outside of your jurisdiction, including to countries that may not offer equivalent data protections. In these cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally acceptable mechanisms.
8. Data Retention
We retain personal information only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods include:
– Booking and transaction records: Retained for 7 years for tax and financial record-keeping,
– Communication and support data: Retained for 2 years post-interaction,
– Email marketing preferences: Retained until you withdraw consent,
– Technical and usage data: Retained for up to 12 months for analytics and security purposes,
– Account Data: Retained until the account is closed, and then archived securely or deleted in accordance with retention standards.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience and collect information about the use of our Website. Types of cookies used include:
– Essential Cookies: Required for core functionality of the Website (e.g., login, cart management).
– Functional Cookies: Enable personalization features such as language preferences and remembered settings.
– Analytics Cookies: Help us understand web traffic patterns, user behaviors, and improve navigation.
– Performance Cookies: Measure performance metrics such as page loading times and usability enhancements.
10. Cookie Management and Compliance with GDPR & CCPA
You have the right to manage your cookie preferences through our cookie banner and browser settings. Upon first visit, users are presented with a cookie consent option in compliance with GDPR. Additionally, California residents may opt out of the “sale” of their personal data, if applicable, consistent with CCPA definitions.
You may adjust or revoke your cookie consent at any time by modifying your browser settings or visiting our Cookie Preferences page.
11. Protections for Children under 13
Our Website is not intended for children under the age of 13. We do not knowingly collect or solicit personal data from anyone under the age of 13. If you believe a child has submitted personal information to us without appropriate parental consent, please contact us immediately at [email protected] so we may delete the data.
12. Changes to This Privacy Policy
We reserve the right to amend or update this Privacy Policy at our discretion. Any material changes will be communicated via prominently placed notices on the Website. We encourage you to review this page periodically to stay informed about how we are protecting your privacy.
13. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: https://www.fourseasonsyosemite.com
We are fully committed to compliance with privacy laws and to responding promptly to any concerns. Thank you for placing your trust in Four Seasons Yosemite.