Privacy Policy for HyltonCastle.com
1. Introduction
At HyltonCastle.com, we are firmly committed to safeguarding your privacy and ensuring the protection of your personal data. This Privacy Policy sets forth how your information is collected, used, stored, and protected in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We believe privacy is a fundamental right, and we strive to manage your information transparently and responsibly.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through your use of our website, hyltoncastle.com (“Site”), and associated services. HyltonCastle.com is the data controller responsible for the processing of personal data as described in this Policy. For inquiries related to this policy or your personal data, you may contact us at [email protected].
3. Categories of Data Processed
In the course of using our Site and services, we may collect and process the following categories of personal data:
a) Usage Data:
Information about how you interact with the Site, including IP address, browser type, device information, access times, pages viewed, and referring URLs.
b) Account Data:
Information you provide when registering for an account or making a booking, such as your name, postal address, email address, and phone number.
c) Profile Data:
Information you provide voluntarily or generated from your activity on the Site, such as preferences, event bookings, history of interactions, and feedback.
d) Communication Data:
Records of inquiries, support requests, complaints, and other correspondence between you and our team, including contact history.
e) Technical Data:
Device-specific data such as operating system, hardware model, system configuration, browser plugins, and mobile network information.
f) Transaction Data:
Details of purchases or bookings via the Site, including payment method, billing details, and delivery or event access information.
g) Preference Data:
Information relating to your communication preferences, consent to marketing, and your expressed interests in specific products, services, or features.
4. Legal Bases for Processing
Under GDPR, we only process personal data when we have a lawful basis, which may include:
– Consent: When you give clear consent to process your personal data for a specific purpose (e.g., marketing subscriptions).
– Contractual Necessity: To perform a contract with you or take pre-contractual steps at your request.
– Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our Site, preventing fraud, and ensuring security, provided those interests do not override your rights.
– Legal Obligation: Where required to comply with applicable legal or regulatory obligations.
5. Your Rights
Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:
– Access: You may request access to your personal data held by us.
– Rectification: You may request correction of inaccurate or incomplete data.
– Erasure: You may request deletion of your personal data where legally permitted.
– Restriction: You may request limitation of how your personal data is processed.
– Portability: You may request a copy of your data in a portable format.
To exercise any of these rights, please contact our Data Privacy Officer at [email protected].
6. Security Measures
We implement robust technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, unlawful processing, and disclosure. These measures include:
– Data encryption protocols;
– Secure user authentication methods;
– Role-based access control;
– Regular system security audits and backups;
– Staff training on data protection and confidentiality.
7. International Transfers
Where your personal data is transferred outside the European Economic Area (EEA) or your jurisdiction, we ensure appropriate safeguards are in place consistent with data protection laws. These safeguards may include the use of Standard Contractual Clauses (SCCs), certification mechanisms, or adherence to relevant regulatory standards.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, comply with legal obligations, resolve disputes, or enforce agreements. Specific guided retention periods include:
– Usage Data: Retained for up to 12 months for analytics and security;
– Account & Profile Data: Kept for the duration of your account and 24 months after closure;
– Communication Data: Retained for 3 years from the last contact;
– Transaction Data: Retained for 7 years for financial compliance;
– Preference Data: Retained for as long as consent is valid or until opt-out is exercised.
9. Cookie Policy
We use cookies and similar tracking technologies on hyltoncastle.com to enhance user experience, maintain essential functionality, and gather insights into user interactions. Cookies used include:
– Essential Cookies: Required for site operation and security;
– Functional Cookies: Allow site personalization (such as language or region);
– Analytics Cookies: Help us understand user behavior and improve performance;
– Performance Cookies: Monitor performance metrics including page load times.
These cookies do not collect personally identifiable information unless explicitly provided by you.
10. Cookie Management and GDPR & CCPA Compliance
You can manage or withdraw your cookie consent at any time through your browser settings or our on-site cookie banner. Under GDPR and CCPA, you have the right to:
– Refuse non-essential cookies;
– Request disclosure of third-party cookie usage;
– Opt-out of the sale of personal information (under CCPA);
– Exercise control over your personal data shared via cookies.
Please refer to your browser’s help section for detailed steps to disable cookies or visit the cookie settings interface provided on our Site.
11. Protection of Children
HyltonCastle.com does not knowingly collect or solicit personal information from children under the age of 13. We take special precautions to comply with applicable laws such as the Children’s Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe that your child has provided information to us without your consent, please contact us at [email protected] so that we can take appropriate action.
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in legal requirements, technological advancements, or our operational practices. When significant changes are made, we will notify users via a prominent notice on hyltoncastle.com or via direct communication where feasible. Continued use of the Site after such notice constitutes your acceptance of the revised policy.
13. Contact Us
If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
We are committed to complying with applicable privacy laws and maintaining the highest standards of data stewardship. If you have any concerns regarding your personal data or our privacy practices, please don’t hesitate to reach out.