Privacy Policy

This Privacy Policy describes how Lux Vacation deals (“we”, “us”, or “our”) collects, uses, stores, and shares information when you use our websites, applications, and related travel services (collectively, the “Services”). By using the Services, you agree to this policy. If you do not agree, please do not use the Services.

1. Who we are

The Services are operated on behalf of Lux Vacation deals. For privacy requests, contact us using the details at the end of this policy.

2. Information we collect

Depending on how you use the Services, we may collect:

• Account and profile data — name, email address, phone number, password (stored securely), and preferences you provide when you register or update your profile.
• Booking and transaction data — travel dates, destinations, occupancy, special requests, payment status, and records related to reservations, Vacation Deals / credits, invoices, and customer support.
• Payment information — card or wallet details are processed by our payment partners (for example, Stripe or other gateways we enable). We typically receive limited payment metadata (such as last four digits, brand, and transaction references), not full card numbers stored on our servers.
• Device and usage data — IP address, browser type, device identifiers, pages viewed, referring URLs, and approximate location derived from IP for fraud prevention, security, and analytics.
• Communications — messages you send via forms, email, or chat, including contact requests and support tickets.
• Cookies and similar technologies — as described in our Cookie Policy.

3. How we use information

We use the information above to:

• Provide, personalize, and improve the Services (search, booking flows, Vacation Deal credits, and redemption).
• Process payments, prevent fraud, and meet legal and accounting obligations.
• Authenticate users, maintain security, and detect abuse.
• Send service-related notices (bookings, receipts, password resets) and, where permitted, marketing you can opt out of.
• Analyze usage in aggregate to improve performance and product experience.
• Comply with applicable law and respond to lawful requests from authorities.

4. Legal bases (EEA/UK users)

Where GDPR applies, we rely on appropriate bases such as: performance of a contract, legitimate interests (security, analytics, product improvement), consent (cookies/marketing where required), and legal obligation.

5. Sharing of information

We may share information with:

• Travel suppliers and partners — hotels, tour operators, distributors, and incentive partners as needed to fulfill bookings and redemptions.
• Service providers — hosting, email delivery, analytics, payment processing, fraud screening, and customer support tools, under confidentiality and data-processing terms.
• Your organization — where accounts are associated with a business or tenant, limited information may be visible to authorized administrators of that organization.
• Legal and safety — when required by law, court order, or to protect rights, safety, and integrity of users and the Services.
• Business transfers — in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

We do not sell your personal information for money as commonly understood in U.S. state privacy laws.

6. International transfers

We may process data in the United States and other countries where we or our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA/UK/Switzerland.

7. Retention

We retain information as long as needed to provide the Services, meet legal, tax, and accounting requirements, resolve disputes, and enforce agreements. Retention periods vary by data category and jurisdiction.

8. Security

We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we encourage strong passwords and protecting your account credentials.

9. Your rights and choices

Depending on where you live, you may have the right to:

• Access, correct, or delete certain personal information.
• Object to or restrict certain processing, or request portability where applicable.
• Withdraw consent where processing is consent-based.
• Opt out of certain “sales” or “sharing” for cross-context behavioral advertising where U.S. state law applies (we limit such uses as described above).
• Lodge a complaint with a supervisory authority (EEA/UK).

To exercise rights, contact us using the details below. We may verify your request as permitted by law.

10. Children

The Services are not directed to children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

11. Third-party sites

Our Services may link to third-party websites or embed partner content. Their privacy practices are governed by their own policies; we are not responsible for those sites.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the effective date. Continued use of the Services after changes means you accept the updated policy, to the extent permitted by law.