PRIVACY POLICY
At Winter Park Resort (“we”, “us”, or “our”), accessible at https://www.winterparkresot.com, we are committed to respecting and protecting the privacy of our users. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you interact with our website and services. We are fully committed to handling personal data responsibly, transparently, and in accordance with applicable data protection regulations including the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction
We recognize the importance of privacy and are dedicated to maintaining the confidentiality and integrity of the personal data we process. This Privacy Policy demonstrates our commitment to safeguarding your information and ensuring transparency about how we process personal data.
2. Scope of This Policy and Role of Data Controller
This Privacy Policy applies to all users of our website, visitors, customers, and anyone who interacts with our digital services. Winter Park Resort, as the data controller, determines the purposes and means of processing personal data collected through winterparkresot.com. For inquiries relating to this policy or your personal data, you may contact us at [email protected].
3. Categories of Data Processed
We may collect, use, store, and transfer different categories of personal data, including:
A. Usage Data
Includes data related to how you use our website and services—such as IP address, browser type, referring URLs, device identifiers, session data, time zone settings, and website interactions.
B. Account Data
Includes identification details such as full name, residential or billing address, email address, telephone numbers, user credentials, and login IDs.
C. Profile Data
Includes your user profile history, preferences, interests, travel history, accommodation bookings, and behavioral activity on the website.
D. Communication Data
Includes your communications with us, such as customer support inquiries, email correspondence, live chat interactions, and notes from phone calls or complaint logs.
E. Technical Data
Includes device-specific information such as hardware identifiers, mobile operating systems, internet connection data, browser settings, and system diagnostics.
F. Transaction Data
Includes payment transaction details such as purchased services or products, payment methods (although we do not store full credit card numbers), billing details, delivery address, and transaction timestamps.
G. Preference Data
Includes data collected from your use of our marketing tools—such as indicated interests in certain resort services, promotional campaign responses, consent preferences for email or text communications, and survey responses.
4. Legal Bases for Processing
We process your personal data in accordance with GDPR and CCPA on the following legal bases:
– Contractual Necessity: Data required to perform our contract with you, such as reservations or service requests.
– Legitimate Interests: For legitimate business operations that do not override your rights and freedoms (e.g., enhancing website security, internal analytics, service improvement).
– Legal Obligation: Compliance with legal or regulatory requirements.
– Consent: Where you have expressly consented to our processing activities, particularly for marketing or third-party disclosures.
5. Your Data Protection Rights
You have the following rights in respect of your personal data:
– Right of Access: Request copies of your personal data held by us.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to legal or contractual obligations.
– Right to Restriction: Request limitation of data processing under specific conditions.
– Right to Data Portability: Receive your data in a structured, commonly used format to transfer to another provider.
– Right to Object: Object to processing based on our legitimate interests, including profiling or direct marketing.
To exercise any of the above rights or lodge a data-related concern, please email us at [email protected].
6. Security Measures
We implement industry-standard technical and organizational measures designed to protect your personal data from unauthorized access, misuse, or disclosure. These measures include:
– Encryption of data in transit and at rest
– Secure server infrastructure and firewalls
– Role-based access controls and authentication systems
– Regular security audits and penetration testing
– Staff training in data protection and privacy protocols
– Daily backups and disaster recovery protocols
7. International Data Transfers
Whenever your data is transferred outside the European Economic Area (EEA) or California, we ensure an adequate level of data protection. These safeguards may include:
– Use of European Commission-approved Standard Contractual Clauses (SCCs)
– Binding Corporate Rules (BCRs)
– Transfers to jurisdictions deemed adequate by relevant authorities
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Account and Profile Data: For the duration of your customer relationship and up to 3 years thereafter for legal obligations or dispute resolutions
– Transaction Data: Retained for up to 7 years in compliance with financial reporting rules
– Technical and Usage Data: Stored for analytics and security purposes for up to 24 months
– Communication Data: Retained for 3 years or until request for erasure
– Marketing Preference Data: Retained until you withdraw your consent or unsubscribe
In cases where data no longer serves a legitimate business need, it is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies to enhance user experience, deliver personalized content, and analyze traffic. The cookie categories we utilize include:
– Essential Cookies: Necessary for website functionality and secure login.
– Functional Cookies: Enable customization and improved usability.
– Analytic Cookies: Track usage patterns with tools such as Google Analytics; collected data is aggregated and anonymized.
– Performance Cookies: Help monitor system performance and identify bugs or issues.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we offer cookie consent mechanisms via a cookie banner on your first visit. You retain the right to accept or reject non-essential cookies. You may also manage your cookie preferences through your browser settings or visit our Cookie Settings link provided on winterparkresot.com. Do Not Track (DNT) signals are honored where technically feasible.
11. Children’s Privacy
Our services are not intended for children under the age of 13. We do not knowingly collect personal data from individuals under 13. If we become aware that a child has provided us with personal data without verifiable parental consent, we will take steps to delete such information promptly. Parents and guardians who believe that their child has submitted personal data may contact us at [email protected].
12. Policy Updates
We reserve the right to update this Privacy Policy as needed to reflect legal, technological, or operational changes. Users are encouraged to periodically review this policy to stay informed. Where applicable, we will notify you of material changes via our website or by direct electronic communication.
13. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details below:
Email: [email protected]
Website: https://www.winterparkresot.com
In all matters concerning your personal data, we adhere fully to data protection best practices and comply with all applicable local, national, and international privacy regulations.