Privacy Policy for Winter Summer Inn
At Winter Summer Inn (“we,” “us,” or “our”), accessible via wintersummerinn.com, we place the highest priority on the privacy and protection of your personal data. This Privacy Policy outlines how we collect, use, store, and share personal information when you interact with our website, services, and features. We are committed to safeguarding your privacy in line with applicable legal standards, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
Respect for your privacy is fundamental to how we operate. Whether you are browsing our site, making a reservation, or contacting our team, you can trust that your data is handled with diligence and care. We adopt industry-standard practices and observing strict compliance protocols to prevent misuse, unauthorized access, and disclosure of personal data.
2. Scope and Role as Data Controller
This Privacy Policy applies to all processing of personal data through wintersummerinn.com and related communications, and governs how we treat data related to users, customers, and visitors from all jurisdictions.
Winter Summer Inn acts as the data controller for any personal data collected via our website or through direct interactions with you. We determine the purposes and means of processing your personal data.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data, depending on your interactions with us:
a. Usage Data
Includes details such as browser type, IP addresses, access times, referring URLs, session logs, pages visited, clickstream data, and website behavior analytics.
b. Account Data
Includes your name, billing and/or shipping address, email address, telephone number, account credentials, and authentication data when you register on wintersummerinn.com or complete booking forms.
c. Profile Data
Includes your booking preferences, accommodation history, preferred communication channels, special requests, interests, and behavioral patterns on the site.
d. Communication Data
Includes the content of any queries, messages, or complaints you send to [email protected], along with metadata relating to such communications (timestamps, frequency, resolution history).
e. Technical Data
Includes information about the device you use to access our website, including operating system, device identifiers, local time zone, browser configurations, screen resolution, and diagnostic reports.
f. Transaction Data
Includes payment data (anonymized or tokenized by our payment processors), invoice records, shipping instructions, and booking confirmations.
g. Preference Data
Includes your selections regarding marketing communications, email subscription status, consent for cookies and tracking, and stated preferences for products and services.
4. Legal Bases for Processing Personal Data
We rely on the following lawful bases under the GDPR and analogous provisions under the CCPA to process your personal data:
– Consent: When required, we seek your approval before collecting or using certain personal data (e.g., marketing preferences, non-essential cookies).
– Contractual Necessity: To fulfill booking requests, provide customer support, and deliver services you have requested.
– Legitimate Interests: For website security, fraud detection, service improvement, internal analytics, and to respond to enquiries, always balanced with your rights.
– Legal Obligation: To comply with applicable laws, tax regulations, court orders, and enforcement agency requests.
5. Your Rights as a Data Subject
You are entitled to the following rights, which can be exercised by contacting us at [email protected]:
– Right of Access: Obtain a copy of your personal data and information regarding how it is processed.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Also known as the “right to be forgotten,” under certain conditions.
– Right to Restriction of Processing: Temporarily suspend processing activities.
– Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format to transmit it to another controller.
– Right to Object: Object to specific processing based on legitimate interests or direct marketing.
– Right to Withdraw Consent: At any time without affecting the lawfulness of processing based on prior consent.
– Right to Non-Discrimination (CCPA): You will not be denied services or charged different rates for exercising your rights.
6. Security Measures
We implement a variety of administrative, physical, and technical safeguards to maintain the integrity and confidentiality of your data. These include:
– End-to-end encryption of sensitive data in transit and at rest
– Role-based access control and authentication protocols
– Firewalls, anti-malware tools, and monitored server environments
– Regular security audits, vulnerability assessments, and penetration testing
– Systematic employee training on data privacy principles and secure handling
7. International Data Transfers
Your personal data may be transferred to and stored in jurisdictions outside your country of residence, including countries outside the European Economic Area (EEA). Where required, we apply appropriate safeguards such as the European Commission’s Standard Contractual Clauses, approved adequacy decisions, and binding corporate rules to ensure your data remains protected in accordance with applicable law.
8. Data Retention Policy
We retain personal data only for as long as necessary for the purposes outlined in this Policy:
– Account and Booking Data: Retained for up to 7 years for legal and administrative purposes.
– Communication & Support Records: Retained for 24 months post-resolution.
– Marketing and Preference Data: Retained until you withdraw consent or request deletion.
– Usage and Analytics Data: Retained for up to 12 months to monitor performance and enhance services.
9. Cookie Policy
Our website, wintersummerinn.com, uses cookies and similar technologies to enhance user experience, analyze site performance, and facilitate bookings. Categories of cookies include:
– Essential Cookies: Necessary for core website operations, such as session management and secure log-ins.
– Functional Cookies: Enable enhanced functionality like remembering user preferences.
– Analytics Cookies: Help us understand user behavior through aggregated usage statistics (e.g., Google Analytics).
– Performance Cookies: Monitor website responsiveness and identify areas of improvement.
We do not use cookies to collect sensitive personal information without your explicit consent.
10. Cookie Management & Compliance
You can manage or withdraw cookie consent at any time via the cookie preferences banner displayed on your first visit or through browser settings. We honor “Do Not Track” signals and are compliant with applicable cookie laws under the GDPR and CCPA. More information on opting out of tracking technologies is available in your browser support documentation or via industry tools such as the Network Advertising Initiative (NAI).
11. Children’s Privacy
Our services are not intended for children under the age of 13. We do not knowingly collect or process personal information from individuals under 13 years of age. If we discover that such data has been collected without verified parental consent, it will be deleted promptly. If you believe we have collected personal data from a minor, please contact us at [email protected].
12. Policy Updates
We may revise this Privacy Policy periodically to reflect legal, operational, or technological changes. Any updates will be posted on wintersummerinn.com, and where material, we will notify you through appropriate channels. Continued use of our website after changes signifies your acceptance of those updates.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or need assistance regarding your personal information, please email us directly at:
We remain committed to maintaining your trust through responsible data practices and full transparency regarding your rights. You can rest assured that wintersummerinn.com meets and upholds the data protection obligations required by global privacy regulations including the GDPR and CCPA.