Privacy Policy
At Nigi Nigi Boracay (niginigiboracay.com), we recognize the importance of safeguarding your personal data and protecting your privacy. We are fully committed to maintaining the confidentiality, integrity, and security of information entrusted to us by our guests, clients, and website visitors. This Privacy Policy outlines how we collect, use, disclose, and protect your information in compliance with applicable privacy laws, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction
Your privacy is important to us. This Privacy Policy provides a detailed explanation of how Nigi Nigi Boracay processes personal data collected through our website, niginigiboracay.com, and other related services. Our approach follows a privacy-first principle, ensuring your rights are honored and your information is managed securely and lawfully.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all users of our website, prospective guests, and individuals interacting with Nigi Nigi Boracay through digital or physical channels. The data controller responsible for the processing of your personal data is Nigi Nigi Boracay. For any inquiries related to this policy, you may contact us at [email protected].
3. Categories of Personal Data Processed
We process various categories of personal data depending on how you interact with our services:
a) Usage Data
We collect data related to how you access and use our website including browser type, IP address, time zone settings, session information, device identifiers, and pages visited.
b) Account Data
If you create an account, book a stay, or otherwise engage our services, we may collect your full name, billing and residential address, email address, and contact telephone number.
c) Profile Data
Information about your preferences, previous purchases, reservation history, dining or room preferences, and behavioral interactions across our digital platforms.
d) Communication Data
Records of your interactions with our customer support (via forms or email), inquiries, and any feedback or complaints submitted to us.
e) Technical Data
Information from your device and systems, including operating system, internet protocol details, mobile identifiers, and configuration data to troubleshoot technical issues.
f) Transaction Data
Details about your payments to and from us, room reservations, purchase orders, and information necessary for fulfilling services such as delivery instructions or booking confirmations.
g) Preference Data
Information you provide regarding marketing preferences, newsletter opt-ins, and product or service interests.
4. Legal Bases for Processing Personal Data
We process personal data under the following lawful bases:
– Consent: Where required by law (e.g., for marketing communications), we process your information upon obtaining your explicit consent.
– Contractual Necessity: To perform the agreements we have with you, such as room reservations, communications regarding bookings, or payment processing.
– Legal Obligation: Certain data is processed to comply with legal or regulatory requirements.
– Legitimate Interests: For business operations, security enhancement, service optimization, fraud prevention, and client relationship management, balanced against your fundamental rights and freedoms.
5. Your Rights Under GDPR and CCPA
Depending on your jurisdiction, you have the following rights with respect to your personal data:
– Right to Access: You may request confirmation and a copy of your personal data we hold.
– Right to Rectification: You have the right to request correction of any inaccurate or incomplete information.
– Right to Erasure (“Right to be Forgotten”): In certain circumstances, you may request the deletion of your personal data.
– Right to Restrict Processing: You can ask us to suspend processing of your information under particular conditions.
– Right to Data Portability: You may request to receive your data in a structured format and have it transferred to another data controller.
– Right to Object: You have the right to object to the processing of your data for direct marketing purposes or on grounds relating to your particular situation.
– Right to Non-Discrimination (CCPA): California residents will not be discriminated against for exercising their data rights.
To exercise any of the above rights, you may contact us at [email protected].
6. Security Measures
We implement stringent technical and organizational security measures to protect your personal data. These include:
– End-to-end encryption of data in transit
– Secure, access-controlled servers
– Multi-layered firewalls and intrusion detection software
– Regular security audits and risk assessments
– Staff privacy and cybersecurity training
– Regular data backups
Though we employ best practices, no system can be completely invulnerable. We continuously evaluate and improve our security posture.
7. International Transfers
Your data may be stored or processed in countries outside your own, including jurisdictions that may not provide equivalent legal protections of personal data. Where such transfers occur, we rely on:
– Standard Contractual Clauses approved by the European Commission
– Adequacy decisions by the European Commission
– Other appropriate safeguards as permitted by law
We ensure that your data remains subject to appropriate legal protections, regardless of location.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes set out in this policy:
– Usage and Technical Data: 12 months from collection
– Account, Profile, and Transaction Data: 7 years from last customer activity to cover tax and bookkeeping obligations
– Communication and Support Data: 3 years after last contact
– Marketing and Preference Data: Until consent is withdrawn or 3 years after last interaction
After these periods, data will be securely deleted or anonymized.
9. Cookie Policy
We use cookies to enhance your experience and gather analytical data on our website use. Types of cookies include:
– Essential Cookies: Necessary for site operation and user authentication
– Functional Cookies: Remember your settings and enhance usability
– Analytics Cookies: Help us understand how visitors use our site
– Performance Cookies: Improve site speed and responsiveness
Cookies do not give us access to your device or personal files.
10. Cookie Management and Compliance
Upon visiting niginigiboracay.com, you will be presented with a cookie consent banner allowing you to:
– Accept all cookies
– Reject unnecessary cookies
– Customize your cookie preferences
You may also revoke consent or adjust settings by accessing our cookie management panel at any time. Our cookie practices comply with the GDPR and CCPA requirements for transparency and user control.
11. Children’s Privacy
Our website and services are not directed to children under the age of 13. We do not knowingly collect or process the personal data of individuals under 13 years of age. If we become aware of such data collection, we will delete the information and take appropriate measures. Parents or legal guardians can contact us at [email protected] to request data removal.
12. Policy Updates and User Notifications
This Privacy Policy may be amended from time to time to reflect changes in legal requirements or organizational practices. Significant changes will be communicated on our website or via direct notice if appropriate. Continued use of the website implies acceptance of the updated policy.
13. Contact
If you have any questions, concerns, or requests concerning this Privacy Policy or your personal data, please contact us:
Email: [email protected]
Website: niginigiboracay.com
We are committed to upholding your privacy rights and ensuring compliance with all relevant data protection laws, including the GDPR and CCPA. For additional guidance, please do not hesitate to reach out.