Last Updated: 04 September 2023
1. Who we are
This website ("https://www.leilaniliving.com/") is operated by The Leilani Group, hereafter, collectively, the ("Leilani Group," "we," "us", or "our"). You can contact us as indicated under the "Enquiry" section below.
The data controller responsible for your personal data is the Leilani Group with whom you engage as a customer ("Leilani Group," "we," "us", or "our").
3. Personal Data we collect
We collect the following personal data about you:
Processing your order: The personal details you provide when submitting an order or entering a service agreement. This includes your name, address, email address; business address and phone number; gender and date of birth, and country. We also collect information about your debit/credit card and bank account information provided by you to our payment service providers, which we require for the purpose of recording and fulfilling orders and service agreements. (For further details please also refer to the section below headed 'Payment Information').
Other Information: Personal details you choose to give when corresponding with us by phone or email, participating in user/customer/guest surveys, or otherwise visiting and interacting with this site or any other websites we operate, and personal data that you provide to us when you visit one of our partner hotels or other premises. We can also combine personal data that you provide to us with additional information we collect about you when you make a reservation through third-party services such as hotel or spa reservations or when you purchase from our third-party affiliates, as necessary to process your requests.
4. Automatically collected Personal Data
Log Data: When you visit our site, our servers record information ("log data"), including information your browser automatically sends whenever you visit the site. This log data includes your Internet Protocol ("IP") address (from which we understand the country you are connecting from at the time you visit the site), browser type and settings, and the date and time of your request.
5. How we use your Personal Data
We use your personal data in the following ways:
To acknowledge, confirm and deal with your order or service agreement. Such use of your data is necessary to implement your request.
Where you are a customer, provide you with customer services, administer your customer account and contact you regarding your use of the services. Such use is necessary to respond to or implement your request and to perform the contract between you and us.
Processing your requests. We use your personal information to process your request for content, to process your attendance at an event or conference, or process your request for product(s). For example, if you subscribe to any of our products we may use your e-mail address to send you a confirmation notice and your mailing address to send you the product. Similarly, if you enter a contest, we will use your personal information to notify you if you are a winner. If you enter a contest or submit content to us (e.g., a "letter to our editors" or online review or comment), we may also publish your name, screen name, home town and other Personal Information you have provided to us, together with the content you submit.
To complete and fulfil reservations, for example, to process your payment and provide related customer service, including sending confirmations or pre-arrival messages. Such use is necessary for the fulfillment of the contract between you and us.
To contact you in connection with user/customer/guest surveys and use any information you choose to submit in response, provided that you gave us your consent to being contacted in this way at the time you provided us with the personal data.
Employment Opportunities. If you provide your personal information to us in connection with an employment enquiry, we will use your Personal Information to evaluate your job application, and for related recruiting, reporting, and record keeping purposes. We may maintain your personal information on file, whether we hire you or not, to administer your relationship with us or for job applicant-related reporting and record keeping for as long as required or permitted by law.
The Leilani Group may provide you or engage selected third-party service providers to provide you with information about goods or services, events, and other promotions we feel may interest you as a customer. We (or such third-party providers) will contact you by your chosen method of communication only with your consent, which was given at the time you provided us with the personal data.
As necessary for specific legitimate business interests, which include the following:
Where we are asked to deal with any enquiries or complaints you make.
Administering the service. We also use and share your personal information for any lawful purpose in connection with administering the service, including without limitation for customer service, to help diagnose problems with servers, to improve products that we offer by tailoring them to perceived preferences, to gather broad demographic information, to analyse trends, to seek compatible advertisers, sponsors, clients, and customers, and to track users' movements around the service and elsewhere on the web or across apps and devices. Your geolocation data may specifically be used to show you content (including advertising and sponsored messaging) based on geographic location.
To conduct analytics to inform our marketing strategy and enable us to enhance and personalise the experience we offer to our customers, clients, and our communications, including creating customer profiles to aid personalised direct marketing communications. Your geolocation data may specifically be used to show you content (including advertising and sponsored messaging) based on geographic location.
To provide postal communications which we think will be of interest to you.
If you ask us to delete your data or to be removed from our marketing lists, we are required to fulfil your request to keep basic data to identify you and prevent further unwanted processing.
To share personal data among The Leilani Group brands.
For administrative purposes, providing customer services, and complementing our sales and marketing activities.
We may anonymise, aggregate, and de-identify the data we collect. We may use such anonymised, aggregated, and de-identified data for our internal business purposes, including sharing it with our current and prospective clients, business partners, The Leilani Group, agents, and other third parties for commercial, statistical, and market research purposes. For example: to allow those parties to analyse patterns among groups of people and conduct research into interests, demographics, and behaviour.
For internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and as part of our efforts to keep our site, network, and information systems secure.
To (a) comply with legal obligations, (b) respond to requests from competent authorities; (c) protect our operations or those of any of The Leilani Group brands; (d) protect our rights, safety, or property, or that of The Leilani Group brands, you or others; and (e) enforcing or defending legal rights, or preventing damage.
We may use your personal data for other purposes to which you have consented at the time of providing your data.
6. Disclosure of your Information
We share your personal data with third parties in the following situations:
Service Providers: The Leilani Group, like many businesses, sometimes hires selected third parties who act on our behalf to support our operations, such as (i) card processing or payment services (see the section below headed "Payment Information"), (ii) credit reference agencies to protect against possible fraud, (iii) IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide customer services and other goods/services available on this site or to customers, (iv) web analytics providers, (v) providers of digital advertising services and (vi) providers of CRM, marketing and sales software solutions. Under our instructions, these parties may access, process, or store your personal data in the course of performing their duties to us and solely to perform the services we have hired them to provide.
The Leilani Group: We operate on a global scale. To provide the services you request from us, The Leilani Group may access and process the information which we collect from you for the purposes described above, including offering products and services to you. The Leilani Group will only use your data for our initially collected purposes.
Business Transfers: if we sell our business or our company assets are acquired by a third party personal data held by us about our customers may be one of the transferred assets.
Administrative and Legal Reasons: if we need to disclose your personal data (i) to comply with a legal obligation or judicial or regulatory proceedings, a court order, or other legal processes. (ii) to enforce our Terms & Conditions or other applicable contract terms that you are subject to or (iii) to protect us, our customers, or contractors against loss or damage. This may include (without limit) exchanging information with the police, courts, or law enforcement organisations.
7. Payment Information
Any credit/debit card payments and other payments you make through our site will be processed by our third-party payment providers, and the payment data you submit will be securely stored and encrypted by our payment service providers using up-to-date industry standards. Please note that we do not directly process or store the debit/credit card data you submit.
We may arrange that card or payment data you submit in support of an order is stored to process your order.
We store and use this card or payment information to process any future payments you make as a customer for additional goods and services. We will store this data per our legal obligations under applicable law and only for as long as legally permitted.
You may choose to opt out of us holding your card or payment data, although you will need to re-supply us with card/payment details to make any future purchases.
8. Personal Data Transfers among Jurisdictions
Your personal data will be transferred to and stored in countries other than the country where the information was originally collected, including the United States, South East Asia, and other destinations outside the European Economic Area ("EEA"), to our service providers and affiliated businesses for the purposes described above.
Please note that the countries concerned may not provide the same legal standards for the protection of your personal data that you have in the United Kingdom or EEA. When we transfer your personal data to countries outside of the EEA we will take all steps to ensure that your personal data will continue to be protected. We will implement appropriate safeguards for transferring personal data to our service providers per the applicable law, such as relying on our service provider's Privacy Shield certification or implementing standard contractual clauses for data transfers. We have implemented data transfer agreements according to applicable data protection law to implement appropriate safeguards for transferring personal data to The Leilani Group companies in countries outside the EEA. If you would like more information on the safeguards we implement, including copies of relevant data transfer contracts, please contact us as indicated below.
Where we have given you (or where you have chosen) a password or log-in which enables you to access certain restricted parts of our Site, you are responsible for doing everything you reasonably can to keep these details secret. You must not share your password or log-in details with anyone else.
Security Measures. We take reasonable security measures to protect against unauthorised access to, or unauthorised alteration, disclosure, or destruction of, personal information.
No Liability for Breach. Because no data transmission is entirely secure, and no system of physical or electronic security is impenetrable, we cannot guarantee the security of your personal information or the security of servers, networks, or databases. By using the service, you agree to assume all risks concerning your personal information. We are not responsible for any loss of such personal information or the consequences thereof.
Breach Notification. If we believe the security of your personal information in our possession or control may have been compromised, we may seek to notify you. If notification is appropriate, we may notify you by email, push notification, or otherwise.
10. Personal Data Retention
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.
Upon expiry of the applicable retention period, we will securely destroy your personal data per applicable laws and regulations. In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
11. Your Personal Data Protection Rights
Certain applicable data protection laws give you specific rights concerning your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights concerning your personal data:
Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with specific other details such as the purpose of the data processing. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we share your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to restrict processing: You may ask us to restrict or 'block' the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your personal data with others, we will inform them about the restriction where possible. If you ask us, and where possible and lawful, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will provide your personal data in a structured, commonly used, and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
- If we are relying on a legitimate interest to process your personal data -- unless we demonstrate compelling legitimate grounds for the processing or,
- If we are processing your personal data for direct marketing.
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the UK data protection authority (the Information Commissioner's Office or ICO), or, as the case may be, any other competent data protection authority of an EU member state that is authorised to hear those concerns (you may find EU Data Protection Authorities' contact information here).
If you wish to exercise any of these rights, please contact us as described in the "Contact" section below. We may also need to ask you for further information to verify your identity before we can respond to any request.
Make sure to include enough information for us to help you, including for example your name, contact information, and the specific website, mobile site, application, or other services you're contacting us about.
For communications on other matters, please contact us through the means described on the service (for example, in the "Enquiries Section" section).