1. Data controller
The controller responsible for personal data related to agarhotel.com and AGAR guest services is AGAR Mountain Hotel & Resort, reachable at hello@agarhotel.com and 74C Aaliyah River, Bayerhaven.
2. Scope
This policy covers visitors to our website, mobile experiences, on-property Wi-Fi portals, reservation partners that sync with AGAR, event attendees, spa and dining guests, and loyalty participants. Separate notices may apply to employment applicants.
3. Categories of personal data
Depending on your interaction, we may process:
- Identity and contact: name, salutation, postal address, email, phone, country of residence, language preference.
- Booking and stay data: arrival/departure dates, room category, party composition, rate codes, special requests, vehicle registration, incident reports, consumption charges.
- Payment data: card tokens, partial PAN, billing address, fraud signals. Full card numbers are handled by PCI-DSS compliant processors where applicable.
- Digital identifiers: IP address, device type, browser, approximate location derived from IP, cookies, pixels, session IDs, and analytics identifiers.
- Communications: emails, chat transcripts, recorded calls where lawfully disclosed, survey responses, social handles if you tag us.
- Casino and regulated amenities: government ID attributes required for compliance, watch-list screening outcomes as allowed by law, voluntary self-limit enrollments.
- Health-related notes you voluntarily provide for spa treatments or dietary needs, treated as sensitive where legally required.
4. Purposes and legal bases (GDPR framing)
We rely on appropriate legal bases such as contract, consent, legitimate interests, or legal obligation:
- Performing reservation contracts and delivering stays (contract / pre-contract).
- Processing payments, security deposits, charge reconciliation (contract; legal obligation).
- Marketing communications where you opt in or where soft opt-in is permitted (consent / legitimate interest).
- Website improvement, aggregated analytics, debugging (legitimate interest with safeguards).
- Safety, fraud prevention, CCTV in public areas with signage (legitimate interest / legal obligation).
- Regulatory reporting for gaming, tax, immigration, or police requests (legal obligation).
5. Cookies and similar technologies
We use necessary cookies for sessions, preferences, load balancing, and security. With consent where required, we deploy analytics to understand content performance. You may manage cookies through browser settings. See our cookie banner (where implemented regionally) for granular choices.
6. Sharing and processors
We share data with vetted processors: property management systems, payment gateways, email service providers, cloud hosting, customer-support tooling, marketing automation, and accounting platforms. Contracts require confidentiality and security. We may disclose data to law enforcement when legally compelled or to protect vital interests.
7. International transfers
Data may be processed in Switzerland, the European Economic Area, the United Kingdom, or other countries with adequacy decisions or appropriate safeguards (Standard Contractual Clauses, UK Addendum, or equivalent).
8. Retention
We retain booking and billing records as required by tax and commercial law, typically between seven and ten years. Marketing profiles expire after prolonged inactivity unless you renew consent. Security logs rotate on a shorter cycle. Spa health notes are minimized and deleted when no longer needed for treatment continuity unless law mandates otherwise.
9. Security
We implement administrative, technical, and organizational measures including access controls, encryption in transit for web forms served over TLS, vendor security reviews, and staff training. No online system is perfectly secure; please use strong passwords and protect your devices.
10. Your rights
Subject to jurisdiction, you may request access, rectification, erasure, restriction, data portability, and objection to certain processing. You may withdraw consent without affecting prior lawful processing. To exercise rights, email hello@agarhotel.com. You may lodge a complaint with your local supervisory authority.
11. Children
Our services are not directed at children under sixteen. We do not knowingly collect their data. Parents who believe we have unintentionally collected such data should contact us for deletion.
12. Automated decision-making
We do not use solely automated decisions with legal or similarly significant effects without human review, except fraud screening tools that flag transactions for analyst review.
13. California residents (CPRA summary)
If California law applies, you may have rights to know, delete, correct, and opt out of sale or sharing of personal information. AGAR does not sell personal information for monetary consideration. We honor global privacy control signals where technically feasible. Contact us to designate an authorized agent.
14. Updates
We revise this policy when practices change. Material updates will be posted on agarhotel.com with a revised effective date. Continued use after notice constitutes acknowledgment unless objection is required by law.
15. Contact
Privacy inquiries:
hello@agarhotel.com
74C Aaliyah River, Bayerhaven