Privacy Policy for Tioga Lodge
We maintain an unwavering dedication to protecting and preserving all personal data provided by our website visitors and service users, implementing robust and comprehensive security measures throughout our services and operations.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. In this role, we are responsible for ensuring the proper handling, processing, and protection of all personal data submitted through our website.
We may process usage data, which comprehensively includes page views, time spent on pages, navigation paths, interaction patterns, scroll depth, click patterns, and device information. This information is collected through server logs, cookies, and analytics tools and may include browser type and version, operating system details, and screen resolution. The source of this data is our analytics software and server monitoring systems. We process this information for several important purposes, including improving website performance, understanding user behavior, optimizing content delivery, and enhancing user experience, which enables us to provide better services, personalize content, and maintain system security. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.
We may process account data, which comprehensively includes email addresses, usernames, passwords, account preferences, login timestamps, and account status. This information is collected through registration forms, account updates, and system logs and may include communication preferences, notification settings, and account security choices. The source of this data is direct user input during account creation and management. We process this information for account authentication, service provision, security monitoring, and communication purposes, which enables us to maintain secure user accounts, provide personalized services, and ensure proper account management. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process profile data, which comprehensively includes names, contact information, preferences, biographical information, and profile pictures. This information is collected through profile creation forms, profile updates, and user submissions and may include professional information, interests, and social media handles. The source of this data is direct user input and profile management activities. We process this information for personalization, service improvement, user identification, and communication purposes, which enables us to provide tailored experiences, improve user interactions, and facilitate community engagement. The legal basis for this processing is our legitimate interests in operating and improving our website and services.
Your Rights:
Right to Access: You have the right to obtain confirmation about whether we process your personal data and to receive a copy of that data in a structured format. This includes the ability to view all personal data we hold about you, understand how we use it, and know who we share it with. To exercise this right, you can submit a formal request through our designated data access channels or contact our privacy team directly. We will respond within 30 days and may require government-issued identification, proof of address, and account verification to confirm your identity.
Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete data completed. This includes the ability to update your profile information, correct account details, and modify any incorrect data we hold. To exercise this right, you can access your account settings or submit a correction request through our support channels. We will process your request within 15 days and may require account verification, supporting documentation, and specific details about the information to be corrected.
Right to Erasure: You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected. This includes the ability to delete your account, remove specific data points, and withdraw previous consent for data processing. To exercise this right, you can submit a deletion request through our privacy portal or contact our data protection officer. We will process your request within 30 days and may require password confirmation, identity verification, and explicit confirmation of deletion consequences.
Right to Restrict Processing: You have the right to limit how we use your personal data when you have legitimate grounds for doing so. This includes the ability to temporarily suspend data processing, limit data usage to specific purposes, and contest data accuracy. To exercise this right, you can submit a processing restriction request through our designated channels. We will respond within 15 days and may require account ownership verification, specific processing details, and justification for the restriction request.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and to transmit this data to another controller. This includes the ability to download your data, transfer information between services, and receive data in compatible formats. To exercise this right, you can use our data export tools or submit a portability request. We will fulfill your request within 30 days and may require two-factor authentication, account verification, and specific format preferences.Data Processing and Security Measures
We process Service Data which includes login credentials, account settings, service preferences, and usage patterns. This processing involves automated collection, analysis, and storage, enabling us to provide personalized accommodation services and improve user experience. For example, in the context of hospitality services, this includes room preferences, special requests, and check-in/check-out information. The legal basis for this processing is legitimate business interests and contractual necessity, specifically to fulfill our accommodation service obligations.
We process Technical Data which includes device information, IP addresses, browser type, and session data. This processing involves automated logging, analysis, and storage, enabling us to maintain website functionality and security. For example, this includes monitoring website performance and preventing unauthorized access. The legal basis for this processing is legitimate interests, specifically to ensure proper website operation and security.
We process Communication Data which includes email correspondence, chat messages, and customer service interactions. This processing involves storage, analysis, and management of communications, enabling us to provide effective customer support and maintain service quality. For example, this includes handling reservation inquiries and special requests. The legal basis for this processing is contractual necessity and legitimate interests.
We process Transaction Data which includes payment information, booking details, and purchase history. This processing involves secure storage, verification, and analysis, enabling us to process reservations and maintain accurate financial records. For example, this includes processing room charges and additional service fees. The legal basis for this processing is contractual necessity and legal obligations.
We process Preference Data which includes marketing preferences, notification settings, and service customizations. This processing involves storage and analysis of user preferences, enabling us to provide personalized services and relevant communications. For example, this includes dietary requirements and room preferences. The legal basis for this processing is consent and legitimate interests.
Security Measures
Our comprehensive encryption protocols ensure end-to-end protection of your data, incorporating industry-standard algorithms and regular security updates to maintain data integrity. This includes regular security assessments and penetration testing by qualified professionals.
We implement multi-layered security infrastructure, including advanced firewalls and intrusion detection systems that continuously monitor for and prevent unauthorized access attempts. This infrastructure undergoes regular updates and enhancements.
Access to personal data is strictly controlled through role-based permissions, multi-factor authentication, and detailed access logs. We maintain comprehensive audit trails of all data access and modifications.
Our continuous monitoring systems provide real-time threat detection and automated response protocols, ensuring immediate action against potential security threats.
We maintain comprehensive backup procedures with encrypted offsite storage and regular recovery testing, ensuring data availability and integrity.
All staff undergo regular security awareness training and must comply with detailed data protection protocols, including specific training for handling sensitive data.
International Data Transfers
We may transfer your personal data to countries outside your jurisdiction. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses, Binding Corporate Rules, and certified compliance frameworks. Each international transfer is conducted under strict protocols that ensure:
– Adequate data protection standards
– Compliant processing procedures
– Enforceable data subject rights
– Effective legal remedies
International transfers are protected by ISO 27001 standards, GDPR requirements, and industry-specific certifications, ensuring compliance with international data protection regulations. We implement additional measures including:
– Regular compliance audits
– Data protection impact assessments
– Documented transfer mechanisms
– Continuous monitoring procedures
Regarding international transfers, you maintain specific rights including:
– Right to information about transfers
– Right to object to transfers
– Right to withdraw consent
– Right to data protection guarantees
Data Retention
We maintain specific retention periods for different data categories:
Account Information: 7 years after account closure to comply with tax and legal requirements
Usage Data: 2 years from collection for service improvement and analysis
Transaction Records: 7 years to comply with financial regulations
Communication History: 3 years to maintain service quality and handle disputes
Technical Logs: 1 year for security and performance monitoring
These retention periods are determined by:
– Legal requirements
– Business purposes
– Technical necessities
– User preferences
Special circumstances affecting retention:
– Legal obligations
– Dispute resolution
– Security investigationsCookie Policy for Tioga Lodge
Essential cookies are fundamental to website functionality. These cookies manage user authentication, maintain security protocols, and ensure basic site operations remain stable. We use them specifically for:
– User authentication
– Security measures
– Basic site operations
– Session management
– Technical stability
Functional cookies enhance your experience by remembering your preferences. They enable:
– Language preferences
– Region-specific content
– User interface customization
– Feature optimization
– Personalized settings
Analytics cookies help us understand user behavior. They collect information about:
– Page interactions
– Navigation patterns
– Feature usage
– Session duration
– User preferences
Performance cookies assess and improve website operation by:
– Monitoring site speed
– Identifying technical issues
– Optimizing content delivery
– Analyzing user experience
– Tracking system performance
Cookie Management
You can control cookie preferences through:
– Browser settings
– Cookie consent tools
– Privacy preferences
– Account settings
For EU residents, we ensure:
– Explicit consent mechanisms
– Data minimization
– Purpose limitation
– Storage limitations
– Processing transparency
California residents have additional rights:
– Right to know about personal information collected
– Right to delete personal data
– Right to opt-out of data sales
– Right to non-discrimination
– Right to access collected information
Regarding users under 13:
– Age verification requirements
– Parental consent procedures
– Limited data collection
– Special protection measures
– Parental access rights
Policy updates involve:
– Regular review procedures
– User notifications
– Consent renewal when required
– Clear change documentation
– Continuous compliance monitoring
For privacy-related inquiries:
– Primary Contact: [email protected]
– Response Time: Within 48 hours
– Verification Required: For data-related requests
– Available Support: Privacy concerns, data requests, rights exercise
This policy was created specifically for tiogalodge.com and covers all associated services within the hospitality industry.