1. Purpose of this charter
This Global Privacy Charter (“Charter”) applies to LUX* Resorts and Hotels, its subsidiaries and all of the hotels within the LUX* Portfolio of Brands (collectively, "LUX," "we," or "us"). At LUX, we strive to deliver outstanding products, services, and experiences around the world. We value your business and, more importantly, your loyalty. We recognise the importance of our customers’ privacy, and we respect the fact that our customers want to safeguard the use of their personal information. We have therefore developed this Charter to explain how we collect data about you, and the nature of that data, how we use that data, who that data may be sent to, and how we can amend data you have submitted to us.
This Global Privacy Charter forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you expressly accept the provisions of this Charter.
2. Who we are?
LUX* Resorts & Hotels means Lux Island Resorts Ltd (“LIR”), The Lux Collective Ltd (“TLC”) and various hotels and brands, together with their operating and/or management companies (the “Hotels”).
Lux Island Resorts Ltd
LIR is a public company incorporated in Mauritius and its shares are listed on the stock exchange of Mauritius. Its registered office is situated at 58 Pierre Simonet Street Floreal, Mauritius. The main activity of the group is the operation and management of hotels. LIR is the ultimate parent company of TLC and the Hotels owned by LIR.
The Lux Collective Ltd
TLC, a subsidiary of LIR, manages LIR owned resorts and third party owned hotels.
More information on hotels and operating and/or management companies is available in our most recent Annual Report located on our website here:
Each of these entities may act as a controller and will be responsible for handling your personal information.
The data controller of your personal information will be the LIR entity(ies) with which you have a contractual relationship.
TLC is the primary operating entity and data controller responsible for handling your personal information in connection with the operation of the website and the provision of reservation and marketing services.
Each Hotel also may act as a data controller responsible for the provision of services at the respective LUX* hotel(s) owned and/or operated by it.
3. Principles for protecting your personal data
The seven principles below are applicable within our Group.
1. Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.
2. Legitimacy: We will collect and process your personal data only for the purposes described in this Charter.
3. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.
4. Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.
5. Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information.
6. Confidentiality and security: We will ensure reasonable technical and organisational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorised use, disclosure or access.
7. Sharing and international transfer: We may share your personal data within our organisation or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Charter. We will take appropriate measures to guarantee security when sharing or transferring such data.
4. Scope of application
This policy applies to:
1. All data processing at LUX i.e. those operating under any of the LUX brand name and/ or any other brand owned by LUX.
2. All reservation websites, including the brand site www.saltresorts.com
5. Personal data collected
"Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. It relates to any personal information you provide to us by phone, SMS, email, in letters, in person, through representatives and other correspondence or means.
At various times, we will be obliged to ask you, as our customer, for information about you and/or members of your family, such as:
6. When personal data collected
Personal data may be collected on a variety of occasions, including:
1. Hotel activities:
2. Closed circuit television systems and other security systems
3. Participation in marketing programs or events:
4. Transmission of information from third parties:
5. Internet activities:
7. Purpose of collection of personal data
We collect your personal data for the purposes of:
1. Meeting our obligations to our customers
2. Managing the reservation of rooms and accommodation requests
3. Creation and storage of documents in compliance with legal and accounting requirements
4. Managing your stay at the hotel:
5. Providing a safe and secure environment for our customers, employees, suppliers and service providers and to protect our premises and property.
6. Improving our hotel services, especially:
7. Managing our relationship with customers before, during and after their stay:
8. Using a trusted third party to cross-check, analyse and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your customer profile, and to allow us to send you personalised offers.
9. Securing and enhancing your use of LUX websites, especially:
10. Conforming to local and applicable international legislations
8. Disclosure of personal information
As we are present in many countries, we endeavor to provide you with the same services throughout the world. Thus, to guarantee you the right of access and amendment we have to share your personal data with internal and external recipients subject to the following conditions:
1. Within LUX: in order to offer you the best service, we can share your personal data and give access to authorised personnel from the Group, including:
2. With service providers and partners: your personal data may be sent to third parties for the purposes of supplying you with services and improving your stay. More specifically we use third parties to:
3. Local authorities: we may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
We do not routinely disclose personal information to other organisations unless:
9. International transfers
Due to the global nature of our business and that of our third party suppliers who process your personal data on our behalf, personal information we collect from you may be transferred, processed and stored overseas including (where applicable) outside the jurisdiction where the personal information is collected.
Although the data protection laws of these other countries may not be as comprehensive as those in your own, we will take all necessary steps to ensure that your personal information is treated securely, and in accordance with this Privacy Charter and any applicable laws.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world. LUX cannot prevent the use of such information by others. By submitting your personal data, you expressly agree to these transfers, storing, processing and publishing.
However, any such transfer of information does not change any of our commitments to safeguard your privacy and the information remains subject to existing confidentiality obligations.
10. Data Security
We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect your personal information from loss, misuse or alteration.
We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:
All of our employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our services.
11. Collection of other information
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
12. Storage of data
We retain your personal data only for the period necessary for the purposes set out in this Charter or in accordance with the provisions of applicable law.
13. Access and Modification
Your right of access.
If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information. If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification.
If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal information with others, we will let them know about the rectification where possible.
Your right to erasure.
You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). However, note that we may retain some of your personal information for a reasonable period of time, even after you withdraw a consent, for legal or compliance purposes. If we have shared your personal information with others, we will let them know about the erasure where possible.
Your right to restrict processing.
You can ask us to suspend the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us processing it. It would not stop us from storing your personal information, though. We will tell you before we lift any restriction. If we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
Your right to data portability.
With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you have provided to us (in a structured, commonly used and machine readable format) and to reuse it elsewhere.
Your right to object.
You can ask us to stop processing your personal information, and we will do so, if we are:
Your rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you. However, we may conduct automated decision-making and/or profiling where it is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
You have the right to withdraw your consent at any time. However we may not be able to provide certain services to you should that be the case.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal information, you can report it to the Data Protection Commissioner of Mauritius. If you are an EU citizen, you have the right to lodge a complaint with the supervisory authority of the country of your residence.
We would appreciate the chance to deal with your concerns before you approach the authorities above, so please contact us in the first instance.
14. How to contact us
If you have any questions or complaints about how we handle your personal data, or would like us to update or erase the data we maintain about you and your preferences, please contact our Data Protection Officer:
By email: email@example.com
By post: Data Protection Officer, 58 Pierre Simonet Street Floreal, Mauritius.
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, along with your request. In some cases we may also request an administrative fee to cover the cost of access.
We may modify this Charter from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at one of our hotels.
The amended policy will apply between us whether or not we have given you specific notice of any change.