ANDROS WATERSIDE RETREAT PRIVACY POLICY

Effective Date: December 1, 2025

1. INTRODUCTION AND SCOPE

This Privacy Policy outlines how Andros Waterside Retreat ("The Hotel," "We," "Us") collects, uses, and protects the personal data of our Guests, website users, and visitors ("You"). By accessing our Website or utilizing our services, you consent to the data practices described in this policy.

1.1 Data Controller Status For the purposes of all applicable data protection laws, Andros Waterside Retreat acts as the Data Controller of your personal information collected directly by The Hotel. This means we determine the purposes and means of processing your personal data. Third parties, such as our payment gateway and booking engine, may act as independent controllers or processors regarding the specific data they handle.

2. DATA COLLECTION: WHAT INFORMATION WE COLLECT

We collect information necessary to facilitate your booking, manage your stay, and comply with legal requirements.

2.1 Information You Provide Directly

This information is collected when you make a booking, check-in, or use services:

  • Identification and Contact Data: Full name, home address, email address, telephone number, nationality, and passport/government ID details (collected upon check-in for legal compliance).

  • Reservation Data: Dates of stay, room number, purpose of stay, and names of accompanying guests.

  • Financial Data: Credit card type, last four digits of the card, expiration date, and billing address.

  • Preference and Service Data: Meal preferences, allergies, special accommodation requests (e.g., accessibility), and feedback/reviews.

2.2 Information Collected Automatically (Usage Data)

When you access our website:

  • Technical Data: Internet Protocol (IP) address, browser type and version, operating system, and device information.

  • Usage Data: Pages viewed, time spent on pages, and referring website addresses.

2.3 Information Collected During Your Stay

  • Video Footage: CCTV records footage in public areas, including entrances, lobbies, hallways, dining areas, and docks (for security purposes only, as noted in the Terms and Conditions).

2.4 Use of Cookies and Tracking Technologies

Our Website utilizes "cookies" and similar tracking technologies to enhance user experience and analyze website traffic. Cookies are small text files stored on your device that record information about your browsing session. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, declining cookies may limit your ability to fully utilize the interactive features of the Website.

3. USE AND PROCESSING OF YOUR DATA

We use your personal data for the following essential purposes:

  • Service Fulfillment: To process your reservation, confirm your booking, arrange transfers, and facilitate your check-in and check-out.

  • Billing and Payments: To process payments for accommodation and incidentals.

  • Security and Safety: To ensure the safety of all guests and property, manage internal security (via CCTV), and detect/prevent fraud.

  • Legal Compliance: To maintain records required by local Bahamian authorities (e.g., guest registration log, tax requirements).

  • Communication: To send booking confirmations, pre-arrival information, and post-stay surveys.

4. DISCLOSURE AND SHARING OF YOUR DATA

Your personal data is handled with strict confidentiality. We share your information only with the following parties, and only to the extent necessary:

4.1 Third-Party Payment Gateway (Financial Data)

All electronic payment information is transferred securely to a third-party payment processor.

  • Data Shared: Card number, expiration date, cardholder name, and billing address.

  • Our Role: The Hotel does not store or process your sensitive financial data. We securely pass this information to the processor for authorization and settlement. Our liability for the security of this data ends upon its secure transmission to the gateway.

4.2 Essential Third-Party Providers

  • Booking Engine: Data is shared with the platform that manages your online reservation (e.g., PMS/Channel Manager).

  • IT and Systems Support: Data shared with vendors maintaining our property management systems and network infrastructure.

4.3 Legal and Regulatory Authorities

We may disclose your information if required by a court order, subpoena, or government request from Bahamian authorities or if necessary to protect The Hotel’s rights, property, or safety.

4.4 Cross-Border Data Transfer

Your data may be transferred to, and stored at, a destination outside of The Bahamas, particularly to the United States or other jurisdictions where our primary IT and service providers (including our booking engine and payment gateway) are located. By providing your personal data, you explicitly consent to this transfer and storage of your information outside of The Commonwealth of The Bahamas. The Hotel takes steps to ensure these third-party systems afford an adequate level of data protection in compliance with this Policy.

5. DATA RETENTION AND SECURITY

5.1 Data Retention

We retain your personal data only for the period necessary to fulfill the purposes outlined in this policy, manage your account, and satisfy any legal, accounting, or reporting requirements. This period may vary based on the nature of the data, but is generally held for a minimum of five (5) years to satisfy Bahamian regulatory and audit requirements. Data no longer required will be securely destroyed or anonymized.

5.2 Security Measures

We implement robust technical and organizational measures to protect your data from unauthorized access, loss, or alteration. These measures include:

  • Data encryption (TLS/SSL) for online transactions.

  • Access controls and physical security for data storage systems.

  • Staff training on data protection procedures.

6. YOUR RIGHTS

You have the following rights concerning your personal data, subject to legal limitations:

  • Right of Access: You may request access to the personal data we hold about you.

  • Right to Rectification: You may request that we correct any inaccurate or incomplete data we hold.

  • Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

To exercise these rights, please contact us using the information in Section 7.

7. CONTACT INFORMATION

For questions or requests regarding this Privacy Policy or the handling of your data:

  • Data Protection Contact: Hotel Management

  • Email: info@androswatersideretreat.com

  • Phone: (242) 471-5617

  • Address: Queen's Highway, Deep Creek, South Andros, The Bahamas.

8. POLICY UPDATES

The Hotel reserves the right to modify this Privacy Policy at any time. Any changes will be posted on our Website and will become effective immediately upon posting.