INTRODUCTION

Welcome to Vanity Pass!
Your privacy is important to us. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website and services. We are committed to complying with applicable data protection regulations, including:

BY USING OUR WEBSITE, YOU AGREE TO THE COLLECTION AND USE OF YOUR PERSONAL DATA AS DESCRIBED IN THIS POLICY.

l- SCOPE OF APPLICATION

In this Policy, Vanity Pass includes subsidiary companies of Vanity Pass involved in the businesses of Vanity Pass, and establishments working with Vanity Pass throughout the world (“Establishments”).

Vanity Pass may process your data because it manages a booking engine, which allows Vanity Pass to collect the data necessary to organise your stay in Establishments and to communicate this data to the concerned Establishments.

Vanity Pass also manages a global database of clients who visit Establishments.

Each Establishment will process your data to manage its contractual relationship with you (invoicing, payment, booking management etc.), to perform marketing activities and to comply with its legal obligations.

ll- GENERAL PRINCIPLES

¹The UK GDPR | ICO

² REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation

In accordance with applicable regulations, in particular the United Kingdom and European General Data Protection Regulations, we manage your personal data according to the following principles:

• Lawfulness & legitimate use: Personal data is processed only with consent, for contractual necessity, legal compliance, protection of vital interests, or legitimate interest without infringing individuals' rights.
• Fairness & transparency: The necessity and purpose of data collection are clearly explained, and individuals are informed about its use.
• Purpose limitation & data minimisation: Only the necessary data is collected and used strictly for the intended purpose.
• Individuals’ rights: People have access to their data and can request its rectification, restriction, portability, erasure, or object to its use.
• Storage limitation: Personal data is retained for a limited duration.
• Security:Measures are taken to ensure data availability, integrity, and confidentiality.
• Third-Party compliance:If shared with third parties, they must ensure data protection.
• International transfers:Data transferred outside Europe is safeguarded by legal mechanisms.
• Breach notification:In case of a data breach posing a risk, authorities and affected individuals are notified.

lll- INFORMATION WE COLLECT

IV- HOW WE USE YOUR INFORMATION

Vanity Pass operates in many countries and we endeavour to provide you with the same services throughout the world. Thus, we may share your personal data with internal and external recipients as is further specified in this clause.

In particular, the data related to your stays, preferences, satisfaction and, if the case may be, your loyalty program membership are shared between the Establishments.

Your data is used to improve the quality of service and your experience in each of these Establishments. In this context, your data is processed jointly by Vanity Pass and these Establishments.

WE DO NOT SELL YOUR PERSONAL DATA.

V- SHARING YOUR INFORMATION

We only share your personal data when necessary:

• With service providers: Payment processors, hosting services, analytics providers
• For legal reasons: When required by law enforcement, regulatory authorities, or court orders
• In case of business transfers: If Vanity Pass is acquired or merged, your data may be transferred

Vl- COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience. You can manage your cookie preferences via your browser settings.

We use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and improve our services. These technologies may include session cookies, persistent cookies, web beacons, and similar tools that help us collect and store information about user interactions with our website.

By using our website, you consent to the use of these technologies in accordance with our Policy. You may manage your cookie preferences or disable certain types of cookies through your browser settings. However, please note that restricting cookies may impact the functionality and performance of our website.

Vll- INTERNATIONAL DATA TRANSFERS

If you are located in the UK or the European Economic Area (EEA), your personal data may be transferred to countries outside these regions, including the United States, where data protection laws may differ and may not offer the same level of protection as those in the UK or EU.

To ensure the security and lawful processing of your data, we implement appropriate safeguards in accordance with applicable data protection laws. These measures include, but are not limited to, the use of Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner’s Office, as well as Data Processing Agreements (DPAs) with our service providers.

Vlll- DATA SECURITY

We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data, protecting it against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to, encryption, access controls, secure servers, and regular security audits.

However, while we strive to protect your data, no method of transmission over the internet or electronic storage is entirely secure, and we cannot guarantee absolute security.

If you suspect or become aware of any unauthorized access, breach, or compromise of your personal data, please contact us immediately so that we can take appropriate action.

lX- YOUR RIGHTS

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data.

To exercise these rights, please contact us at contact@vanitypass.com. We may require you to verify your identity before processing your request.

• If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
• Right to Deletion – You may request the deletion of your personal data, subject to legal limitations.
• Right to Opt-Out of Data Sales – While we do not sell personal data, you have the right to opt out of such sales if they occur.
• Right to Non-Discrimination – You will not be discriminated against for exercising your privacy rights.

To make a CCPA request, please contact us at contact@vanitypass.com. We may require identity verification before processing your request.

For residents of other U.S. states with applicable privacy laws, we extend similar rights in accordance with relevant legislation.

X- DATA RETENTION

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, including compliance with legal, regulatory, tax, accounting, or reporting obligations. The retention period may vary depending on the nature of the data and the legal requirements applicable in your jurisdiction.

Once the retention period expires, we will securely delete, anonymize, or aggregate your personal data to prevent identification, unless further retention is required for legitimate business interests, dispute resolution, or legal enforcement.

Xl- CHILDREN’S PRIVACY

Our services are not intended for individuals under the age of 16, and we do not knowingly collect, process, or store personal data from children without verifiable parental consent, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Children’s Online Privacy Protection Act 3 (COPPA).

If we become aware that we have inadvertently collected personal data from a child under the applicable age threshold, we will take immediate steps to delete the data from our records.

Xll- CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in legal requirements, industry practices, or our data processing activities. Any modifications will be posted on this page with an updated "Last Updated" date.

If the changes are significant or materially affect your rights, we will provide additional notice, such as sending an email notification or displaying a prominent notice on our website, before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

CONTACT US

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you may contact our Privacy Officer at:

• Email :contact@vanitypass.com
• Mail: Vanity Pass Privacy Team, [Company Address], [City, Country]

If you believe your privacy concerns have not been adequately addressed, you have the right to lodge a complaint with the appropriate data protection authority in your region:

• United Kingdom (UK): Information Commissioner's Office (ICO) –ico.org.uk
• European Union (EU): Your local Data Protection Authority –edpb.europa.eu
• United States (California Residents): California Attorney General – oag.ca.gov/privacy

We encourage you to contact us first to allow us the opportunity to resolve any concerns before reaching out to a regulatory authority.