Sharing & Disclosure Policy

Transparency in how we handle, share, and disclose your information

📅 Last Updated: November 15, 2024 ⚖️ Effective Date: January 1, 2025 📄 Document ID: VLT-DISC-2024-04

1. Purpose of This Policy

At VoyageLux Travel & Hospitality, trust is the foundation of every journey we curate. This Sharing & Disclosure Policy outlines how we collect, use, share, and disclose personal and booking information across our services. We maintain full compliance with applicable data protection frameworks, including GDPR, CCPA/CPRA, PCI-DSS, and international travel data regulations.

Our Commitment: We never sell your personal data. Information is shared exclusively to deliver travel services, comply with legal obligations, enhance safety, or with your explicit, documented consent.

2. What Information We Share & Why

Providing end-to-end luxury travel requires coordinated communication between specialized partners. Below is a transparent breakdown of data sharing practices:

Data Category	Shared With	Purpose
Booking & Contact Details	Airlines, Hotels, Tour Operators, Car Rental Providers	Service fulfillment, check-in processing, itinerary coordination
Payment & Billing Information	PCI-Certified Payment Processors (Stripe, Adyen, Worldpay)	Secure transaction processing, refunds, fraud prevention
Passport & Visa Documentation	Immigration Authorities, Embassy Services, Secure Cloud Vault	Travel compliance, border clearance, document verification
Travel Preferences & Health Info	Local Guides, Medical Emergency Partners, Accessibility Services	Personalized experiences, dietary/medical accommodations, safety protocols
Usage & Analytics Data	Trusted Technology Partners (Google Analytics, Hotjar)	Site optimization, service improvement, anonymized trend analysis

3. Third-Party Partners & Vendor Oversight

We maintain strict vendor risk management protocols. All third-party recipients of your data must:

Sign data processing agreements (DPAs) aligned with our privacy standards
Undergo annual security, compliance, and insurance audits
Restrict data usage solely to the contracted service purpose
Implement encryption, role-based access controls, and breach notification procedures
Prohibit sub-processing without prior written authorization

Our primary service ecosystem includes: Global Distribution Systems (GDS), property management systems (PMS), travel insurance providers, concierge networks, and 24/7 emergency assistance partners.

4. Legal & Regulatory Disclosures

We may disclose your information when required by law or to protect legitimate rights, including:

Legal Compliance: Court orders, subpoenas, or government travel security mandates (e.g., API/PNR data requirements)
Fraud & Risk Prevention: Sharing with financial institutions or travel security agencies to investigate suspicious activity or payment disputes
Business Transfers: In the event of merger, acquisition, or asset sale, customer data transfers will honor existing privacy commitments and require notice where legally mandated
Travel Warnings & Emergencies: Coordination with consular services, embassies, or emergency response teams during natural disasters, civil unrest, or public health crises

5. International Data Transfers

As a global hospitality provider, your data may be processed in countries outside your region of origin. We ensure continuous protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Privacy Shield successor frameworks and recognized adequacy decisions
AES-256 encryption in transit and at rest across all international processing nodes
Regular transfer impact assessments (TIAs) for high-risk jurisdictions

6. Your Rights & Transparency Choices

Depending on your jurisdiction, you may have the right to:

Access, correct, restrict, or delete your personal information
Opt out of non-essential data sharing (marketing, analytics, personalization)
Request a portable, machine-readable copy of your booking & preference data
Withdraw consent at any time without affecting core service fulfillment
Lodge a complaint with a relevant supervisory authority

Exercise these rights by contacting our Data Protection Office at dpo@voyagelux.com or through your account privacy dashboard under Settings → Data & Transparency.

7. Policy Updates & Notification

We review this disclosure policy annually and whenever material changes occur to our data practices, vendor ecosystem, or regulatory landscape. Significant updates will be:

Posted with a revised "Last Updated" date at the top of this page
Communicated via email to registered account holders at least 30 days prior to implementation
Reflected in booking confirmation footers, app notices, and checkout flows

8. Contact & Disclosure Requests

For questions, formal disclosure requests, or compliance inquiries:

Data Protection Office: dpo@voyagelux.com
Legal & Compliance: legal@voyagelux.com
Physical Address: VoyageLux Travel & Hospitality, 123 Travel Blvd, Suite 400, New York, NY 10018, USA
Response Time: We acknowledge all requests within 48 hours and resolve them within 30 days as required by applicable law. Complex requests may require a 60-day extension with advance notice.