Privacy

Privacy Policy

Last updated: 10 June 2026

LuxStay Atelier ("we") collects travel request details only to respond, plan journeys, coordinate services, and prepare advisor-reviewed proposals. Public forms never ask for card data, passport scans, or sensitive documents. This policy explains what we collect, why, how it is used and protected, and the rights available to you.

What we collect

Inquiry details: name, email, phone, destination, dates, party size, preferences, and notes — all provided by you.
Wishlist: stored only in your browser's localStorage; it is never uploaded to our servers and is deleted when you clear browser data.
Technical logs: server access logs (IP, time, request path) for security and troubleshooting, rotated and deleted periodically.
We run no advertising trackers and no third-party analytics cookies. The admin cookie exists solely for staff sign-in and is strictly necessary.

Purposes and legal bases

Responding to your inquiry and preparing proposals — performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)).
Confirming availability, privileges, and pricing with hotels and authorised channels — contract performance; sharing is limited to what is necessary.
Security, abuse prevention, and auditing — legitimate interests (GDPR Art. 6(1)(f)).
We do not sell personal information and do not use it for marketing unrelated to travel services.

Retention

Inquiries and advisor correspondence: kept up to 24 months after service completion to support future journeys; deletion on request at any time.
Audit and security logs: kept up to 12 months.
Records required by law (e.g. financial) are kept for their statutory periods.

Your rights

Access, rectification, erasure: ask to view, update, or delete your personal information at any time.
Restriction, objection, and portability: we honour the rights granted by applicable law, including EU GDPR and California CCPA/CPRA.
To exercise: email advisor@dj.42ka.cn — we respond within 30 days.
If you are in the EU/UK, you may also lodge a complaint with your local data protection authority.

International transfers and security

As a global travel service, necessary details may be transferred to the country of the hotel or channel involved; we share the minimum needed to deliver the service.
Transport is encrypted via HTTPS; back-office access is role-restricted and audit-logged.
If a data incident affects your rights, we will notify you as required by law.

Privacy contact: advisor@dj.42ka.cn