Last modified: 3/23/2022
For the purposes of the General Data Protection Regulation (known as the “GDPR”), Seven Bluff Cabins LLC, located at 4251 County Road 348, Concan, TX 78838, is a “Data Controller.” This means that we direct the flow of collected personal information, as opposed to being a “Data Processor,” which is a person or company that does things with and to the information.
Information We Collect About You
We use this section to explain our data collection practices to you. We only collect information from you that allows us to make the site run smoothly and provide you with our services.
Personally Identifiable Information
Personally identifiable information is information that can identify you as a person — simple, right? Well personally identifiable information can also be a combination of information that reveals who you are.
For example, if I know your birthday is on July 4, 1976, I can’t necessarily figure out who you are. However, if I know your birthday, where you went to college, whether you’re married or not, and maybe your zip code, then I probably know enough to figure out who you are if I really wanted to. So personally identifiable information can be either something very specific about you, like your full name, or it can be a combination of general details that let me narrow down the possibilities until I figure out that it can only be you.
We purposefully seek the following personally identifiable information from you in a variety of circumstances:
- Full Name
- Home Address
- Email Address
We may seek personally identifiable information from you in a variety of ways, including through registration, contact forms, other online forms, through automated means, social media login, emailing or calling customer service, from other third parties, or from publicly available records.
We may use personally identifiable information in order to market our services, products, and offerings, or those that we think may be of interest to you.
We store any personally identifiable information that we’ve collected for as long as the account is maintained.
Non-Identifiable Personal Information
Non-identifiable personal information is information that’s technically about you, but cannot be linked directly to you without being combined with personal information. For example, if I know that you use Google Chrome when you visit my site, I will never be able to figure out who you are without combining it with personally identifiable information — even if I know what search terms you typed in, what kind of computer you are using, and how long you use the site for every time you visit, I will not be able to figure out that the user is you without personally identifiable information.
We purposefully seek the following non-identifiable personal information from you in a variety of circumstances:
- Browser Type
- Operating System
- Session Length
- Page Views
- Length Of Page Views
- Referral Links
- Search Terms
- General Location Data
- General Demographic Data
- Purchase Information
- Mobile Network Information
- Browser Settings
- Crash Reports
We may request non-identifiable personal information from you in a variety of ways, including: registration, contact forms, other online forms, through automated means, social media login, emailing or calling customer service, from other third parties, or from publicly available records.
We may use non-identifiable personal information in order to market our services to you.
We store any non-identifiable personal information that we’ve collected for as long as your account is maintained.
Sensitive information is the type of information that you might not necessarily want people to know, or at least, you would want to control who knows the information and how they come across it. An example of sensitive information could be your credit score or your social security number. As you can imagine, sensitive information should only be requested by a company if they really need the information to provide you with services.
We collect some sensitive information from you for various reasons and at various times, including credit card or bank account numbers, driver’s license, passport, or other state id numbers. When we collect sensitive information, it’s so we can make reservations and help guests check-in. We collect that information during registration, and we store sensitive information for as long as the account is maintained.
About Automated Collection
Automated technologies help us make our website run more smoothly. Through the use of automated means, we are able to see which of our pages are most popular, how users find our website, what causes errors in the website, and a lot of other details which help us make the website the best it can be.
We may use a number of automation technologies, including cookies, flash cookies, web beacons, or others as they become available or necessary.
Our automated technologies are supported by the use of other technologies, including through the use of Google services.
Please note that disabling and deleting cookies might make this website (and others) work improperly.
Flash cookies are functionally similar to regular cookies, but they are not subject to the same controls as regular cookies are. While you can follow the directions in the “Cookies” section to block most cookies, flash cookies require a different type of opt out. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website.
Web Beacons are tiny files that load when a user completes an action like visiting a particular webpage, or opening an email. Because the tiny file is loaded from a server, and the server can see that your computer is trying to open the page or email, the server can deduce that you have visited the page or viewed the email.
“Do Not Track”
There is not yet an industry consensus on how to handle “Do Not Track” signals, so our website is not yet set up to handle them. In the future, this section will discuss how the “Do Not Track” signals are honored.
Who Else Sees Your Data
Most websites who collect user data have relationships with other companies or people that result in user data being shared with those companies or people. This section explains how those relationships work, and what our relationships with others look like when it comes to your data.
Processors Who Help Us Run Our Site
Most businesses need others’ help to run properly (imagine using eBay without PayPal!). When a business hires another business or uses another business’s services, that other business is sometimes called a third party processor, or a subprocessor.
We try to keep this section up-to-date with who our subprocessors are, and what kinds of information they collect.
As of the date that these terms were last updated, our subprocessors include Typeform, Whistle, WebRezPro, Mailchimp, Google Analytics, Google Tag Manager, PayPal, Tripleseat.
Our subprocessors have access to a variety of information, insofar as their access to the data is necessary to help us provide services to you. Our subprocessors may have access to your full name, home address, email address, and date of birth.
Third Parties We Share Information With
Businesses often have complicated relationships with other businesses. Some companies are owned by other companies, they work with companies that are owned by the same company, they engage in partnerships, and find any variety of ways to work together to bring services and products to the public.
We don’t share any user information with third parties as of the date at the top of this policy. If we ever change that, we’ll let you know!
However, one thing to note – if we ever sell the company, part of the company, or any of the assets of the company, our users’ data would probably be shared with the purchasing company or person. Be aware that sharing of your data might have to happen in that kind of circumstance.
We may always share data, if our legal counsel believes it is required of us, in order to comply with any court order, law, or legal process, including to respond to any government or regulatory request. We may also share data, at our discretion, if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the company, our customers, or others. We may also share data to protect ours or other people’s rights, or in connection with a sale, merger, etc. of the company, or sharing that is necessary for us to run our site or services.
Third Parties Who Share Information With Us
Some companies get information from third parties for a variety of reasons. One example might be if a website is trying to create a more personalized web browsing experience for their users. If a website knows the kind of content you like, and they’re able to share that information with another website, then that other website can also make sure to only show you content that you like. However, there can be any number of reasons why a website needs information from third parties, like for credit checks, allowing users to login through social media, or other reasons.
We don’t collect any information about our users from third parties.
Children Under the Age of Majority
Our Website is not intended for anyone under the age of majority in their respective jurisdiction, and in no case is our website to be used by anyone under the age of 18 years of age. No one under the age of majority may provide any information to or on the Website. We do not knowingly collect personal information from those under the age of majority. If you are under the age of majority, do not use or provide any information on this Website or through any of its features, register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use]. If we learn we have collected or received personal information from a person under the age of majority , we will delete that information. If you believe we might have any information from or about a person under the age of majority, please contact us using our contact information.
Our company makes efforts to provide security to our user data. It’s impossible to guarantee that data security will be 100% effective, that’s why you hear about hacks or viruses all the time now. Small companies, large companies, and even governments are sometimes the victims of cyber attacks. We take steps to protect your data through the use of data encrypted in transit, data encrypted at rest, and regular security training for employees.
Your Choices and Rights
This section describes your choices and rights regarding how we handle your data. In order to protect user data from theft or misuse, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
You won’t have to pay anything to exercise your rights, the only exceptions being if your request is clearly unfounded, repetitive or excessive. In those situations we might also refuse to comply with your request.
We try to respond to all legitimate requests under these rights within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as to when we expect to have the request completed.
Even though these rights are guaranteed for EU users and residents, we are proud to grant the following options to all of our users.
The General Data Protection Regulation is a law passed in the European Union that grants EU internet users a variety of rights regarding their data. Those rights include
- The right to request access to their data;
- The right to request correction of their data;
- The right to request erasure of their data;
- The right to object to the processing of their data;
- The right to request their data in a machine readable format;
- The right to be free of decisions affecting their rights based solely on automated processes; and
- The right to withdraw their consent to undue data processing.
Legal Bases for Processing
The GDPR also requires that companies list their “Legal Basis” for each type of processing. Depending on the circumstances, our legal bases include:
- User consent;
- Necessity for the performance of our obligations to the user; and
- Necessity for the purposes of our justified legitimate interests.
For more information on how legal bases work, please visit https://gdpr-info.eu/art-6-gdpr/.
The rights listed in this section are specific to California residents.
California users are also allowed to opt out of any sales of their personal information that may occur. Users who opt out may opt back in at any time.
California users may request that we delete their personal information, but those requests have some exceptions. One example of an exception would be if you paid for one of our products or services, and then requested that your data be deleted before we could deliver the product or service you paid for.
Processing of Data Outside of the EU
The internet is a complex, interwoven, global structure, so your data may move across the planet. Be aware that this includes areas outside of the European Economic Area.By continuing to use this website, you are telling us that you consent to these transfers, even if the countries your data travels to don’t have the same level of privacy protection as your home country.
If we ever make changes to this policy, we will notify you through the use of banners on the website. We also will notify our users of updates through email.
The date that the most recent updates went into effect is listed at the beginning of this policy.
Cole Di Carlo
4251 County Road 348
Concan, TX 78838