Effective Date: August 1, 2024
Latest Update and Release Date: August 1, 2024
Playa Management USA, LLC and our affiliates (“Playa”, “we”, “our” or “us”) always attach great importance on the protection of your personal data. When you make use of the websites owned and/or managed by us (collectively, the “Sites”), make bookings, stay at our resorts, and/or otherwise make use of our services, we collect and process your personal data. Our activities regarding the collection and processing of your personal data are set out in this privacy notice (the “Notice”). For Mexico Playa uses a separate privacy notice. A link to this separate privacy notice is provided under the header ‘Mexico’.
Before using our Sites, services, and/or staying at our resorts, please read this Notice carefully. We will display this Notice or the link to this Notice on our Sites.
If we materially change this Notice, we will actively inform you about this either via email (if we have your email address), and/or on our Sites by notification through a pop-up. We will at all times publish the up-to-date version on our Sites, together with a summary of key changes.
This Notice contains the following:
2. Information on Who is Responsible for the Processing of your Personal Data
3. Ways of Collecting your Personal Data
4. Processing Purposes and Legal Basis
5. Automated Decision-Making
6. Retention Periods
7. Sharing or Disclosure of Personal Data
8. Cross-border Transfer of Personal Data
9. Data Subjects’ Rights and Requests
10. How we Protect your Personal Data
11. Protection of Personal Data of Minors
12. Disclaimer
13. Complaints
14. Mexico
15. United States
Personal data means any information relating to an identified or identifiable natural person. This means information that either directly relates to a natural person, or information that is traceable to a natural person i.e., by combining this with other information.
Examples of personal data include your name, email address, phone number, mailing address, IP address, MAC address, bank account number, credit card details, username, gender, CCTV footage, access information, booking confirmation number and dietary restrictions or other preferences.
The data controller regarding the processing of your personal data is:
· | for the processing in connection with the use of our Sites: | Playa Management USA, LLC |
· | for the processing in connection with your booking and your stay at our resorts: | The management company of the corresponding resort. Please click here for a list of management companies. |
If you have any questions with respect to this Notice or the way in which we process your personal data, you may contact us via email at privacy@playaresorts.com or via mail:
Privacy Matters
Playa Management USA, LLC
1560 Sawgrass Corporate Parkway, Suite 140
Fort Lauderdale, FI, 33323
We collect your personal data in different ways, including but not limited to:
(a) when you provide it to us directly;
(b) through our business partners when you wish to make use of our services;
(c) when you make use of our Sites; and
(d) through digital images or surveillance (i.e., CCTV).
You are not under a legal obligation or otherwise obliged to provide us with your personal data, but if you refrain from doing so, we may not be able to provide you with our services. For example, if you do not provide your information during our booking or check-in process, we are not able to proceed with the process and cannot provide your requested accommodation and other resort services.
This Notice solely describes how Playa handles your personal data, including from the moment we receive your personal data through a third party. This Notice does not and is not intended to describe how third parties from which we receive your personal data from, process your personal data. We have no influence on this.
In connection with the personal data collected during your stay at our resorts, the corresponding management company may designate a third-party to perform this activity.
Please click below to see what information we collect through your use of our Sites.
| Personal Data | Special Category Data | |
|---|---|---|
When you sign up to receive offers and promotions | Name, email address, country and whether you are a travel agent. | N/A |
When you request a brochure delivery (or other hard-copy marketing materials) | Name, email address, mailing address, brand preference and whether you are a travel agent. | N/A |
When you participate in sweepstakes and contests | Information filled out in the sweepstake or contest entry form, usually including name, email address and mailing address, and whether you are a travel agent. | N/A |
When as a travel agent you register for our AgentCash+ preferred agent program | Name, email address, mailing address, home address, phone number, date of birth, registration number with other travel related organizations such as IATA and log-in credentials. | N/A |
Information collected through the use of cookies | N/A |
Please click below to see what personal data we collect when you make a booking for our resorts.
| Personal Data | Special Category Data | |
|---|---|---|
Via our Sites |
| N/A |
Via our partners (tour operators, Online Travel Agencies, travel agents and other partners; collectively, “Partners”) and our franchisors (“Franchisors”) |
| |
Via our call center |
We also record calls. | N/A |
Please click below to see what information we collect when you stay at our resorts.
| Personal Data | Sensitive Data | |
|---|---|---|
When you check-in at the resort | Information included in the registration card to be completed upon check-in, which generally includes: name, email address, mailing address, telephone number, arrival and departure dates and signature. If required by applicable laws, we will also collect a copy of your ID document and/or the number of your ID document. | When checking in guests are asked about any allergies and, if applicable, that information (health related information) is collected. |
When you access your room | Room number and log information (i.e., time and date on which you accessed the room, including entry attempts). | N/A |
When you make a spa reservation | Information included in the spa intake form, which generally includes name, room number, gender and signature. The spa intake form also includes an open field for you to include any other information which you feel we should be aware prior to your spa treatment (i.e., regarding specific physical or health conditions). | Possibly health information, or other special category data you provided in the blank space. |
When you book an activity (such as tours, excursions, or photography service) | Name, email address and other information necessary for the activity, including where applicable, images. | |
When you exchange currency | Name, room number and passport or government issued ID scan or copy | Passport biographical page (from which racial or ethnical information can be retrieved) and passport number/national identification number. |
When you make use of the WiFi-network at our resorts | Depending on the specific resort, information generally includes last name, room number and IP or MAC-address. | N/A |
When you purchase a day pass | Generally, we collect your passport or government issued ID as a safety deposit, but no copies or scans will be made. We may also require you to fill out a registration card or similar form, containing your name and payment method. | N/A |
When you file a loss and accident report | Information provided through the report, including name, age, room number, contact details, signature, and any other information included in the report. | Depending on the nature of the accident or incident, possibly data relating to criminal activity or health information (i.e., physical injury). |
When you make use of our Kids Club services during your stay | Information provided through the Kids Club registration form, generally including: Minors: name, age, and information regarding special requirements (i.e., allergy information). Adults: name, room number, telephone number and signature. We may also request you to sign a waiver. | Possibly health information. |
When you make use of our nanny services during your stay | Information provided through the nanny services request form, generally including: Minors: name, age and information regarding special requirements (i.e., allergy information). Adults: name, room number, telephone number and signature. We may also request you to sign a waiver. | Possibly health information. |
When you enter CCTV surveillance areas | Camera footage. | Possibly data relating to criminal activity. |
When you submit surveys regarding your stay | Name, email address, time and duration of your stay, room number and booking number. We also collect the information you provide when completing a survey (survey input). | We do not collect Sensitive Data, unless you voluntarily disclose it in the survey input. |
For the processing of your personal data, we need a purpose. This purpose differs per processing activity. For example, if you want to make use of our spa services in one of our resorts, we need your information to be able to provide you with the requested services (including registration of your appointment).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Where required by applicable law, we will seek your consent to process your personal data, including in particular your sensitive personal data.
Please find below the purposes for which we process your personal data.
For personal data collected when you make through your Use of our Sites.
| Purpose | |
|---|---|
When you sign up to receive offers and promotions | Sending you our offers and promotions. |
When you request a brochure delivery (or other hard-copy marketing materials) | Responding to your request (i.e., providing you with the requested hard-copy brochures and other marketing materials). |
When you participate in a sweepstakes and contests | Managing your participation in our promotional sweepstakes and contests. Communicating with you about those (including on prizes). |
When as a travel agent you register for our AgentCash+ preferred agent program | Managing your registration for and membership of the AgentCash+ program |
Information collected through the use of cookies |
For personal data collected when you make a booking for our resorts.
| Purpose | |
|---|---|
Via our Sites | Processing bookings and customer management. |
Via our call center | Processing bookings and customer management. Call recordings are made for quality and training purposes. |
When you participate in a sweepstakes and contests | Managing your participation in our promotional sweepstakes and contests. Communicating with you about those (including on prizes). |
For personal data collected when you stay at our resorts.
| Purpose | |
|---|---|
When you check-in at the resort | Providing accommodation and other resort services, customer management, invoicing, contacting you if needed, providing information regarding reservations and handling guest’s requests. |
When you access your room | Protecting the safety and security of the resort, our guests (including their personal belongings), and that of our staff. |
When you make a spa reservation | Registration of your appointment and providing the requested spa services and treatments; customer management and handling requests. |
When you book an activity or request a service (such as tours, excursions, or photography service) | Registration of your requested activity or service, providing the service requested, and customer management. |
When you exchange currency | Providing currency exchange services. |
When you make use of the WiFi-network at our resort | Providing WiFi-services and securing networks. Guest’s room number and last name are collected as WiFi-network users may only register a certain number of devices, allowing us to have control over our network connections, both for security purposes and for connectivity. |
When you purchase a day pass | Providing resort services, processing your payment, and for security purposes. |
When you file a loss and accident report | Safety and security of our resort, associates, guests and visitors; contacting you if needed, insurance purposes and legal purposes (if applicable). |
When you make use of our nanny services during your stay | Providing nanny services and for contacting you if needed. Personal data contained in the waiver is processed for legal purposes. |
When you make use of our Kids Club services during your stay | Providing Kids Club’s services and for contacting you if needed. Personal data contained in the waiver is processed for legal purposes. |
When you submit surveys regarding your stay | Collecting feedback on resort services, improving our resort services and responding to feedback on guest’s experience at our resorts. |
When you enter CCTV surveillance areas | Protecting the safety and security of the resort and its guests and visitors, and our associates. Protecting the personal property of anyone in our resort. |
We do not undertake any automated decision-making activities.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for as set out under Section 4, including for the purposes of satisfying any legal, accounting or reporting requirements.
The retention period varies per processing purpose, but in general terms this means that we will retain your personal data for the duration of your relationship with us and for the length of any applicable statute of limitations for claims which might be brought against us later, or for the duration of any legal proceedings brought by or against us.
There are also certain types of information, such as tax related records, which require to be retained for a certain period by applicable law. We will remove your personal data if we no longer need it for this purpose.
In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
We have not included a list of all named recipients of personal data. This is because we are a large, globally operating company that works with several data recipients, that may also vary per jurisdiction and/or resort. Including all these recipients in this Notice would not contribute to its clarity. We also regularly change suppliers. It would therefore be a large administrative burden to keep an exhaustive list of named recipients up to date. We would also have to update you each time we add or remove a recipient, which we feel would be burdensome for you. We therefore believe that giving you a list of categories of recipients is more transparent and user friendly than including a list of all recipients.
The personal data we collect, we may share with parties including the following:
(a) Group companies: We may share your personal data within our group of companies for administrative, operations, marketing, revenue, legal and accounting purposes, as well as for system maintenance support and hosting of data. Additionally, in the context of a business reorganization or group restructuring exercise, we may transfer your personal data within our group of companies.
(b) Business partners: We may share your personal data with our business partners, including Partners, Franchisors, third party resort owners and their affiliates, membership club operator, insurance brokers, insurance companies and their advisors/third party service providers.
(c) Governmental entities: Upon request from a competent government authority, we share personal data we collect with law enforcement agencies and other governmental bodies.
(d) Companies that process personal data on our behalf: We share personal data with or provide access to third parties who work on our behalf or provide services to us and perform services on our behalf. We obtain consent for such sharing where legally required. Any such third party that processes personal data on our behalf will have to comply with data protection rules and security measures we set. Where appropriate, we will execute a written data processing agreement with this third party
We may transfer your personal data to countries other than the country in which your personal data was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. We will comply with the requirements for cross-border data transfers under applicable law. In addition to the third parties mentioned below, we may also share your personal data within our group of companies, and our Franchisors and their affiliates based in other countries, such as the US.
By clicking on the more information links below, you can find out more about the types of parties we share your personal data with and the countries where your personal data is collected, used, stored, or otherwise processed, and the countries to which your personal data may be exported.
Personal data collected in connection with your use of our Sites.
Personal data collected in connection with your use of our Sites.
| Transfer (including access, sharing and disclosure) | Countries to which information is exported (including for storage) | |
|---|---|---|
When you sign up to receive offers and promotions | For sending marketing communications we use email service providers. Also, your information is uploaded in our centralized customer relationship management database (“CRM”), provided by a third-party service provider. | Personal data is collected, processed and stored in the US |
When you request a brochure delivery (or other hard-copy marketing materials) | For sending marketing materials we provide your information to mailing services providers. Also, your information is uploaded in our CRM, provided by a third-party service provider. | Personal data is collected, processed and stored in the US. |
When you participate in a sweepstakes and contests | For sending communications we use mailing and sweepstakes service providers. Also, if you sign up to receive our direct marketing communications during your sweepstakes registration, your information is uploaded in our CRM, provided by a third-party service provider. | Personal data is collected, processed and stored in the US. |
When you book an activity or request a service (such as tours, excursions, or photography service) | Registration of your requested activity or service, providing the service requested, and customer management. | |
When as a travel agent you register for our AgentCash+ preferred agent program | Our online AgentCash+ platform is maintained by a third-party service provider. | Personal data is collected, processed and stored in the UK and the US. |
Information collected through the use of cookies |
Personal data collected in connection with your use of our Sites.
| Recipients (including transfer, access and disclosure) | Countries to which information is exported (including for storage) | |
|---|---|---|
Via our Sites, call center, Partners and Franchisors | Booking information is disclosed to the relevant resort and payment service providers. Booking information flows through our central reservations system (“CRS”), property management system (“PMS”), and hotel revenue management software (“HRM”). These systems are developed by third parties. If you are enrolled in our membership club program, we will share your name and check-in/check-out date with the membership club operator. For Seadust Cancun Family Resort only, booking information may be disclosed to an affiliate of the third-party resort owner in connection with its vacation club program. | Mexico, Jamaica, Dominican Republic, US, and other locations where Partners or service providers are located. |
Personal data collected in connection with your stay in our resorts.
| Transfer (including access and disclosure) | Countries to which information is exported (including for storage) | |
|---|---|---|
When you check-in at the resort | Your personal data may be disclosed to payment service providers, and if applicable, to Partners, Franchisors, or third-party resort owners. Your personal data flows through our CRS, PMS, and HRM systems. Franchisors may have access to our PMS. If you are enrolled in our membership club program, we will share your name and check-in/check-out date with the membership club operator. For Seadust Cancun Family Resort only, your personal data may be disclosed to an affiliate of the third-party resort owner in connection with its vacation club program. | US and other locations where Partners, Franchisors or service providers are located. |
When you make a spa reservation | If applicable, your information is uploaded in our spa reservations system. | Canada, US. |
When you file a loss and accident report, or otherwise file a claim | Your information may be shared with our insurance brokers, our insurance companies and any third-party advisors hired by our insurance companies, such as adjuster firms and/or defense counsel. Your information may also be shared with the police or other official authorities upon formal request or if deemed necessary by us. If you need to be taken to the hospital by an ambulance, we may provide information to the medical team for your treatment. | US and other locations where recipients and other service providers are located. |
When you submit surveys regarding your stay | For the processing of surveys, we use an external services provider, which received your name and email address. Survey information and input is uploaded into our CRM, which is provided by a third-party service provider. | US and other locations where Partners, Franchisors or service providers are located. |
In the event of an incident during your stay at our resorts | If there is an incident during your stay at our resorts, we may share your personal data with our insurance brokers, insurance company and any third-party advisors hired by the insurance company in connection therewith (i.e., adjuster firms or defense counsel), and our Franchisors. | US and other locations where these parties are located. |
Subject to applicable law, you have the right to access your personal data, the right to rectification, the right to erasure, and the right to object to the processing of your personal data. Most of these rights are not absolute and subject to exemptions in the law, and/or may only apply to certain types of information or processing.
Below we set out your rights in more detail. You can exercise any of your rights by sending an email to privacy@playaresorts.com. We will respond to your request within thirty (30) days but have the right to extend this period for sixty (60) additional days (for example if your request is complex). If we extend the response period, we will let you know within thirty (30) days from your request.
Please note that to help protect your privacy and maintain security, we may take steps to verify your identity before complying with your request including asking for information about your identity or booking. Some jurisdictions permit you to designate an authorized agent for exercising your data subject rights. If you use an authorized agent for submitting a request based on one of your rights, we will ask your agent to provide information to demonstrate the agent has your authorized consent to submit a request hereunder.
If your request is clearly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to comply in such circumstances, unless this is not allowed under applicable privacy laws.
Please click “read more” for more information on what these rights mean for you.
| Your right | Description |
|---|---|
Right to access | You may request that we confirm if we are processing your personal data, and if so, access to your personal data. In such case, we will provide you with a copy of your personal data and certain information relating to the processing. This enables you to check that we are lawfully processing your personal data. Please note that data protection rights and/or freedoms of others may stand in the way of us complying or fully complying with your request. |
Right to correction | You may request that we correct or complete your personal data if it is inaccurate or incomplete. |
Right to erasure | You may request that we delete certain elements of your personal data. There are certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with applicable law or in connection with a claim and/or legal dispute. |
Right to object to direct marketing | You may request that we stop processing your personal data for direct marketing purposes (i.e., opt-out or unsubscribe). |
Right to withdraw consent | You have the right to withdraw your consent at any time if the processing of personal data is based on your consent. Please note that the withdrawal of your consent does not affect the validity of the processing prior to your withdrawal. If you withdraw your consent, we may continue processing your personal data if we need it for another lawful purpose. |
We have adopted appropriate administrative, technical, organizational and physical safeguard measures to adequately protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, modification, access, disclosure or use. Specific measures include, but are not limited to:
(a) technical measures that are compliant with industry standards, such as encryption techniques and access control;
(b) data security management regulations, such as a data compliance policy, security management regulations, non-disclosure agreements, employee training on personal data and data protection, and legally binding contracts or agreements; and
(c) information security response emergency system, that is, in case of information security event, we will immediately start emergency measures according to provisions of applicable laws and regulations.
Minors (individuals under the age of 18) should not provide us with personal data. If you – as a person with parental responsibility over the minor – notice that your minor has provided us with personal data without your approval (for instance, by submitting an incorrect age), you may contact us via email at privacy@playaresorts.com.
For your convenience and information, our Sites may contain links to third party websites or applications. These third parties may have their own privacy policies to protect the personal data they collect. We are not responsible for the privacy protection of data collected through others. When clicking related links or accessing related Sites, please pay attention to the security of your personal data, and carefully read the privacy policy of the related party.
If you have any complaints about the processing of your personal data, or if you have any inquiries in connection with this Notice, you may contact us via email at privacy@playaresorts.com. We will respond within a reasonable time limit (ultimately within thirty (30) days from the moment of completion of the investigation of the complaint).
If the Mexican Federal Law on the Protection of Personal Data held by Private Parties applies, our Mexican Privacy Notice Applies.
For the US, the following applies in addition to the paragraphs 1-13. If there is a conflict between this paragraph 15 and the remainder of this Notice, the contents of this paragraph 15 prevail.
(i) If you are a Colorado, Connecticut, or Virginia resident, you have the right to opt-out of the processing of your data when your data is being used to create a profile for use in decisions that are legally significant, such as banking services, housing, insurance, education, employment, healthcare, or criminal justice. However, we do not process your personal data to create a profile for use in a decision that could produce a legal or similarly significant effect.
(ii) If you are a California resident, we only use and disclose your sensitive personal information for purposes that are specifically allowed for by the California Consumer Privacy Act and its regulations. Those purposes can be found in the California Consumer Privacy Act Regulations in Section 7027(m), and include things to perform the service or provide the goods you request or to ensure the physical safety of a person.
(iii) For California and/or Colorado residents, the following additional Data Subjects Rights and Requests apply:
Right to know about disclosure and sales of data (California residents only) | You may request that we disclose certain information about how we have sold or disclosed your personal data in the prior 12 months, if applicable, including: the categories of personal data collected; categories of third parties to whom your personal data has been sold or transferred, accompanied with, per category of third party, the specific categories of personal data sold; categories of third parties to whom personal data has been disclosed; and the categories personal data that we have disclosed or shared with a third party for a business purpose. |
Right to opt-out of our sale or sharing of your personal data (California and Colorado residents only) | You may limit the transfer of your personal data where Playa “sells” personal data, by visiting our [Do Not Sell or Share My Personal Data Page], or by submitting a Do Not Sell or Share My Personal Data request by clicking on the link in the footer of this Site. Please understand that the California Consumer Privacy Act, Colorado Privacy Act, and the Connecticut Personal Data Privacy Act define the term “sale” very broadly to include the transfer of data for valuable consideration, not simply selling your data for monetary compensation. If you opt out of the sale or sharing of your personal data, we will no longer disclose your personal data with the vacation club at Seadust Cancun Family Resort (which is operated by an affiliate of the third-party resort owner), where such disclosure would be construed as a “sale” or “share” under the California Consumer Privacy Act, Colorado Privacy Act, and the Connecticut Personal Data Privacy Act. You may also limit transfer of your personal data where Playa “sells” or “shares” your personal data via “online tracking technologies”, such as pixels, web beacons, software developer kits, third party libraries, and cookies through an opt-out preference signal described below as “targeted advertising.” |
Right to appeal (Colorado and Virginia residents only) | You have the right to appeal a decision that we make regarding a consumer rights request that you have submitted. To exercise this right, you may contact us via email at privacy@playaresorts.com |
Right to opt out of processing for targeted advertising | You have the right to opt out of the processing of your personal data for targeted advertising. You may limit transfer of your personal data where Playa discloses your personal data via “online tracking technologies”, such as pixels, web beacons, software developer kits, third party libraries, and cookies through an opt-out preference signal. To opt-out in this way, please download and use a browser supporting the Global Privacy Control (GPC) browser signal, or contact us via email at privacy@playaresorts.com. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. More information on the GPC may be found at https://globalprivacycontrol.org/. |
Right not to receive discriminatory treatment for exercise of your privacy rights (California residents only) | California residents have the right to not receive discriminatory treatment by us for the exercise of your privacy rights. |
The Data Protection Act, 2020 and its requirements apply to residents of Jamaica. For residents of Jamaica, the following applies in addition to the paragraphs 1-13. If there is a conflict between this paragraph 16 and the remainder of this Notice, the contents of this paragraph 16 prevail.
(i) You can exercise any of your rights by sending an email to privacy@playaresorts.com. We will respond to your request within thirty (30) days but have the right to extend this period for forty-five (45) additional days (for example if your request is complex). If we extend the response period, we will let you know within thirty (30) days from your request.
(ii) The following additional Data Subjects Rights and Requests apply:
Right to prevent processing | You have the right to request that Playa restricts the processing of your personal data for a specified purpose or in a specified manner in certain situations. These situations are: (i) the processing of your personal data is causing you or is likely to cause, substantial damage or substantial distress, (ii) your personal data is incomplete, or irrelevant for the purpose of processing, (iii) the processing of your personal data is prohibited under any law, or (iv) your personal data has been retained by Playa for longer than the period of time for which it may be retained by Playa under any law. |
Right to automated decision making | You may require Playa to ensure that no decisions that are fully automated and are based solely on the processing, by automatic means, of personal data in respect of the Data Subject for the purpose of evaluating matters relating to the data subject. Exempted are decisions that are to decide on whether to enter into a contract with a Data Subject, provided safeguards have been taken. Playa currently does not undertake fully automated decision making. |
Right to appeal | You have the right to appeal a decision that we make regarding a consumer rights request that you have submitted. To exercise this right, you may contact us via email at privacy@playaresorts.com |