Skip to main content

Privacy Policy

Effective Date: February 16, 2025

Introduction
Welcome to Hidden Leaf Baja. We are committed to protecting your privacy and ensuring your personal information is handled responsibly. This Privacy Policy explains how we collect, use, and safeguard your data when you visit our website or book our services.

 

Information We Collect

We collect personal information to provide you with our services and improve your experience. The types of information we collect include:

  • Personal Information: Name, email address, phone number, billing and shipping address, company information and government-issued ID (if required for verification).
  • Payment Information: Processed securely through Stripe; we do not store your full payment details, including card or bank details).
  • Additional Contacts: Name, email, and phone number (e.g., for group reservations).
  • Booking Information: Dates of stay, accommodation preferences, and special requests.
  • Account Information: If you create an account on our website.
  • Marketing Information: Your preferences for receiving communications from us.
  • Technical Information: IP address, browser type, device information, and website usage patterns through cookies and analytics tools.
  • Mail Logs: Records of emails and communications with us.

 

How We Use Your Information

We use your personal information for the following purposes:

  • To Process Bookings: Manage your reservation, process payments, and confirm your stay.
  • To Provide Services: Arrange concierge services, transfers, wellness sessions, and retreat activities. Manage Retreat Passport subscriptions.
  • To Communicate with You: Send booking confirmations, updates, and customer support responses.
  • For Marketing: Communicate promotions, offers, and updates.
  • To Improve Our Website: Analyze trends and user behavior to enhance the website experience. Improve our services through analytics and feedback.
  • To Comply with Legal Obligations: Maintain records for tax, legal, and regulatory purposes.

 

Legal Basis for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contractual Necessity: To fulfill our obligations in providing services.
  • Legitimate Interests: To improve services and maintain business operations.
  • Consent: For marketing communications (which you can withdraw at any time).
  • Legal Compliance: To meet regulatory obligations.

 

How We Store and Protect Your Data

We use Stripe for secure payment processing and ensure compliance with PCI DSS standards. Your payment details are encrypted and never stored on our servers.

  • Data Security Measures Include:
    • Encryption protocols (SSL) to protect data transmission.
    • Secure servers with access controls.
    • Regular security audits and vulnerability scans.

HLB retains your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Data Retention:
    • Booking & Guest Records: 5 years from your last stay (for customer service and repeat bookings).
    • Payment & Transaction Records: 7 years for tax and audit purposes (as required by U.S. and Mexican law).
    • Credit Card Information: Payment information is not stored by us but handled by Stripe.
    • Retreat Passport Subscription Data: Retained until the subscription ends, plus 3 month for record-keeping.
    • Incident Reports: 7 years (for legal protection).
    • Marketing Data: Email and contact information may be retained for marketing purposes until consent is withdrawn.
    • Contracts & Waivers: 7 years (for legal and liability purposes).
  • Anonymization Policy:

After the retention period expires, HLB will either:

    • Delete the data securely, or
    • Anonymize the data for business insights and analytics. Anonymized data cannot be traced back to any individual and may be retained indefinitely for statistical analysis and service improvements.

 

Sharing Your Information

We only share your information when necessary to provide services or comply with legal obligations:

  • With Payment Processors: Stripe (for secure payment transactions).
  • With Service Providers: Such as transportation companies, chefs, and wellness practitioners (as needed for your booking).
  • With Marketing Platforms: For sending newsletters (only if you have opted in).
  • With Authorities: When required for legal compliance or safety.

We do not sell or rent your personal data to third parties.

 

International Data Transfers

As a global business, your information may be stored and processed outside your country of residence, including in the United States and Mexico. We ensure all transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs) for EU customers.
  • CCPA compliance for California residents.
  • LGPD compliance for Brazilian residents.

 

Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

Under GDPR (EU/EEA):

  • Right to access, correct, or delete your data.
  • Right to restrict or object to processing.
  • Right to data portability.
  • Right to withdraw consent (for marketing).

Under CCPA (California):

  • Right to know what personal data we collect and how it’s used.
  • Right to request deletion of your data.
  • Right to opt-out of data sales (we do not sell data).
  • Right to non-discrimination for exercising privacy rights.

To exercise these rights, contact us at stay@hiddenleafbaja.com.

 

Cookies and Tracking Technologies

We use cookies to enhance your experience on our website. Cookies help us understand how you use our site and improve functionality.

  • Types of Cookies We Use:
    • Essential Cookies: Necessary for site operation.
    • Analytics Cookies: To track website traffic (e.g., Google Analytics).
    • Marketing Cookies: To show you relevant promotions.

You can manage your cookie preferences via your browser settings.

 

Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from minors.

 

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in laws or our practices. We will notify you of significant changes by email or via our website. The latest version will always be posted here with the effective date.

 

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Hidden Leaf Baja
Email: stay@hiddenleafbaja.com
Phone: +52.612.868.9535