Privacy Policy

Personal Details You Give Us

When you book a stay or sign up for our spa services, we'll ask for the basics - your name, email, phone number, and mailing address. If you're paying by card, we'll need those payment details too (though we don't actually store full credit card numbers on our servers).

Reservation & Preference Info

To make your stay incredible, we keep track of your room preferences, dietary restrictions for our restaurant, spa treatment history, and any special requests you've made. Love a particular room with mountain views? We'll remember that for next time.

Technical Data

Like most websites, we collect some technical stuff automatically - your IP address, browser type, device info, and how you navigate through our site. This helps us fix bugs and make the booking experience smoother.

Communications

If you email us, call our front desk, or chat with our concierge team, we might keep records of those conversations. It helps us provide better service and remember what you're looking for.

• Processing Reservations: Obviously, we need your info to book your room, confirm your spa appointments, and handle payments. Can't run a hotel without that.
• Personalizing Your Experience: We use what we know about your preferences to customize your stay - whether that's preparing your favorite wellness tea or suggesting hiking trails you'd enjoy.
• Communication: We'll send you booking confirmations, pre-arrival info, and follow-up messages. If you've opted in, we might also share special offers or updates about new amenities.
• Improving Our Services: Your feedback and usage patterns help us figure out what's working and what needs tweaking. Maybe we need more evening yoga classes or a different breakfast menu.
• Legal Compliance: Sometimes we're required by Canadian law to keep certain records or share information with authorities. We only do this when legally obligated.
• Security & Fraud Prevention: We monitor for suspicious activity to protect both you and us from fraudulent bookings or security breaches.

We're not in the business of selling your information - that's not our style. But we do work with some trusted partners to keep things running smoothly:

Service Providers

Payment processors, booking system platforms, email service providers, and our website hosting company. These folks need limited access to do their jobs, and they're contractually bound to protect your data.

Adventure & Experience Partners

When you book excursions or outdoor activities through our concierge, we'll share relevant details with those tour operators. They need to know who's coming and any safety considerations.

Legal Requirements

If the law requires it or if we need to protect our rights, we might share information with legal authorities or in legal proceedings. This is rare but necessary sometimes.

Business Transitions

In the unlikely event that Lumirion Odyssey is acquired or merged with another company, your information would be part of that transfer. We'd make sure any new owners respect these same privacy commitments.

Yeah, we use cookies - and not the chocolate chip kind, unfortunately. These are small files that help our website remember you and work properly.

Essential Cookies

These keep the site functional - they remember what's in your booking cart, keep you logged in, and make sure the site doesn't break. We can't really turn these off without ruining the experience.

Analytics Cookies

We use tools like Google Analytics to understand how people use our site. Which pages get visited most? Where do people get stuck? This helps us improve things.

Marketing Cookies

These track whether you came from an ad or promotional campaign, and help us show you relevant content. You can opt out of these through the preferences tool below.

Under Canadian privacy law (PIPEDA and provincial regulations), you've got some solid rights when it comes to your personal information. Here's what you can do:

Security isn't just an IT department thing for us - it's baked into everything we do. Here's how we protect your information:

• Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols. Same for stored data - it's encrypted at rest.
• Access Controls: Only team members who actually need access to your information get it. Everyone's trained on privacy best practices and signs confidentiality agreements.
• Secure Payment Processing: We use PCI-DSS compliant payment processors. Your credit card numbers never touch our servers directly.
• Regular Security Audits: We test our systems regularly for vulnerabilities and keep everything updated with the latest security patches.
• Physical Security: Our servers are housed in secure data centers with 24/7 monitoring and restricted access.
• Backup & Recovery: We maintain secure backups so your reservation info isn't lost if something goes wrong technologically.

That said, no system is 100% bulletproof. If we ever experience a data breach that affects your information, we'll notify you and the relevant authorities as required by Canadian law. Transparency matters, especially when things go sideways.

While we love welcoming families to Lumirion Odyssey, our website and booking services aren't designed for kids under 13 to use independently. We don't knowingly collect personal information from children.

If you're booking for a family stay, that's totally fine - parents or guardians handle the reservation. We might collect basic info about children traveling with you (like ages for room setup or dietary needs), but that's always provided by an adult.

If you think we've accidentally collected information directly from a child, please reach out immediately and we'll delete it. No questions asked.

We're located in beautiful British Columbia, Canada, and most of our data stays right here in Canadian servers. However, some of our service providers operate internationally, which means your information might occasionally cross borders.

When we do work with providers outside Canada (like certain cloud services or analytics tools), we make sure they meet Canadian privacy standards. Any data transfers comply with PIPEDA requirements for cross-border information flow.

For our European guests: While we're primarily focused on Canadian privacy law, we respect GDPR principles and will honor your rights under EU regulations. Just let us know you're requesting access under GDPR when you reach out.

Bottom line - no matter where you're coming from, we treat your data with the same level of care and protection.

Things change - laws evolve, technology advances, and we're always looking for ways to improve how we protect your privacy. When we update this policy, we'll post the new version here with an updated "Last Modified" date at the top.

For minor tweaks (like fixing typos or clarifying language), we'll just update the page. But if we make significant changes that affect how we use your data, we'll give you a heads up via email or a prominent notice on our website.