top of page

Privacy Policy

Privacy Policy of Lux Grand Travels

 

This Privacy Policy for Lux Grand Travels (the "Policy") is established and made effective as of July 29, 2025, by Linette Almasi, an individual residing in the State of California and operating under the business name "Lux Grand Travels" in the State of California. WHEREAS, Lux Grand Travels provides customized travel planning services, acting as an intermediary between clients and third-party suppliers, and, in the course of its business operations, collects, uses, and processes personal information from its clients; WHEREAS, Lux Grand Travels is committed to respecting and safeguarding the privacy and security of its clients' personal and sensitive information, including but not limited to email addresses, scheduling information, and payment authorization data processed via third-party PCI-compliant platforms (such as Tern); WHEREAS, this Policy is designed to fulfill the requirements of applicable privacy and data protection laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), relevant U.S. federal law, and the General Data Protection Regulation (GDPR) for European visitors; WHEREAS, this Policy addresses the methods of collection, use, sharing, and protection of personal information, the rights of clients regarding their data, and Lux Grand Travels' commitment to both compliance with legal standards and client transparency; NOW, THEREFORE, Lux Grand Travels establishes this Policy to inform all clients and users of its practices, and to ensure clear and effective communication regarding privacy matters in connection with the services provided. This Policy shall remain in effect until amended or terminated in accordance with applicable law and Lux Grand Travels' internal policies.

 

 

1. Introduction And Scope

 

This section outlines the purpose, application, and scope of this Privacy Policy for Lux Grand Travels (hereinafter referred to as 'Lux Grand Travels'). The Policy is intended to inform all clients and users (hereinafter referred to as 'Client') of the privacy practices regarding the collection, use, sharing, and protection of personal information (hereinafter referred to as 'Service') in connection with the Lux Grand Travels website (hereinafter referred to as 'Website'). Lux Grand Travels is committed to operating in compliance with applicable privacy laws, including U.S. federal laws, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR) for European visitors. This Policy applies to all personal information collected through the Website and other communication channels used by Lux Grand Travels while providing travel advisory and booking services. Clients are encouraged to review this Privacy Policy to understand how Lux Grand Travels handles their personal data and what rights they have under various privacy regulations.

 

2. Information Collected

 

In the course of providing services, Lux Grand Travels collects various categories of personal information from Clients. The personal information collected may include, but is not limited to, the following categories: a. Personal Information: This includes the Client's name, email address, phone number, preferences, and in certain circumstances, passport or identification data if submitted. In some instances, only email addresses are collected for purposes such as scheduling via calendar systems or Zoom meetings. b. Payment Information: Payment authorization data is managed securely through third-party PCI-compliant platforms such as Tern. Lux Grand Travels does not directly store or process Clients' payment information. c. Cookies and Analytics: Lux Grand Travels collects information via cookies and similar tracking technologies to enhance Clients’ browsing experience on the Website. This may include data related to Clients’ usage patterns, preferences, and interaction with the Service.

 

3. Lawful Basis For Collection And Processing

 

Lux Grand Travels collects and processes Personal Information based on several lawful grounds in accordance with applicable data protection laws such as the CCPA, CPRA, and GDPR. These legal bases include, but are not limited to:

 

 a. Consent: We obtain your explicit consent to process your Personal Information when required. For example, when you inquire about our travel services or voluntarily provide information for trip planning and bookings.

 

 b. Contractual Necessity: Processing Personal Information is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract. This includes coordinating bookings, trip planning, payment authorization through our PCI-compliant platform (such as Tern), and other travel-related services.

 

 c. Legal Obligation: We may process your Personal Information to comply with legal obligations to which we are subject, such as regulatory requirements and compliance with court orders.

 

 d. Legitimate Interests: Processing Personal Information may be necessary for the purposes of legitimate interests pursued by Lux Grand Travels or third parties, provided that such interests are not overridden by your fundamental rights and freedoms. This includes using analytics tools for improving our service offerings, communication through Microsoft 365, and engaging in business operations.

 

 We ensure that Data Subject rights under the GDPR, CCPA, and CPRA are respected, and any data processing activities adhere strictly to these regulations. All payment information is processed securely via Tern, a PCI-compliant platform. We also use third-party platforms (Wix, Tern, Microsoft 365, Zoom, Google) for data management, ensuring they comply with relevant data protection standards.

 

4. Use Of Personal Information

 

Lux Grand Travels uses Client Personal Information primarily for the purpose of providing high-quality travel planning and coordination services. Specifically, the information collected is used in the following ways: a. Trip Planning: Client Personal Information is utilized to design and organize customized travel itineraries, including the selection of destinations, accommodations, and activities. b. Booking with Suppliers: Necessary details are shared with third-party suppliers (e.g., airlines, hotels, tour operators) to secure reservations and bookings on behalf of the client. c. Communication: Client contact information, such as email addresses and phone numbers, is used to facilitate effective communication, including schedule confirmations, travel updates, and customer support. d. Newsletters: Client contact information may be used to send newsletters and promotional offers pertaining to travel services provided by Lux Grand Travels, provided that clients have opted in to receive such communications. e. Email Scheduling and Meetings: Email addresses are primarily used to arrange and confirm meetings, consultations, and any necessary follow-ups with clients. f. Payment Authorization: Payment details are processed through a third-party payment platform, Tern, which is PCI-compliant. Lux Grand Travels does not store payment information directly. g. Analytics and Website Cookies: Data collected through website cookies may be used for analytics purposes to enhance the client experience and improve service offerings. This involves analyzing website usage patterns and client preferences.

 

5. Sharing And Disclosure Of Personal Information

 

Lux Grand Travels values your personal information and is committed to its protection. However, in order to provide our travel planning services, it is necessary to share certain Client data under specific circumstances. These circumstances include:

 a. Travel Suppliers: Personal Information may be shared with airlines, cruise lines, hotels, tours, and other travel service providers (collectively, 'Suppliers') to facilitate booking and fulfilling your travel arrangements.

 b. Destination Management Companies (DMCs): We may share your personal details with local DMCs responsible for handling your travel logistics in your destination country.

 c. Third-Party Platforms: We utilize various technology and service providers to enhance our services and streamline operations. These include:

  1. Wix for website hosting and analytics,

  2. Tern for client management and booking services, which also securely handles payment information as it is a PCI-compliant platform,

  3. Microsoft 365 for email communications,

  4. Zoom for virtual meetings. Data processed on these platforms may be subject to international processing as detailed in <<Clause 8: International Data Transfers>>.

 d. Travel Insurance Partner: In cases where you opt for travel insurance, personal information necessary for issuing the insurance policy will be shared with our travel insurance partner.

Please be assured that Lux Grand Travels does not share personal information with employees or contractors—only the owner has access. All sharing of personal data is conducted in a manner consistent with applicable privacy laws and solely for the purpose of enhancing and ensuring the effectiveness of the services provided to you.

 

6. Data Storage, Security, And Retention

 

Lux Grand Travels is committed to ensuring the highest standards of data storage, security, and retention for its clients' personal information. All client information, primarily emails and scheduling details, is securely stored using our calendar system and Zoom. For client management and payments, the data is handled through Tern, which implements comprehensive security measures to safeguard the information. Our security protocols include encryption, strong passwords, and two-factor authentication to prevent unauthorized access. Only the agency owner, Linette Almasi, has access to client information, ensuring the utmost confidentiality. No direct collection or storage of credit card information occurs, as all payment processing is handled by third-party PCI-compliant platforms as stated in Section 5: Sharing and Disclosure of Personal Information.

 

Data retention is managed according to the policies of the utilized platforms. Each of these platforms has its own defined retention period, ensuring that data is not kept longer than necessary. Furthermore, client data is never shared with employees or contractors, and all processing activities are conducted internally by Linette Almasi.

 

In the event of a data breach, Lux Grand Travels follows strict notification procedures in compliance with applicable regulations to promptly inform affected clients and mitigate any potential damage. Detailed processes for data breach responses are covered in Section 12: Data Breach Notification Procedures.

 

7. Cookies And Tracking Technologies

 

Lux Grand Travels uses cookies and various tracking technologies on our Website to enhance user experience, analyze site usage, and personalize content. Cookies are small text files stored on your device that help us remember your preferences and recognize your return visits. The types of cookies we use include session cookies, which expire once you close your browser, and persistent cookies, which remain on your device until they expire or are deleted. These cookies assist in improving functionality and performance by tracking user behavior and store user-preferred settings.

 

Our Website is hosted and powered by Wix, which also provides analytic tools to gather data on user interactions with our Website. These analytic tools help us to understand how users navigate and use our site, enabling us to improve our services and menu offerings. The information collected through these tracking technologies may include but is not limited to, your IP address, browser type, operating system, pages visited, time spent on the site, and links clicked.

 

You have the option to manage and block cookies through your browser settings. However, please note that disabling cookies may affect the functionality of our Website and the quality of your browsing experience. For more detailed information on these controls and how to opt out of cookies, please refer to your browser's help documentation. By continuing to use our Website, you consent to our use of cookies and tracking technologies as described in this Policy.

 

8. International Data Transfers

 

Lux Grand Travels does not intentionally transfer personal data of clients outside the United States. However, the Third-Party Platforms (as defined in Clause 5) that we utilize, such as Google, Microsoft, and Zoom, may process data internationally in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) for clients who are located in the European Economic Area (EEA). This means that when Data Subjects use our services, personal information may be processed by these Third-Party Platforms in locations outside the United States, primarily for the purposes of data storage, security, and service functionality. Lux Grand Travels ensures that any such international data processing activities are conducted in compliance with GDPR and other relevant data protection laws to ensure adequate protection of personal data. Lux Grand Travels has implemented appropriate safeguards, including contractual clauses, to protect personal data during international transfers. Clients can find further details regarding the sharing and disclosure of personal data in Clause 5 of this Policy.

 

9. Client Rights And Choices (Including Ccpa/Cpra And Gdpr Rights)

 

Clients have certain rights regarding their Personal Information under applicable privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR). As a client of Lux Grand Travels, you are entitled to the following rights:

 

 a. Right to Access: You have the right to request access to the Personal Information we hold about you. This includes obtaining a copy of your Personal Information and understanding the purposes for which it is being processed.

 

 b. Right to Correction: If you believe that any Personal Information we hold about you is inaccurate or incomplete, you have the right to request its correction or update.

 

 c. Right to Deletion: You have the right to request the deletion of your Personal Information under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or if you withdraw your consent.

 

 d. Right to Data Portability: You have the right to request a copy of your Personal Information in a structured, commonly used, and machine-readable format, and to have that information transmitted to another data controller where technically feasible.

 

 e. Right to Restriction of Processing: You may request that we restrict the processing of your Personal Information under certain conditions, such as if you contest the accuracy of your Personal Information or if the processing is unlawful.

 

 f. Right to Object: You have the right to object to the processing of your Personal Information in certain circumstances, including when we process your data for direct marketing purposes.

 

 g. Right to Not Be Discriminated Against: You have the right not to be discriminated against for exercising any of your privacy rights under applicable laws.

 

 To exercise these rights, you may contact us via email at privacy@luxgrandtravels.com, through our online request portal available on our website, or by calling our dedicated privacy hotline at 213-262-9939.For California residents and European visitors, please note that additional special procedures and requirements may apply as per CCPA/CPRA and GDPR compliance guidelines. Lux Grand Travels will respond to your request in accordance with the applicable legal timeline and ensure that your privacy rights are respected.

 

10. Children's Privacy

 

Lux Grand Travels is dedicated to protecting the privacy of children under the age of 16. We do not knowingly collect, solicit, or process Personal Information from minors without obtaining verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA) and the General Data Protection Regulation (GDPR). If a Data Subject is identified as a minor (under 16 years of age), we will take immediate steps to delete any collected data unless parental consent is obtained. Any parent or guardian who becomes aware that their child has provided us with Personal Information without their consent should contact us immediately, allowing us to take appropriate action to delete such data. Lux Grand Travels also ensures that data protection measures applicable to minors are properly enforced and regularly reviewed to maintain compliance with all relevant privacy laws.

 

11. Do Not Sell Statement

 

Lux Grand Travels is committed to protecting the privacy and personal information of our clients. To this end, Lux Grand Travels explicitly states that we do not sell Personal Information collected from clients to any third party for monetary or other valuable considerations. Personal Information provided to us is used solely for the purpose of delivering and improving our customized travel services. This includes, but is not limited to, itinerary planning, supplier coordination, booking arrangements, and related travel support. Any use of Personal Information by Lux Grand Travels is strictly confined to these service-related activities. For more detailed information on how Personal Information is collected, used, and protected, please refer to Section 2 and Section 4 of this Policy.

 

12. Data Breach Notification Procedures

 

In the event of a Data Breach compromising Personal Information, Lux Grand Travels commits to the following steps to ensure effective response and notification in line with legal and regulatory requirements:

 

a. Immediate Investigation: Upon identifying or being informed of a potential Data Breach, the owner and relevant personnel will promptly initiate an investigation to determine the scope, cause, and impact of the breach.

 

b. Containment and Rectification: Appropriate measures will be taken to contain the breach and prevent further unauthorized access. This may include isolating affected systems, changing access credentials, and implementing additional security measures.

 

c. Notification of Affected Clients: If it is determined that the breach poses a significant risk to the rights and freedoms of individuals, affected clients will be notified as soon as possible. The notification will include detailed information about the breach, the nature of the compromised data (emails, scheduling details), and recommendations for affected parties to protect themselves from potential harm.

 

d. Compliance with Reporting Requirements: Lux Grand Travels will adhere to all applicable legal and regulatory reporting requirements. This will include notifying relevant data protection authorities within the mandated timeframes and providing them with detailed reports of the breach.

 

Given that Lux Grand Travels collects minimal data, primarily emails and scheduling details, the risk is limited. However, all procedures to ensure notification and compliance are firmly in place to protect clients.

 

e. Post-Breach Review: After managing the breach, Lux Grand Travels will conduct a comprehensive review to understand the vulnerabilities that led to the incident. Necessary changes and updates to the data security practices will be implemented to prevent future breaches.

 

13. Dispute Resolution

 

In the event of any dispute, claim, or controversy arising out of or relating to this Policy or the breach, termination, enforcement, interpretation, or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in California before a sole arbitrator. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures. Judgment on the award may be entered in any court having jurisdiction. This clause shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction.

 

Prior to initiating any arbitration, the parties agree to attempt in good faith to resolve any dispute informally. This includes, but is not limited to, engaging in at least one mediation session administered by JAMS, with each party to bear its own costs.

 

Client's rights under the CCPA/CPRA to seek statutory damages or other relief in a court of law are not limited by this Dispute Resolution clause.

 

Lux Grand Travels' liability, whether in arbitration or other court of law, shall be limited to direct damages, and under no circumstances shall Lux Grand Travels be liable for any indirect, incidental, consequential, special, or punitive damages, loss of profits, or harm to goodwill.

 

14. Changes To This Privacy Policy

 

Lux Grand Travels reserves the right to amend this Privacy Policy at any time to reflect changes in our practices, legal requirements, or technological advancements. When significant changes are made to this Policy, we will notify our clients via email at least 30 days prior to the changes taking effect. We will also update the 'Effective Date' at the top of this document to indicate when the changes were made. Continued use of our services after the effective date of any amendments shall constitute your acceptance of the changes. We encourage you to review this Policy periodically to stay informed about how Lux Grand Travels is protecting your information.

 

15. Contact Information And Privacy Inquiries

 

If you have any questions, concerns, or requests regarding your privacy or the handling of your personal information, Lux Grand Travels encourages you to contact us using the details provided below. We are committed to addressing your inquiries and ensuring that your privacy rights are respected.

 

For direct privacy inquiries or requests related to your personal data, you may reach out to us through the following methods:

 

a. Email: privacy@luxgrandtravels.com - For privacy-related questions, concerns, or requests to exercise your privacy rights such as access, deletion, or correction of your personal information.

 

b. Online Portal: Please visit our Privacy Inquiry Portal at www.luxgrandtravels.com/privacy-inquiry to submit your privacy requests or ask privacy-related questions online.

 

c. Phone: Call us at +1 (213) 262-9939 during our business hours (9 AM - 6 PM PST, Monday to Friday) for immediate assistance with your privacy inquiries.

 

For any other requests or clarifications related to this Privacy Policy or how we handle your personal information, you may use any of the contact methods listed above. We strive to respond to all privacy inquiries within 30 days of receipt. If we require additional time, we will communicate the reason and the extension period to you.

 

16. Governing Law

 

This Privacy Policy for Lux Grand Travels shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law principles. Any disputes arising from or relating to the interpretation, application, validity, or enforcement of this Policy, including but not limited to matters covered under the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR), shall be subject to the exclusive jurisdiction of the state and federal courts located in California. Lux Grand Travels, based in California, ensures that all businesses operations and data handling practices comply with California law and applicable federal regulations, as well as any international privacy protections relevant to our clientele, including those stipulated under the GDPR for European visitors.

 

 

​​

I certify that the information provided above is true and accurate to the best of my knowledge.
Date: August 29, 2025
 

bottom of page