Privacy Policy

Casa de Campo Resort & Villas (“Casa de Campo”, “we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information of our guests, villa owners, website visitors, and other individuals who interact with us.

This Policy applies to our websites, mobile applications, reservation systems, and any services provided by Casa de Campo, whether online or offline.

Casa de Campo Dominicana, S.A.
Km. 11½ Carretera La Romana–Higüey
La Romana 22000, Dominican Republic

Privacy Office Contact: privacy@casadecampo.com.do

We may collect the following categories of personal information:

• Identifiers: name, passport/ID information, date of birth, gender, nationality.
• Contact information: address, email, phone.
• Reservation and payment information: credit card or billing details, transaction history.
• Preferences: dietary requests, special needs, service preferences.
• Health data: information you voluntarily provide (e.g., allergies, mobility, spa treatments).
• Technical information: device ID, IP address, browser type, cookies.
• Usage data: interactions with our websites, apps, Wi-Fi, or guest services.
• Correspondence: when you contact us with inquiries or complaints.

We do not knowingly collect personal data from children under 13 (U.S./DR/Brazil). In the EEA/UK, if parental consent is required, we apply the national minimum age (between 13 and 16).

We use personal information for purposes including:

• Processing reservations, payments, and guest services.
• Managing your stay and providing personalized service.
• Meeting legal obligations (immigration, tax, accounting, guest registries).
• Sending service communications and (with your consent where required) marketing communications.
• Analyzing trends to improve services and guest experience.
• Security, fraud prevention, and legal compliance.

Depending on your location, we process your information on the following bases:

• Contract: to fulfill reservations and provide services.
• Legal obligation: to comply with tax, immigration, and safety requirements.
• Legitimate interests: to improve operations, ensure security, and communicate relevant offers (balanced against your rights).
• Consent: for marketing, non-essential cookies, and health/sensitive data. You may withdraw consent at any time.

We use cookies and similar technologies:

• Strictly necessary cookies for site functionality.
• Analytics and personalization cookies (set only with consent in the EEA/UK/Brazil).
• Advertising cookies for targeted ads. In the U.S., this may constitute a “sale” or “sharing” of personal information.

Your choices:

• In the EEA/UK/Brazil: non-essential cookies only after you opt in via our Cookie Banner.
• In the U.S.: you may opt out of sale/share by clicking “Your Privacy Choices” and via the Global Privacy Control (GPC) signal.
• For all users: see our [Cookie Notice] for details and to manage preferences.

We may share personal information with:

• Service providers/processors (e.g., payment processors, IT, marketing, customer support).
• Business partners (e.g., travel agencies, villa owners, charter operators) as needed to fulfill services.
• Government/regulators (immigration, law enforcement, courts).
• Affiliates within the Casa de Campo / Costasur group.
• Prospective buyers/investors in case of merger, acquisition, or restructuring.

We do not share your email or contact information with third parties for their own direct marketing without your explicit consent.

Your information may be processed outside your home country, including in the Dominican Republic, the United States, and the European Union.

When transferring data internationally, we use appropriate safeguards such as:

• EU Standard Contractual Clauses (SCCs),
• UK International Data Transfer Addendum (IDTA),
• LGPD-compliant transfer agreements,
• Technical and organizational measures (encryption, restricted access).

We may process health information or other sensitive data only:

• With your explicit consent, or
• Where required to protect vital interests or comply with the law.

This information is minimized, access-restricted, and retained only as long as necessary.

We apply administrative, technical, and physical safeguards, including:

• Encryption in transit and at rest.
• PCI DSS-compliant card processing.
• Multi-factor authentication for sensitive systems.
• Access controls and staff training.

Where required by law, we notify affected individuals and regulators of data breaches.

We keep personal information only as long as needed for the purposes described, or as required by law. Typical retention periods include:

• Reservations/guest profile: up to 7 years.
• Financial/transaction data: up to 10 years.
• CCTV: 30–90 days.
• Marketing data: until consent is withdrawn.
• Sensitive/health data: only for the duration of the service.

Depending on your location, you may have rights to:

• Access, correct, or delete your personal information.
• Restrict or object to our processing.
• Withdraw consent.
• Opt out of marketing and (in the U.S.) opt out of sale/share or limit use of sensitive personal information.
• Data portability.
• File a complaint with a supervisory authority (EU/UK data protection authority, Brazilian ANPD, Dominican regulator, or California Privacy Protection Agency).

We respond within the earliest applicable deadline: 1 month (EU/UK), 15 days (Brazil), 10–15 days (Dominican Republic), or 45 days (U.S.).

Our services are not directed to children under 13. In the EEA/UK, parental consent is required for children under the national minimum age (13–16).

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised “Effective Date.”

For privacy questions or to exercise your rights, contact:

Casa de Campo Privacy Office
Email: privacy@casadecampo.com.do
Address: Km. 11½ Carretera La Romana–Higüey, La Romana 22000, Dominican Republic

We use tracking technologies including form data collection and retention tools, advertising trackers, and Google reCAPTCHA (for fraud prevention and site security). These may collect information such as device identifiers, browsing behavior, and your interactions with our forms.

You can manage your tracking preferences at any time by clicking on Your Privacy Choices in our footer.

• In the EEA, UK, and Brazil, we will only activate non-essential tracking (including advertising and analytics) if you give us your prior consent.
• In the United States, you may opt out of the “sale” or “sharing” of personal information for advertising purposes at any time using the Your Privacy Choices link, and we honor the Global Privacy Control (GPC) signal.
• In all jurisdictions, strictly necessary technologies such as reCAPTCHA are used to protect against fraud and abuse, and operate under our legitimate interests or legal obligations.

While older “Do-Not-Track” (DNT) browser signals are not standardized, we follow legally recognized opt-out signals, including GPC where applicable.

• Subject to applicable law, Casa de Campo shall not be liable for any indirect, incidental, consequential, special, or punitive damages arising out of or relating to this Privacy Policy or the processing of personal information, including loss of data, business, goodwill, or profits, even if foreseeable. Our total liability for any claims relating to personal information shall not exceed the amount paid by you for the services giving rise to such claim, if any.
• Casa de Campo does not warrant or guarantee that your personal information will be completely secure against all unauthorized access or misuse. While we implement industry-standard safeguards, no system or transmission over the Internet can be guaranteed to be 100% secure.
•  Casa de Campo is not responsible for damages arising from the acts or omissions of third parties, including service providers not under our direct control, unauthorized actors such as hackers, or your own negligence (such as failure to safeguard passwords or devices).

You agree to indemnify and hold harmless Casa de Campo Dominicana, S.A., its affiliates, officers, employees, and agents from any claims, damages, liabilities, costs, or expenses (including reasonable legal fees) arising out of:

• Your violation of this Privacy Policy,
• Misuse of our services, or
• Infringement of any rights of third parties.