Privacy Policy

REGISTERED DETAILS

03 How We Use Your Information

We use the personal information we collect for the following purposes:

• Reservation Management: Processing and confirming bookings, sending pre-arrival information, coordinating check-in and check-out, and managing your stay via Guesty.
• Payment Processing: Charging rental fees and security deposits, and processing refunds via Stripe, Inc. Stripe processes all payment transactions through our US Stripe account on our behalf.
• Regulatory Compliance: Meeting Barbados Tourism Product Authority (BTPA) and Barbados Immigration Department requirements, including mandatory guest registration.
• Customer Service: Responding to enquiries, resolving issues, and providing concierge assistance before, during, and after your stay.
• Safety & Security: Verifying guest identity, preventing fraud, and protecting our properties and staff.
• Marketing & Communications: Sending newsletters, exclusive offers, and updates — only where you have given consent, or where we have a legitimate interest in keeping past guests informed. You may unsubscribe at any time.
• Website Analytics & Improvement: Using Google Analytics and Google Tag Manager to analyse traffic patterns and improve the functionality, content, and user experience of our website.
• Targeted Advertising: Using Meta Pixel to deliver relevant advertisements and measure the effectiveness of our marketing campaigns on Meta platforms (Facebook/Instagram), subject to your cookie consent.
• Legal Obligations: Complying with applicable laws, court orders, and regulatory requirements in Barbados and internationally.
• Reviews & Feedback: Inviting you to share your experience to help us maintain our luxury hospitality standards.

04 Legal Bases for Processing

Where the GDPR or UK GDPR applies (for example, if you are an EU or UK resident), we rely on the following legal bases for processing your personal data:

• Performance of a Contract: Processing necessary to fulfil your booking and deliver our rental services.
• Legal Obligation: Processing required to comply with Barbados law, US law, and applicable international regulations.
• Legitimate Interests: Fraud prevention, website analytics via Google Analytics/Tag Manager, and direct marketing to past guests — where our interests are not overridden by your rights.
• Consent: Where you have explicitly agreed to receive marketing communications or to the use of non-essential cookies (including Meta Pixel and Google Analytics).
• Vital Interests: In exceptional circumstances where processing is necessary to protect the safety of a guest or third party.

05 Sharing Your Information

We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate confidentiality obligations:

• Property Management (Guesty): Our PMS provider, Guesty Inc., processes booking and guest data on our behalf under a formal Data Processing Agreement and appropriate international transfer safeguards.
• Booking Platform Partners: Airbnb, Vrbo, and Booking.com — limited data may be shared back with these platforms in connection with your booking, in accordance with their respective privacy policies.
• Property & Housekeeping Teams: Our property management and housekeeping staff, to prepare your accommodation and ensure a seamless arrival.
• Payment Processor (Stripe): Stripe, Inc. processes all payment card transactions on our behalf through our US-based Stripe account. Stripe acts as a data processor under its standard Data Processing Agreement and operates under PCI-DSS Level 1 certification. Payment card data flows directly to Stripe's US infrastructure; we never receive or store full card details. Stripe's privacy policy is available at stripe.com/privacy.
• Analytics & Advertising Providers: Google (Analytics, Tag Manager) and Meta Platforms (Meta Pixel) — subject to your cookie consent. Google and Meta act as independent data controllers for data they collect via their tools.
• Regulatory Authorities: Barbados Immigration Department, the Barbados Tourism Product Authority (BTPA), tax authorities, and law enforcement agencies, where legally required.
• Professional Advisors: Legal counsel, accountants, and insurers, where necessary for legitimate business purposes.
• Emergency Services: In the event of a medical or safety emergency during a guest's stay.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to equivalent protections.

06 International Data Transfers

Sunkiss Caribbean Bookings LLC is incorporated in the United States, and your personal data may be transferred to, stored in, or processed in countries outside your home jurisdiction — including the United States (our registered entity, Stripe, Guesty, Google, and Meta), Barbados, the United Kingdom, and the European Economic Area.

In particular, all payment card transactions are processed by Stripe, Inc. through our US-based Stripe account, meaning payment data is transmitted to and stored within the United States. Stripe maintains PCI-DSS Level 1 certification and implements Standard Contractual Clauses (SCCs) for transfers of personal data from the EEA and UK to the United States.

Where we transfer personal data to countries not deemed to provide an adequate level of protection, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority, or rely on applicable derogations such as where the transfer is necessary to perform a contract with you.

Because all rental properties are located in Barbados, the Barbados Data Protection Act 2019 applies to data processing connected with those properties. All such processing is conducted in compliance with that Act and is subject to oversight by the Data Protection Commissioner of Barbados.

07 Cookies & Tracking Technologies

Our website (www.sunkisscaribbean.com) uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and support our marketing activities. A cookie is a small text file placed on your device when you visit our site.

08 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, and reporting requirements. Our general retention periods are:

• Booking & Guest Records: Retained for 7 years following your stay, in compliance with Barbados tax and regulatory requirements.
• Identity / Passport Data: Retained for a minimum of 1 year post-stay as required by Barbados tourism and immigration regulations; longer where specifically required by law.
• Payment Records (Stripe): Stripe retains transaction records in accordance with its own data retention policy and applicable financial regulations. We retain Stripe-generated transaction references and confirmation records for 7 years for tax and accounting compliance.
• Guesty Platform Data: Governed by Guesty's data retention policy under our Data Processing Agreement; we will request deletion upon termination of our agreement.
• Marketing Data (Email / CRM): Retained until you withdraw consent or request deletion, subject to a maximum review period of 3 years from your last interaction.
• Google Analytics Data: Typically retained for 26 months (standard GA4 setting); we configure data anonymisation where feasible.
• Meta Pixel Data: Governed by Meta's data retention policies; we configure event data deletion windows in line with Meta's Business Tools Terms.
• Website Enquiries & Correspondence: Retained for 2 years from the date of last contact.

Upon expiry of the relevant retention period, data is securely deleted or anonymised in accordance with our internal data disposal procedures.

09 Your Rights

Depending on your country of residence, you may have the following rights in relation to your personal data. We honour these rights for all guests, regardless of jurisdiction, to the fullest extent practicable.

To exercise any of these rights, please contact our Privacy Officer at james@sunkisscaribbean.com . We will respond within 30 days. We may need to verify your identity before acting on your request. There is no fee for exercising your rights, unless a request is manifestly unfounded or excessive.

10 Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data directly from minors. Where a booking includes minor guests, personal data collected relates to the responsible adult who made the reservation.

If you believe we have inadvertently collected personal data from a child under 18, please contact us immediately and we will take prompt steps to delete that information.

11 Security of Your Information

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or disclosure. These measures include:

• Encryption: SSL/TLS encryption for all data transmitted via our website.
• Access Controls: Role-based access restrictions ensuring data is accessible only to authorised personnel.
• Payment Security (Stripe): All payment card transactions are processed exclusively by Stripe, Inc., a PCI-DSS Level 1 certified provider. Card details flow directly to Stripe's secure US infrastructure and are never transmitted to or stored on our own servers.
• Vendor Assessments: Third-party providers including Stripe, Guesty, Google, and Meta are contractually required to maintain equivalent security standards and are bound by their respective Data Processing Agreements.
• Staff Awareness: Regular data protection guidance for all team members who handle personal data.

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. In the unlikely event of a data breach posing a risk to your rights and freedoms, we will notify you and the relevant regulatory authority as required by law.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the 'Last Updated' date at the top of this page and, where appropriate, notify you by email or via a notice on our website (www.sunkisscaribbean.com).

We encourage you to review this Policy periodically. Your continued use of our website or services following any changes constitutes your acknowledgement of the updated Policy.

13 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our Privacy Officer:

For complaints, you may also contact the Barbados Data Protection Commissioner at the Office of the Data Protection Commissioner, Barbados.