What this policy covers
This Privacy Policy explains how Luxota handles personal data across its website and the Luxota OS platform. It works together with the Cookie Policy and, for data processed on behalf of agencies, the Data Processing Addendum.
Our roles
For data about our own website visitors, agency account holders, and the people who use Luxota directly, Luxota is the data controller.
For the traveler and customer data that an agency collects and manages through its own portal, the agency is the controller and Luxota acts as a processor on its behalf, under the Data Processing Addendum.
Data we collect
- Account & agency details — company, licence, users, and contacts
- Contact & communications — messages, support requests, and notifications
- Usage & technical data — log, device, and activity information
- Billing data — wallet, invoice, and transaction records
- Traveler & customer data — processed on the agency's behalf through its portal
How we use it
Luxota uses personal data to provide and operate the platform, set up and deliver portals, process billing and wallets, provide support, keep the service and its users secure, improve the product, send service and account notifications, and meet legal obligations.
Legal bases
Where data protection law requires a legal basis, Luxota relies on performing the agreement with you, its legitimate interests in running and securing the platform, your consent where it applies (for example, certain marketing or cookies), and compliance with legal obligations.
How we share data
Luxota does not sell personal data. It shares data only as needed to run the service — for example with suppliers and payment providers involved in a booking, with service providers and sub-processors that support the platform, and with authorities where the law requires.
International transfers
Luxota operates from the United Arab Emirates and may process data in other countries through its providers. Where data is transferred across borders, appropriate safeguards are applied in line with applicable law.
How long we keep it
Personal data is kept only as long as needed to provide the service, meet legal, tax, and accounting obligations, and resolve disputes. After that it is deleted or anonymized.
Security
Luxota uses technical and organizational measures to protect personal data. No system can be guaranteed completely secure, so you should also keep your own credentials and access safe.
Your rights
Depending on the law that applies to you, you may have rights to access, correct, delete, restrict, object to, or port your personal data. To exercise rights over data Luxota controls, contact us through the Legal Contact page.
For traveler or customer data held in an agency's portal, the agency is the controller — direct those requests to the agency, and Luxota will support the agency as its processor.
Cookies and children
How cookies and similar technologies are used is explained in the Cookie Policy. Luxota's website and platform are intended for travel businesses and are not directed at children.
Changes and contact
Luxota may publish an updated version of this policy at a new dated address; the version that applies is the one in effect when you visit. For any privacy question or request, use the Legal Contact page.