Privacy Policy

Last updated: January 2026

At Angleplaylft ("we," "our," "us"), your privacy is the cornerstone of the luxury hospitality we deliver. This Privacy Policy explains, in transparent detail, how we collect, use, store, protect, and share personal data when you visit Angleplaylft.com, submit a VIP inquiry, or engage with our concierge services for Estonian luxury casino resorts.

1. Information We Collect

We collect only the information needed to provide you with the highest standard of bespoke hospitality service. Categories of personal data we may collect include:

• Identification details — full name, salutation, nationality, and travel companion information when relevant.
• Contact details — email address, telephone number, residential address, and preferred communication channel.
• Reservation preferences — selected resort, room type, arrival/departure dates, dietary requirements, accessibility needs, and bespoke experience requests.
• Payment-related details — billing name and address (payment processing itself is handled by our resort partners or PCI-DSS compliant providers; we do not store full card numbers).
• Communication history — messages, calls, and emails exchanged with our concierge.
• Technical data — IP address, browser type, device identifiers, referring URL, pages visited, and time spent.
• Marketing preferences — newsletter subscriptions and consent records.

2. How We Use Information

Personal data is used exclusively to deliver and enhance our concierge experience. Specifically, we use your information to:

• Respond to VIP inquiries and design bespoke Baltic itineraries.
• Coordinate reservations, transfers, and curated experiences with partner resorts.
• Personalize recommendations based on your travel history and preferences.
• Process secure transactions and confirm bookings.
• Send service communications (confirmations, updates, concierge follow-ups).
• Send marketing communications, where you have provided explicit consent.
• Improve website functionality, performance, and accessibility.
• Comply with legal, tax, and regulatory obligations under Estonian and EU law.

We never sell, rent, or trade personal data to third parties for marketing purposes.

3. Legal Basis for Processing (GDPR)

As an Estonia-based curator operating within the European Union, we comply with the General Data Protection Regulation (GDPR). Our lawful bases for processing include:

• Contract performance — to fulfill your reservation or inquiry.
• Consent — for marketing communications and non-essential cookies.
• Legitimate interest — to operate, secure, and improve our service.
• Legal obligation — to satisfy tax, accounting, or anti-fraud regulations.

4. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance browsing, remember preferences, analyze performance, and personalize content. For full details on cookie categories, durations, and how to manage your preferences, please see our Cookies Policy.

5. Data Sharing

We share personal data only with carefully selected parties necessary to deliver your experience:

• The resort partner you select, to confirm and fulfill your reservation.
• Trusted vendors providing IT infrastructure, hosting, email delivery, analytics, and customer support — all bound by data-processing agreements.
• Professional advisors (accountants, lawyers) where strictly required.
• Regulatory bodies and law enforcement, where compelled by law.

We do not transfer data outside the European Economic Area unless safeguarded by Standard Contractual Clauses or an equivalent legal mechanism.

6. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected. Typical retention periods:

• Reservation records — up to 7 years for accounting and tax compliance.
• Inquiry communications — up to 3 years from the last interaction.
• Marketing data — until you withdraw consent.
• Website analytics — anonymized after 26 months.

7. Data Security

We employ rigorous safeguards aligned with industry best practice, including TLS/SSL encryption in transit, encrypted storage, role-based access controls, multi-factor authentication, regular security audits, and confidentiality obligations for all personnel.

8. Your Rights Under GDPR

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure ("right to be forgotten") subject to legal limits.
• Restrict or object to certain processing activities.
• Request data portability in a structured, machine-readable format.
• Withdraw consent at any time without affecting prior lawful processing.
• Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

9. Children's Privacy

Our services are intended exclusively for adults aged 18 or older. We do not knowingly collect personal data from minors. If we become aware of such collection, we will delete it promptly.

10. Third-Party Services

Our website may include embedded content (Google Maps, fonts, analytics) that operates under its own privacy practices. We encourage you to review the privacy policies of those providers.

11. International Guests

If you contact us from outside the European Union, your data will be transferred to and processed in Estonia. By submitting your information you consent to this transfer.

12. Updates to this Policy

We may revise this Privacy Policy from time to time. The "Last updated" date reflects the most recent revision. Continued use of our website constitutes acceptance of the updated terms.

13. Contact Our Data Team

For any privacy-related question or to exercise your rights, please contact our concierge via the Contact page. We respond to all verified privacy requests within 30 days.