Last updated: January 2026
Joyquartersgrov ("we", "us", "our") respects your privacy and is committed to protecting your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Latvian data protection laws. This Privacy Policy explains how we collect, use, store, and safeguard the information you provide when interacting with our website and concierge services.
1. Information We Collect
We collect personal information when you voluntarily submit it through our inquiry forms, contact channels, or booking requests. The categories of data we collect include:
- Identification data: full name, title, nationality (if relevant for visa or check-in)
- Contact data: email address, telephone number, mailing address
- Travel preferences: resort selection, preferred dates, party size, dietary or accessibility requirements
- Communication records: messages, inquiries, and correspondence with our concierge team
- Technical data: IP address, browser type, device information, pages visited, referral source, time spent on site
- Marketing preferences: consent status for newsletters and promotional communications
2. How We Use Your Information
Your personal data is processed exclusively for the following legitimate purposes:
- Responding to your inquiries and providing requested information
- Coordinating bookings, transfers, and concierge services with partner resorts
- Personalizing your luxury hospitality experience
- Sending booking confirmations, itinerary updates, and service-related communications
- Improving our website performance, user experience, and service quality
- Sending marketing communications, only with your explicit consent
- Complying with legal obligations under Latvian and EU law
- Preventing fraud and protecting the security of our systems
3. Legal Basis for Processing
Under GDPR Article 6, we process personal data based on one or more of the following lawful grounds:
- Consent: when you actively agree to specific processing (e.g., newsletter subscription)
- Contract: when processing is necessary to fulfill a booking or service request
- Legal obligation: when required by Latvian or EU regulations
- Legitimate interest: to operate, improve, and secure our business and services
4. Cookies and Tracking Technologies
Our site uses cookies and similar technologies for essential functionality, performance analytics, and personalization. You may manage cookie preferences via your browser settings. For full details, please consult our Cookies Policy.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We may share information with the following categories of recipients, under strict confidentiality agreements:
- Partner resorts and hotels — to fulfill your booking, with your consent
- Trusted service providers — chauffeur, yacht, wellness, and excursion providers contracted to deliver requested experiences
- Technology providers — hosting, email, analytics, and payment processing partners operating under GDPR-compliant data processing agreements
- Legal authorities — when required by law, court order, or to protect legal rights
6. International Data Transfers
Whenever data is transferred outside the European Economic Area (EEA), we ensure adequate protection via Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the European Commission.
7. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. Typical retention periods:
- Inquiry data: up to 24 months after last contact
- Booking records: up to 7 years (Latvian accounting law requirement)
- Marketing consent records: until withdrawn by you
- Website analytics: aggregated and anonymized after 14 months
8. Data Security
We implement industry-standard technical and organizational security measures including SSL/TLS encryption, restricted access controls, secure cloud infrastructure, regular system audits, and staff confidentiality training. While no system is entirely immune to risk, we continuously strengthen our defenses against unauthorized access, alteration, disclosure, or destruction.
9. Your Rights Under GDPR
As an EU data subject, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion of your data
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — to processing based on legitimate interests or direct marketing
- Right to withdraw consent — at any time, where consent was the legal basis
- Right to lodge a complaint — with the Latvian Data State Inspectorate (Datu valsts inspekcija)
To exercise any of these rights, please use our contact form. We will respond within 30 days.
10. Children's Privacy
Our services and content are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we learn that we have collected data from a minor, we will delete it promptly.
11. Third-Party Links
Our website may include links to external sites (such as partner resorts or social platforms). We are not responsible for the privacy practices of third parties and encourage you to review their privacy policies separately.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. The "Last updated" date at the top will indicate the most recent revision. We encourage you to review this page from time to time.
13. Contact & Data Protection Officer
For privacy-related questions, requests, or complaints, please reach us via our contact form. We are committed to addressing your concerns transparently and promptly.