1. Introduction

Harper Vacations ("we," "our," "us," or "Company") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our travel services, or interact with us through various channels.

This Policy applies to all visitors to our website and all customers and potential customers of our travel services. By using our services, you consent to the data practices described in this Policy.

1.1 Contact Information

Harper Vacations
Phone: 833-242-7737
Email: [email protected]
Privacy Contact: [email protected]

2. Information We Collect

2.1 Personal Information You Provide

When you use our services, we may collect the following personal information:

Travel Booking Information:

• Full name (as it appears on government-issued ID)
• Date of birth
• Gender
• Passport or government ID information
• Contact information (email, phone, address)
• Emergency contact information
• Dietary restrictions and accessibility needs
• Travel preferences and special requests

Payment Information:

• Credit card or payment method details
• Billing address
• Transaction history

Communication Information:

• Information you provide when contacting us
• Survey responses and feedback
• Marketing preferences

2.2 Information Automatically Collected

We automatically collect certain information when you use our website:

Technical Information:

• IP address and geolocation data
• Browser type and version
• Device information and operating system
• Website usage patterns and navigation paths
• Cookies and similar tracking technologies
• Referring website addresses

Travel Search Information:

• Search queries and preferences
• Viewed destinations and accommodations
• Booking abandonment data

2.3 Information from Third Parties

We may receive information from:

• Travel suppliers (airlines, hotels, cruise lines)
• Payment processors and financial institutions
• Marketing partners and affiliates
• Social media platforms (if you connect your accounts)
• Background check services (when required for certain travel)

3. How We Use Your Information

3.1 Primary Purposes

We use your personal information to:

• Process and fulfill travel bookings and reservations
• Provide customer service and support
• Communicate important travel updates and notifications
• Manage your account and preferences
• Process payments and prevent fraud
• Comply with legal and regulatory requirements

3.2 Secondary Purposes

With your consent, we may use your information to:

• Send marketing communications about travel deals and services
• Personalize your website experience and recommendations
• Conduct market research and analytics
• Improve our services and develop new offerings
• Send newsletters and promotional materials

3.3 Legal Basis for Processing

We process your information based on:

• Contract performance: To provide travel services you've requested
• Legal compliance: To meet legal and regulatory obligations
• Legitimate interests: To improve our services and prevent fraud
• Consent: For marketing communications and optional services

4. How We Share Your Information

4.1 Travel Service Providers

We share your information with travel suppliers including:

• Airlines, hotels, cruise lines, and tour operators
• Ground transportation providers
• Travel insurance companies
• Local tour guides and activity providers

Important: Each supplier has their own privacy policy governing their use of your information.

4.2 Business Partners and Service Providers

We may share information with:

Technology Partners:

• Website hosting and cloud storage providers
• Payment processing companies
• Customer relationship management (CRM) systems
• Email marketing platforms

Professional Services:

• Legal advisors and accountants
• Data analytics companies
• Marketing agencies (with your consent)

4.3 Legal and Safety Disclosures

We may disclose information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Respond to government agency requests
• Protect our rights, property, or safety
• Investigate fraud or security incidents
• Comply with travel security requirements (TSA, customs, etc.)

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

4.5 No Sale of Personal Information

We do not sell, rent, or lease your personal information to third parties for their marketing purposes.

5. Data Security and Protection

5.1 Security Measures

We implement industry-standard security measures including:

• SSL encryption for data transmission
• Secure server infrastructure and data centers
• Access controls and authentication systems
• Regular security audits and vulnerability assessments
• Employee training on data protection

5.2 Payment Card Security

We comply with Payment Card Industry Data Security Standards (PCI DSS) and use secure payment processors. We do not store complete credit card information on our servers.

5.3 Data Breach Notification

In the unlikely event of a data breach involving your personal information, we will:

• Notify affected Florida residents within 30 days of determining a breach has occurred, as required by the Florida Information Protection Act (FIPA), Fla. Stat. § 501.171
• Notify the Florida Department of Legal Affairs (Attorney General's Office) if the breach affects 500 or more Florida residents
• Notify affected residents in other states within the timeframe required by applicable state law (which may be shorter — e.g., 72 hours under certain international regulations)
• Report to other appropriate regulatory authorities as required by law
• Take immediate steps to contain and remedy the breach
• Provide assistance and guidance to affected customers

5.4 Limitations of Security

While we implement strong security measures, no system is completely secure. We cannot guarantee the absolute security of your information transmitted over the internet.

6. Your Privacy Rights

6.1 Access and Correction

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Update your contact preferences and marketing settings
• Request a copy of your data in a portable format

6.2 Data Retention

We retain personal information for:

• Active customers: Duration of our business relationship plus 7 years
• Website visitors: Up to 3 years for analytics purposes
• Marketing contacts: Until you opt out or 2 years of inactivity
• Legal requirements: As required by applicable laws

6.3 Deletion Requests

You may request deletion of your personal information, subject to:

• Legal and regulatory retention requirements
• Legitimate business interests (fraud prevention, customer service)
• Ongoing contractual obligations

6.4 Marketing Opt-Out

You may opt out of marketing communications by:

• Clicking "unsubscribe" in emails
• Calling our customer service line
• Updating your account preferences
• Emailing [email protected]

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand website usage
• Marketing Cookies: Enable personalized advertising (with consent)
• Preference Cookies: Remember your settings and preferences

7.2 Cookie Management

You can control cookies through your browser settings, but disabling certain cookies may limit website functionality.

7.3 Do Not Track Signals

Our website does not currently respond to "Do Not Track" browser signals, as there is no uniform standard for such responses.

8. State-Specific Privacy Rights

8.1 California Residents (CCPA/CPRA)

California residents have additional rights including:

• Right to know what personal information is collected and how it's used
• Right to delete personal information (with exceptions)
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

California Consumer Request Process:

• Submit requests via email to [email protected] or call 833-242-7737
• We will verify your identity before processing requests
• Response time: 45 days (may be extended by 45 days)

8.2 Florida Residents

We are headquartered in Florida and are fully committed to compliance with Florida privacy law. The following rights and protections apply to Florida residents:

Florida Information Protection Act (FIPA) — Fla. Stat. § 501.171

FIPA is Florida's primary data protection and breach notification law. Under FIPA:

• "Personal information" includes your name combined with: Social Security number; driver's license or ID card number; financial account numbers; medical or health insurance information; online credentials (username and password); or biometric data
• We are required to notify you within 30 days of determining that a breach of your personal information has occurred
• If a breach affects 500 or more Florida residents, we must also notify the Florida Department of Legal Affairs (Attorney General's Office) within 30 days
• Notice to the Florida AG must include: a synopsis of the breach, the number of individuals affected, steps taken to remediate the breach, and a copy of the notice sent to affected individuals
• We take reasonable measures to protect and secure personal information, as required by FIPA

Florida Digital Bill of Rights (FDBR) — Fla. Stat. § 501.701 et seq.

The Florida Digital Bill of Rights (effective July 1, 2023) grants additional privacy rights. Note that FDBR currently applies only to businesses that: (1) have annual global revenues exceeding $1 billion; and (2) satisfy at least one specific condition related to online advertising revenue, consumer smart speaker/display services, or operating a large-scale app store. Harper Vacations does not currently meet the FDBR applicability threshold. We will update this Policy if that changes.

Florida Unfair and Deceptive Trade Practices Act (FDUTPA) — Fla. Stat. § 501.201 et seq.

We comply with FDUTPA and will not engage in unfair, deceptive, or misleading practices regarding the collection or use of your personal information. Our data practices are accurately disclosed in this Policy.

Submitting a Florida Privacy Request

Florida residents may contact us to:

• Request access to personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information (subject to legal retention requirements)
• Inquire about our data practices and sharing

To submit a request: Email [email protected] or call 833-242-7737. We will respond within 30 days and may need to verify your identity before processing your request.

8.3 Other State Privacy Laws

We comply with applicable state privacy laws including those in Virginia, Colorado, Connecticut, and other states with comprehensive privacy legislation.

9. International Data Transfers

9.1 Global Travel Services

Because travel is international, your information may be transferred to and processed in countries outside your residence, including countries that may not provide the same level of data protection.

9.2 European Union Data Transfers

We do not actively market to EU residents. However, if EU personal data is processed, we implement appropriate safeguards such as Standard Contractual Clauses.

9.3 Data Transfer Protections

We ensure international transfers are protected through:

• Adequacy decisions by relevant authorities
• Standard Contractual Clauses
• Binding Corporate Rules
• Other approved transfer mechanisms

10. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we become aware of such collection, we will delete the information promptly.

For family travel bookings, parents and guardians are responsible for providing children's information and consenting to its processing on their behalf.

11. Third-Party Websites and Services

Our website may contain links to third-party websites and services. This Privacy Policy does not apply to those third parties. We encourage you to read their privacy policies before providing any information.

11.1 Social Media Integration

If you connect social media accounts, we may access information from those platforms according to your privacy settings on those platforms.

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our business practices
• New legal requirements
• Technological developments
• Enhanced privacy protections

12.2 Notification of Changes

We will notify you of material changes by:

• Email to your registered address
• Prominent notice on our website
• Direct communication for significant changes

Your continued use of our services after changes take effect constitutes acceptance of the revised Policy.

13. Travel Industry Specific Disclosures

13.1 TSA Secure Flight Program

For domestic U.S. flights, we provide passenger information to the Transportation Security Administration (TSA) as required by federal law.

13.2 International Travel Requirements

For international travel, we may be required to share passenger information with:

• Customs and border protection agencies
• Immigration authorities
• Government security agencies
• Foreign government entities

13.3 Travel Supplier Data Sharing

Travel suppliers may use your information for their own purposes including:

• Loyalty program administration
• Customer service and communication
• Marketing (subject to their privacy policies)
• Safety and security measures

14. Contact Us

14.1 Privacy Questions and Requests

For privacy-related questions or to exercise your rights:

Email: [email protected]
Phone: 833-242-7737

14.2 Response Time

We will respond to privacy requests within:

• California residents: 45 days (extendable by 45 days)
• Florida residents: 30 days as required by FIPA
• Other states: As required by applicable law
• General inquiries: 30 days

14.3 Identity Verification

For security purposes, we may need to verify your identity before processing certain requests.

15. Effective Date and Scope

This Privacy Policy is effective as of May 28, 2026 and applies to all information collected by Harper Vacations through our website, mobile applications, and other digital platforms.

---

© 2026 Harper Vacations. All rights reserved.