top of page

Privacy Policy

Casita De Leon, LLC (“Casita De Leon”, “we” or “us” in this Privacy Policy) and is committed to protecting your privacy. The purpose of this Privacy Policy is to inform you about the types of information we gather about you, how we may use and share that information, specific use controls, and how we safeguard your information. The Privacy Policy applies to information collected through our website, www.casitadeleon.org and our social media accounts (collectively, the “Site”). The Casita De Leon Terms of Use, any rental agreement and any other posted terms, policies or guidelines are incorporated by reference into this Privacy Policy.

Changes to this Privacy Policy:

Casita De Leon reserves the right to change this Privacy Policy from time to time as it sees fit and your continued use of the Site will signify your acceptance of any adjustment to this Privacy Policy. If there are any changes to our Privacy Policy, we will announce that these changes have been made on our home page and on other key pages on our Site. If there are any changes in how we use our customers’ Personal Information, notification by e-mail will be made to those affected by this change. Any changes to our Privacy Policy will be posted on our Site 30 days prior to these changes taking place. You are therefore advised to re-read this statement on a regular basis.

Information You Provide to Us:

We collect information about you directly from you when you book a reservation through our Site. Upon request, we will provide you with information as to whether and what Personal Information we store in relation to you. Should your Personal Information be incorrect, you may request to have it rectified. You may also revoke your consent to use your Personal Information in the future, in whole or in part, or request deletion of your Personal Information.

When you provide us with information through this Site, such as inquiring about our services, or making a reservation we may collect various information along with your IP address, including your full name‚ email address, phone number, dates of stay, number of guests, special requests, an emergency contact information and any other information that may be collected in accordance with the Terms of Use, via email or through our online form (“Personal Information”).

In addition, we may also collect non-personally identifiable information, such as pages viewed, computer type, screen resolution, operating system version, Internet browser type and version, information (“Non-Personal Information”).  Because Non-Personal Information does not personally identify you, we may collect, use and disclose Non-Personal Information for any purpose. Non-Personal Information will be retained only for so long as to fulfill a legitimate business need.

We may aggregate Personal Information so that the aggregated information does not personally identify you or anyone else, such as by using Personal Information to calculate the percentage of our customers who live in a particular area (“Aggregate Information”). In some instances, we may combine Non-Personal Information with Personal Information.  If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined, and we may aggregate any information collected in a manner which does not identify any individual.

We do not collect any types of Sensitive Data from our users. Types of Sensitive Data includes any personally identifiable information pertaining to: race or ethnic origin, political opinions, religious or philosophical beliefs, medical or health records, trade union memberships, genetic or biometric data, and sex life or sexual orientation. Please immediately notify us if you have accidentally submitted any Sensitive Data and we shall promptly remove such information.

Automatically Collected Information:

When you visit our Site, read our emails or interact with any Service Providers, we may collect certain types of technology-specific information from you. This information may help us optimize your visit and track the performance of our marketing efforts.

Use of Your Information

Casita De Leon will primarily use your Personal Information to provide our services, and to complete core business functions such as internal business processes‚ marketing‚ loss and fraud prevention‚ and legal functions. Currently, we use your information on the Site for the following purposes:

  1. Respond to your requests for information, including regular email communications through newsletters or promotions

  2. Provide customer service and respond to booking inquiries

  3. Help us improve our services

  4. Protect the security or integrity of our business.

  5. To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Site.

  6. To protect our own rights and interests, such as to resolve any disputes, enforce our Terms of Use or to respond to legal process.

  7. In addition to the uses outlined above, by using the Site, you agree to allow us to anonymously use the information from you and your experiences to improve the Site experience. This research may be published in our blogs or on social media. However, all of your responses will be kept anonymous, and we assure you that no Personal Information will be published.

 

How We Share Your Information:

We may share your information, including Personal Information, as follows:

Service Providers. We will not sell, trade, or rent your Personal Information to others. However, we may provide some of our services through contractual arrangements made with affiliates, service providers, partners and other third parties (“Service Providers”). We currently store Personal Information internally. All payments are processed through third party platforms, such as zelle, venmo, paypal or CashApp, and no payment info is ever stored on or through our Site. We and our Service Providers may need to use some Personal Information in order to perform tasks between our Sites or to deliver services to you.

We may also share information in the following circumstances:

  1. Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.

  2. In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

  3. To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Privacy Policy, or as evidence in litigation in which we are involved.

  4. Aggregate and De-Identified Information. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research or similar purposes.

We may also disclose information about you that is not personally identifiable. For example, we may provide merchants, business partners, or other third parties with reports that contain aggregated and statistical data about our users.

CAN-SPAM Act and Opting Out of Emails:

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions.

  • We may also send you additional information related to our Services.

  • Market to our mailing list or continue to send emails to our users after a service inquiry has been submitted

To be in accordance with CAN-SPAM we agree to the following:

  • NOT use false, or misleading subjects or email addresses

  • Identify the message as an advertisement in some reasonable way

  • Include the physical address of our business or site headquarters

  • Monitor third party email marketing services for compliance.

  • Honor opt-out/unsubscribe requests quickly

  • Allow users to unsubscribe by using the link at the bottom of each email

 

We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions directly on our Site. Please note that it may take up to 10 business days for us to process opt-out requests. Even if you opt-out, we may still communicate with you about your account or any purchase you make from us.

 

Use Of Cookies And Other Tracking Mechanisms:

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Service. Cookies do not record or store any Personal Data. If you want, you can prevent the use of cookies, but then you may not be able to use our Services as we intend. To proceed without changing the options related to cookies, simply continue to use our Services. We may utilize third-party cookies via Wix and other Services Providers.

 

Squarespace and LinkedIn are two Service Providers that place cookies on our Site.

 

WHAT ARE THE DIFFERENT TYPES OF COOKIES AND HOW DO WE USE THEM?

  1. Essential: These are cookies which are essential for the running of our Site. Without these cookies, parts of our Site would not function. These cookies do not track where you have been on the internet and do not gather information about you that could be used for marketing purposes.

Examples of how we may use essential Cookies include:

  • Setting unique identifiers for each unique visitor, so that user numbers can be analyzed.

 

    2. ​Functional: These cookies are used to remember your preferences on our Site and to provide                  enhanced, more personal features. The information collected by these cookies is usually                          anonymized, so we cannot identify you personally. Functional cookies do not track your internet            usage or gather information which could be used for selling advertising.

 

Examples of how we may use functional Cookies include:

  • Storing language preferences, autofill forms or accessibility preferences

  • Gathering data about visits to our Site, including numbers of visitors and visits, length of time spent on the Site, or where visitors have come from.

       3. Third Party Cookies: You may notice on some pages of our Site that cookies have been set that           are not related to us. When you visit a page with content embedded from these third-party service         providers, they may set their own cookies on your device. We do not control the use of these third-         party cookies and cannot access them due to the way that cookies work, as cookies can only be           accessed by the party who originally set them. Please check the third-party websites or mobile               applications for more information about these cookies.

       4. Analytical Performance: Analytical performance cookies are used to monitor the performance             of our Site, for example, to determine the number of page views and the number of unique users           our Site has. We use this information to improve user experience or identify areas of the Site which         may require maintenance. The information is anonymous (i.e. it cannot be used to identify you and         does not contain Personal Data such as your name and email address) and it is only used for                 statistical purposes.

Examples of how we may use analytical cookies include:

  • Measuring Users’ behavior

  • Analyze which pages are viewed and how long for and which links are followed to better develop our Site.

       5. Advertising: Behavioral advertising cookies, which may be placed on your device by us or our             trusted third-party service providers, remember that you have visited a website and use that                   information to provide you with advertising which is tailored to your interests. This is often called             online behavioral advertising and is done by grouping together shared interests based upon web           browsing history. Your web browsing history can be used to infer things about you (e.g. your age,           gender etc.), and this information may also be used to make advertising on websites more                       relevant to you. Although behavioral advertising cookies can track your activity around the                     internet, these cookies cannot identify you personally.

Examples of how we may use advertising cookies include:

  • Manage advertising. Our approved advertising partners use cookies together with web beacons to provide advertising to you and to enable us to manage our relationship with those advertisers by, for example, tracking how many unique users have seen a particular advertisement or followed a link in an advertisement.

  • To market to specific users across our Site and third-party sites, so that we and third parties can target advertising to users that will be more relevant to users’ interests.

      6. Disabling Cookies: Most web browsers automatically accept cookies, but if you prefer, you can             edit your browser options to block them in the future. The Help portion of the toolbar on most                 browsers will tell you how to prevent your computer from accepting new cookies, how to have the         browser notify you when you receive a new cookie, or how to disable cookies altogether. If you               choose to refuse, disable, or delete cookies, some of the functionality of our Site may no longer be         available to you.  Without this information, we are not able to provide you with all the requested             services, and any differences in services are related to your information.

  • Some browsers transmit “do-not-track” signals to websites. Because of differences in how browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

 

    7. Clear GIFs, pixel tags and other technologies: Clear GIFs are tiny graphics with a unique identifier,         similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive,       clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web         bugs or pixel tags), in connection with our Site and Services to, among other things, track the                   activities of Site visitors, help us manage content, and compile statistics about Site usage. We and           our third-party service providers also use clear GIFs in HTML emails to our customers, to help us             track email response rates, identify when our emails are viewed, and track whether our emails are         forwarded.

  • Log Data: Like all websites, this Services also makes use of log files that store automatic information collected during user visits. The different types of log data could be as follows:

    • internet protocol (IP) address

    • type of browser and device parameters used to connect to the Services;

    • name of the Internet Service Provider (ISP);

    • date and time of visit;

    • web page of origin of the user (referral) and exit;

    • possibly the number of clicks.

Third Party Analytics:

We use automated devices and applications, such as Wix’s built-in analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate our Site. We use these tools to help us improve our Services, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services. We do not share your Personal Data with these third parties.

 

Other Websites: 

Our Site may contain links to other websites not maintained by Casita De Leon. Other websites may also reference or link to our Site. The inclusion of a link on the Site does not imply endorsement of the linked site by us. We are not responsible for the privacy practices of websites operated by third parties that are linked to or integrated with our Site, or for the privacy practices of third-party Internet advertising companies. We encourage you to be aware when you leave our Site, or surf the Internet, and to read the privacy statements of each and every website that you visit.

Information Security:

To protect your Personal Information, we take reasonable precautions and follow industry standard SSL/TLS end-to-end encryption of data in transit to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with any Personal Information, the information is encrypted using industry standard protections in our database. All information we collect may be stored for as long as necessary for Casita De Leon’s normal business operations, no longer than three years, or until we receive a request by you to remove such information earlier. No payment information is ever stored or received through the Site.

 

Although we have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

 

Privacy of Minors:

We do not intentionally collect or maintain information from persons under the age of 21. If we determine upon collection that a user is under this age, we will not use or maintain his/her Personal Information without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from an individual under the age of 21, we will make reasonable efforts to delete such information from our records. We also recommend that parents monitor their children’s Internet activities and learn and employ software or other tools that can help their children enjoy their online experience without compromising their personal safety or allowing them to use the Internet in a manner inconsistent with their parent/guardian’s preferences.

California Privacy Rights:

The California Consumer Privacy Act (CCPA) provides consumers who are residents of the State of California with specific rights related to their Personal Information, subject to certain exceptions.  It also requires us to disclose the information we collect, the purposes for which we collect it, and what we share and disclose. 

 

California Civil Code § 1798.83, also known as the "Shine the Light" law, provides California residents with the right to request, once per year, without charge, information from website operators and owners regarding the Personal Information that they collect online and offline, if any, and the third parties, including affiliates, with which they have shared this information during the preceding calendar year, for the direct marketing purposes of the third party. If such information is collected and shared with third parties for their direct marketing purposes, the website operator or owner is required, upon request, to provide the list of categories of Personal Information they collect, if any, and the names and addresses of all third parties with which it has shared such information for direct marketing purposes.

A website operator or owner may meet its obligations, and be exempt from such disclosures, under the Shine the Light law, if it provides California residents the right to opt-out of, and thereby prohibit, the website operator or owner from sharing such Personal Information with third parties including its affiliates, for the direct marketing purposes of the third party.

In accordance with California Civil Code section 1798.83(c)(2), Casita De Leon complies with California's "Shine the Light" law by providing all of its users, including its California users, with a cost-free method to opt-out of the sharing of Personal Information with all third parties for the direct marketing of those third parties, by not disclosing to third parties, for their direct marketing purposes the Personal Information of any customer if the customer has exercised the option to prevent such disclosure, and by disclosing these policies in its Privacy Policy. Consequently, Casita De Leon is not obligated under Shine the Light to provide California users, who have requested such information, a list of the categories of the Personal Information disclosed by Casita De Leon to third parties for their direct marketing purposes or the names and addresses of the third parties to which Casita De Leon has shared such Personal Information for their direct marketing purposes during the preceding calendar year.

California residents may have further rights related to the handling of their Personal Information under the California Consumer Privacy Act. While Casita De Leon does not "sell" your Personal Information in the traditional sense, it may share your information with third parties.  California residents may have certain rights related to this information, including the right to ask that we "Do Not Sell Your Personal Information," the right to ask that we Delete your Personal Information, or the right to request access to the categories or specific pieces of Personal Information we have collected about you.  California residents also have the right to not be treated differently by Casita De Leon in response to your decision to exercise any of these rights. 

To learn more about these rights, to opt-out of our sharing of your Personal Information, and to exercise other rights that apply, please contact Casita De Leon by emailing us at casitadeleon60811@gmail.com. As part of your request, we may ask for certain information including your name or the manner in which you have previously interacted with Casita De Leon.  We will use this information only to contact you about your request and to verify your request.  You may also designate an authorized agent to submit a request on your behalf. 

INTERNATIONAL DATA TRANSFER FOR RESIDENTS OF THE EUROPEAN UNION, SWITZERLAND OR THE UNITED KINGDOM:

EU data protection law through GDPR or the UK GDPR and UK Data Protection Act makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to Casita De Leon as the relevant data controller.

 

If you are located in the European Union, the United Kingdom, or another jurisdiction where the General Data Protection Regulation (GDPR/UK GDPR) applies, you have the following rights regarding your Personal Data:

 

  • Right of Access: You may request confirmation of whether we process your Personal Data and obtain a copy.

  • Right to Rectification: You may request correction of inaccurate or incomplete Personal Data.

  • Right to Erasure (“Right to be Forgotten”): You may request deletion of your Personal Data, subject to legal or regulatory exceptions.

  • Right to Restrict Processing: You may request that we limit the processing of your Personal Data under certain conditions.

  • Right to Data Portability: You may request a copy of your Personal Data in a structured, commonly used, machine-readable format and transmit it to another controller.

  • Right to Object: You may object at any time to processing of your Personal Data carried out on the basis of legitimate interests or for direct marketing purposes.

  • Right to Lodge a Complaint: You may lodge a complaint with your local Data Protection Authority if you believe your rights have been infringed. An explanation of the process is available at: https://www.edps.europa.eu/data-protection/our-role-supervisor/complaints_en.

 

There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation. If you have a complaint about how we handle your Personal Data, please get in touch with us as at casitadeleon60811@gmail.com to receive further clarification. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.

 

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features in an effort to prevent loss, theft and unauthorized access, use and disclosure.

§Legal Grounds for Processing your Personal Data

The GDPR requires us to tell you about the legal ground we're relying upon to process any Personal Data about you. The legal basis for us processing your Personal Data for the purposes set out in this Privacy Policy will typically be because:

  • you provided your explicit consent;

  • it is necessary for our contractual relationship;

  • the processing is necessary for us to comply with our legal or regulatory obligations; and/or

  • the processing is in our legitimate interest for the purpose of the Services (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).

§Casita De Leon as a Data Controller

 

Casita De Leon will act as a data controller concerning Personal Data. For example, if you inquire about a booking with us, make a reservation or access any communication functions, Casita De Leon will be a data controller for the Personal Data you provide.

We will also be a data controller of the Personal Data we may obtain through the use of the Site. We use this to conduct research and analysis to help better understand and serve users of the Site as well as to improve our offerings.

§Transfers of Personal Data

 

Casita De Leon is a United States company. If you are located outside the United States and choose to provide information to us, Casita De Leon transfers and stores Personal Data to the United States for processing. The U.S. may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to the U.S., we will protect it as described in this Privacy Policy. When transferring Personal Data outside of the EU, EEA, Switzerland, or the United Kingdom, we use lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs), or rely on the EU–U.S. Data Privacy Framework where applicable. These safeguards ensure that your Personal Data continues to receive adequate protection in line with GDPR standards. By visiting the Site or providing Casita De Leon with any information, you fully understand and unambiguously consent to this transfer, processing and storage of your information in the United States.

 

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features in an effort to prevent loss, theft and unauthorized access, use and disclosure.

 

By visiting the Site or providing Casita De Leon with any information, you fully understand and unambiguously consent to this transfer, processing and storage of your information in the United States.

We retain your Personal Data for as long as necessary to provide you with our Services or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. Casita De Leon may retain non-Personal Data for as long as necessary for the purposes and uses described in this Privacy Policy, including as necessary for Casita De Leon to pursue legitimate and lawful business interests.

 

 

USERS IN BRAZIL:

LEGAL BASIS FOR PROCESSING YOUR INFORMATION

Depending on what information we collect from you and how we collect it, we process your information for the following reasons:

  • In order to administer our contractual relationship, including setting up your requested Services, payments, renewals and processes;

  • Because it is in our legitimate interest to run a successful and efficient business and provide you with the Services and other useful content;

  • In order to fulfill any legal obligations we may have to collect this information from you; and/or

  • Because you have provided your explicit consent for us to do so.

SHARING WITH THIRD PARTY SERVICE PROVIDERS AND VENDORS

Occasionally, we enter into contracts with selected third parties to assist us in servicing you (for example, providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services) or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Additional information about certain third-party service providers we share Personal Data with is available here. Our contracts with such third parties prohibit them from using any of your Personal Data for any purpose beyond the purpose for which it was shared.

DATA TRANSFERS

In order for us to provide the Site and services to you and comply with our legal obligations, Personal Data you provide to us and information we collect about you, your usage and devices will be transferred to, stored and processed in the United States. Your information may also be processed by staff operating outside of the United States who work for one of our Third Party Service Providers. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Brazil Privacy Addendum.

COOKIES

You can select your cookie preferences upon your first visit to our Site. If you choose to change your preferences, you may do so at any time by clicking the “Cookie Preferences” link in the footer of our website homepage.

When you opt out of cookies, you will be opted out of all non-required cookies. You cannot opt out of required cookies because these cookies and tracking technologies are required to help our websites work correctly. These cookies allow you to navigate our Services and use essential features, including secure areas and authentication orders.

YOUR PRIVACY RIGHTS

As a user located in Brazil, you may be able to exercise the following rights with respect to your Personal Data that we have collected, subject to certain limitations:

 

 

To exercise your rights under the LGPD, please submit a request to us by:

  • Sending an email to casitadeleon60811@gmail.com. We will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems.

COMPLAINTS

If you have any questions about this Brazil Privacy Addendum or our data handling practices, or you wish to make a complaint, you may contact our Data Protection Officer at casitadeleon60811@gmail.com.

In addition to the rights outlined above, where the Lei Geral de Proteção de Dados (LGPD) applies, you may:

  • Ask that we provide confirmation of the existence of the processing of your personal data.

  • Access the personal data we hold about you and certain information about how we use it and who we share it with including information about any public and private entities.

  • Request the deletion of Personal Data we have collected from you, subject to certain exceptions.

  • Ask us to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD.

  • Ask us to provide information about the possibility of denying consent for the processing of your personal data and the consequences of such denial.

Screenshot 2026-02-01 094509.png
bottom of page