Privacy Policy

Privacy Policy for brookfarminn.com

1. Introduction

At Brook Farm Inn (“we,” “our,” or “us”), we are committed to ensuring the privacy, security, and protection of your personal information. This Privacy Policy is designed to inform you about how we collect, use, share, and safeguard data when you visit or interact with our website, brookfarminn.com, or communicate with us via electronic or other means. Our practices are guided by the principles of transparency, user control, and compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope & Data Controller

This Privacy Policy applies to all users and visitors of brookfarminn.com. Brook Farm Inn acts as the “data controller” as defined by the GDPR, determining the purpose and means of processing your personal data.

If you have any questions or concerns about our privacy practices, please contact us at [email protected].

3. Categories of Personal Data We Process

We may collect, use, store, and transfer the following categories of personal data:

A. Usage Data
Includes data about how you use our website, such as IP address, browser type, operating system, referring URLs, device identifiers, browsing time, pages visited, and interaction metrics.

B. Account Data
Includes your full name, email address, mailing address, phone number, and any other data you provide during account registration, booking, or inquiries.

C. Profile Data
Includes your stay preferences, booking history, feedback, dining or spa selections, and behavior on the brookfarminn.com platform.

D. Communication Data
Includes records of your communication with us, such as customer support requests, contact form submissions, and follow-up correspondences.

E. Technical Data
Includes device information, hardware models, OS version, language preferences, and server log reports automatically collected when using our platform.

F. Transaction Data
Includes payment information (excluding full card numbers), billing details, reservation identifiers, transactional history, and delivery-related details for physical goods or booking confirmations.

G. Preference Data
Includes your preferences for receiving marketing communications, newsletter subscriptions, loyalty participation, and expressed product or service interests.

4. Legal Bases for Processing

We process your personal data only where permitted by law. Specifically, under the GDPR and CCPA, we rely on the following legal bases:

– Consent: When you have provided clear consent for us to process your personal data for a specific purpose.
– Contract: When processing is necessary to fulfill a service you request or a contract you enter into with us (e.g., booking a stay).
– Legal Obligation: Where compliance with applicable law requires processing.
– Legitimate Interest: When we process your data to pursue our legitimate business interests, including service improvements, fraud detection, and maintaining network security, provided such interests do not override your rights.

5. Your Rights

In accordance with GDPR and CCPA, you are entitled to the following rights relating to your personal data:

– Right of Access: Request access to personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, subject to legal and operational retention obligations.
– Right to Restrict Processing: Limit the way we use your data.
– Right to Data Portability: Receive a copy of your data in a machine-readable format and/or request transmission to another controller.
– Right to Object: Object to processing based on legitimate interest or direct marketing.
– Right not to be Subject to Automated Decision-Making: We do not use data for profiling or automated decisions that may have legal or similarly significant effects.

To exercise any of these rights, please email us at [email protected].

6. Security Measures

We implement industry-standard security measures to protect your personal data, including:

– Encryption of sensitive data during transmission and at rest.
– Strict access controls and authentication systems.
– Firewalls and intrusion detection/prevention systems.
– Regular security audits and vulnerability assessments.
– Secure data backup and disaster recovery protocols.
– Staff privacy training and role-based data access restrictions.

Despite our efforts, no method of transmission over the internet or method of electronic storage is 100% secure and we cannot guarantee absolute security.

7. International Transfers

Your personal data may be transferred and stored outside the country where it was collected, including to countries that may not offer equivalent levels of data protection. In such cases, we rely on one or more of the following mechanisms:

– Standard Contractual Clauses (SCCs) approved by the European Commission;
– Adequacy decisions granted by the European Commission;
– Additional safeguards such as data encryption and strict contractual agreements.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required to comply with legal, regulatory, or tax obligations. General retention periods include:

– Usage and Technical Data: Up to 12 months from collection.
– Account and Profile Data: Retained as long as your account remains active and for up to 7 years thereafter unless legally required otherwise.
– Communication and Support Data: Up to 5 years from last interaction.
– Transaction Data: Retained for 7 years for auditing and legal compliance.
– Marketing Preference Data: Retained until you withdraw consent or opt-out.

9. Cookie Policy

To enhance user experience and site functionality, brookfarminn.com uses cookies and similar tracking technologies. These include:

– Essential Cookies: Necessary for the website to function (e.g., secure logins, page navigation).
– Functional Cookies: Remember choices such as language or region preferences.
– Analytics Cookies: Help us analyze website usage and performance (e.g., Google Analytics).
– Performance Cookies: Improve loading speed and interface responsiveness.

10. Cookie Management & Compliance

Users visiting brookfarminn.com from jurisdictions governed by GDPR or CCPA are presented with a cookie consent management tool allowing them to:

– Accept or reject non-essential cookies;
– Customize cookie preferences;
– Withdraw consent at any time via the cookie settings panel.

For CCPA-specific rights, California residents may opt out of the “sale” of personal data (as defined by the CCPA), even if no financial exchange occurs, by using applicable cookie controls or contacting us at [email protected].

11. Children’s Privacy

brookfarminn.com is not targeted toward, nor intended for use by, children under the age of 13. We do not knowingly collect or solicit personal information from children under 13. If we learn that such information has been collected without verified parental consent, we will take appropriate steps to delete it promptly.

12. Policy Updates

We reserve the right to update or change this Privacy Policy at any time. Changes to the policy become effective as soon as they are posted on brookfarminn.com. Where material changes are made, we may notify users via email or an on-site banner. Continued use of the website following an update signifies your acceptance of the updated terms.

13. Contact Us

If you have questions about this Privacy Policy, your rights under applicable data protection laws, or how we handle your personal data, please contact us at:

Brook Farm Inn
Email: [email protected]
Website: brookfarminn.com

We are committed to complying with all applicable data protection laws and providing transparency in how your data is handled. Please contact us if you have any privacy-related concerns, and we will respond promptly and responsibly.