1. 🌍 Overview & Scope
Welcome to SunnyVacations.com ("SunnyVacations," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at sunnyvacations.com, use our mobile applications, or interact with our travel booking services (collectively, the "Services").
By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our Services.
Our commitment to you: SunnyVacations.com is committed to protecting your personal data and being transparent about how we use it. We will never sell your personal information to third parties for their own marketing purposes.
This policy applies to all users of our Services worldwide, including visitors, registered account holders, and customers who have completed bookings. It covers information collected through our website, mobile apps, email communications, customer support interactions, and any other touchpoints with SunnyVacations.com.
2. 📝 Information We Collect
We collect several types of information to provide and improve our Services to you. The information we collect falls into three main categories:
2.1 Information You Provide Directly
When you create an account, make a booking, or contact us, you may provide:
- Account information: Full name, email address, password, phone number, and profile photo
- Booking details: Travel dates, destination preferences, passenger names, passport or ID numbers, date of birth, and nationality
- Payment information: Credit/debit card numbers, billing address, and payment method details (processed securely via our payment partners)
- Communication data: Messages, emails, and chat transcripts when you contact our customer support team
- Preferences: Seat preferences, meal choices, hotel room preferences, and travel interests
- Reviews & feedback: Ratings, reviews, and survey responses you submit about destinations or services
2.2 Information Collected Automatically
When you use our Services, we automatically collect certain technical information:
- Device information: IP address, browser type and version, operating system, device identifiers, and screen resolution
- Usage data: Pages visited, search queries, clicks, time spent on pages, referring URLs, and navigation paths
- Location data: General geographic location derived from your IP address (we do not collect precise GPS location without your explicit consent)
- Cookies and tracking data: Information collected via cookies, web beacons, pixels, and similar technologies (see Section 5)
- Transaction logs: Records of bookings, searches, and interactions with our platform
2.3 Information from Third Parties
We may receive information about you from third-party sources, including:
- Social login providers: If you sign in using Google, Facebook, or Apple, we receive your name, email, and profile picture from those services
- Travel partners: Airlines, hotels, and car rental companies may share booking confirmation and status updates with us
- Analytics providers: Aggregated and anonymized data from analytics services to help us understand usage patterns
- Fraud prevention services: Information to help us verify identities and prevent fraudulent transactions
3. ⚙️ How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis | Examples |
|---|---|---|
| Providing Services | Contract performance | Processing bookings, issuing tickets, sending confirmations |
| Account Management | Contract performance | Creating accounts, managing preferences, authentication |
| Customer Support | Legitimate interest | Responding to inquiries, resolving disputes, processing refunds |
| Personalization | Legitimate interest / Consent | Tailored destination recommendations, personalized offers |
| Marketing | Consent | Promotional emails, special offers, travel inspiration newsletters |
| Analytics & Improvement | Legitimate interest | Understanding usage patterns, improving search results, A/B testing |
| Safety & Fraud Prevention | Legal obligation / Legitimate interest | Detecting fraudulent transactions, verifying identities |
| Legal Compliance | Legal obligation | Tax records, regulatory reporting, responding to legal requests |
You can opt out of marketing emails at any time by clicking the "Unsubscribe" link in any email we send, or by updating your communication preferences in your account settings. Opting out of marketing will not affect transactional emails related to your bookings.
5. 🍪 Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our platform, analyze usage, and deliver relevant content and advertising.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for the website to function — login sessions, shopping cart, security tokens | Session / Up to 1 year |
| Performance | Collect anonymous data on how visitors use our site to help us improve performance | Up to 2 years |
| Functional | Remember your preferences such as language, currency, and saved searches | Up to 1 year |
| Marketing | Track visits across websites to deliver relevant ads and measure campaign effectiveness | Up to 2 years |
Managing Your Cookie Preferences
You can control and manage cookies in several ways:
- Use our Cookie Preference Center (accessible via the cookie banner on your first visit) to accept or decline non-essential cookies
- Adjust your browser settings to block or delete cookies — note that this may affect the functionality of our website
- Opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on
- Visit youronlinechoices.com to manage interest-based advertising preferences
6. 🔐 Data Security
We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
Our Security Measures Include:
- TLS/SSL encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3
- Payment security: We are PCI DSS compliant and never store raw payment card data on our servers
- Access controls: Strict role-based access controls ensure only authorized personnel can access personal data
- Regular audits: We conduct regular security audits, penetration testing, and vulnerability assessments
- Data minimization: We only collect and retain the minimum data necessary to provide our Services
- Employee training: All staff receive regular data protection and security awareness training
- Incident response: We have a documented data breach response plan and will notify affected users within 72 hours of discovering a breach
While we take every reasonable precaution to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password for your SunnyVacations account and to never share your login credentials.
7. 🗂️ Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Account data: Retained for the duration of your account plus 3 years after account closure
- Booking records: Retained for 7 years to comply with financial and tax regulations
- Customer support records: Retained for 3 years after the resolution of your inquiry
- Marketing preferences: Retained until you withdraw consent or request deletion
- Analytics data: Anonymized and aggregated after 26 months; raw data deleted after 14 months
- Payment records: Retained for 7 years for accounting and fraud prevention purposes
When your data is no longer needed, we securely delete or anonymize it in accordance with our data destruction procedures.
8. ✅ Your Rights & Choices
Depending on your location, you may have the following rights regarding your personal information. We honor these rights for all users globally, regardless of jurisdiction.
Your Rights Include:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete personal data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements
- Right to Restriction: Request that we limit the processing of your personal data in certain circumstances
- Right to Data Portability: Receive your personal data in a structured, machine-readable format
- Right to Object: Object to processing of your personal data for direct marketing or based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with your local data protection authority
How to Exercise Your Rights
To exercise any of these rights, you can:
- Log in to your account and visit the Privacy Settings page
- Email us at privacy@sunnyvacations.com
- Submit a request through our Contact page
We will respond to all verified requests within 30 days. In complex cases, we may extend this period by an additional 60 days, and we will notify you of any such extension.
California Residents (CCPA/CPRA): You have additional rights under California law, including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. Contact us at privacy@sunnyvacations.com to submit a CCPA request.
9. 👶 Children's Privacy
Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@sunnyvacations.com.
If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers promptly.
For family bookings that include minors, the adult account holder is responsible for providing consent on behalf of any children included in the booking. Passenger information for minors is used solely to fulfill the travel booking and is not used for marketing purposes.
10. 🌐 International Data Transfers
SunnyVacations.com operates globally, and your personal information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.
When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules (BCRs) for transfers within our corporate group
- Adequacy decisions where the destination country has been recognized as providing adequate protection
- Explicit consent where required and appropriate
By using our Services, you acknowledge that your information may be transferred to our facilities and to those third parties with whom we share it, as described in this Privacy Policy.
11. 🔄 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to registered account holders
- Display a prominent notice on our website for at least 30 days
- For significant changes, request renewed consent where required by law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.
This Privacy Policy was last updated on January 15, 2025. The previous version was dated October 3, 2024. A full version history is available upon request by contacting our Privacy team.
12. 📬 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please don't hesitate to reach out to us. Our dedicated Privacy team is here to help.
Privacy Team Contact
- Phone: +1 (800) 786-6982
- General Support: Contact Us Page
- Mailing Address: SunnyVacations.com, Privacy Team, 1234 Sunshine Blvd, Suite 500, Miami, FL 33101, USA
- Response Time: We aim to respond to all privacy inquiries within 5 business days
EU/UK Data Protection Officer
For users in the European Economic Area or United Kingdom, you may contact our Data Protection Officer (DPO) directly via our Contact page.
You also have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your national data protection authority at edpb.europa.eu.
Still have questions about your privacy?
Our team is happy to walk you through how we handle your data and answer any questions you may have.