1. Who we are
LuxuryAscent is the data controller responsible for your personal data when you use this site. If you have any questions about how we handle your data, contact us using the details at the bottom of this page.
2. What we collect
We only collect what we need to deliver your order and run the site safely. The table below summarises the categories.
| Category | Examples | When we collect it |
|---|---|---|
| Identity & contact | Full name, email address, phone number | When you place an order, send us an enquiry, or chat on WhatsApp |
| Order details | The product you bought, price, order ID, payment method | When you complete a purchase |
| Loyalty-programme details | Hilton Honors number, World of Hyatt number, Marriott Bonvoy ID, etc. | Only when the product you bought needs them to be fulfilled |
| Payment metadata | Last 4 digits of card, card brand, billing country (Stripe/PayPal store the rest) | When you pay |
| Communications | Email threads, WhatsApp/Telegram messages, contact-form submissions | When you reach out to us |
| Technical | IP address, browser type, device type, page-view logs | Automatically when you visit the site |
What we don't collect. We don't collect or store full card numbers — those go straight to Stripe / PayPal. We don't ask for your loyalty-programme passwords. We don't ask for passport numbers or other sensitive ID documents.
3. Why we use it (lawful basis)
- To fulfil your order — we contact the loyalty programme on your behalf, deliver the upgrade, and email you confirmations and status updates. Lawful basis: contract.
- To take payment and prevent fraud — Stripe/PayPal handle the transaction; we keep order metadata to detect chargeback abuse and resolve disputes. Lawful basis: contract & legitimate interest.
- To support you — we use your contact details to answer your questions, send order updates, and resolve issues. Lawful basis: contract & legitimate interest.
- To run and improve the site — basic analytics on aggregate traffic patterns; security logs to keep the site safe. Lawful basis: legitimate interest.
- To meet legal obligations — we keep records of completed orders for tax and accounting purposes for the period required by law. Lawful basis: legal obligation.
We do not send marketing emails or use your data for advertising profiling.
4. Who we share it with
We only share your data with third parties who help us run the service. Each is bound by data-processing terms that limit them to acting on our instructions:
- Stripe — card and digital-wallet payments. Stripe privacy policy
- PayPal — PayPal payments. PayPal privacy policy
- Hostinger — our website host and email provider. Hostinger privacy policy
- The relevant loyalty programme — when you purchase a status upgrade, we share only the data needed to enrol you with that programme (typically full name and account number).
We do not sell your personal data to anyone, and we do not share it with advertising networks.
5. International transfers
Some of our service providers (Stripe, PayPal) operate globally and may process your data outside the UK / EEA. Where they do, the transfer is protected by Standard Contractual Clauses or an equivalent legal mechanism approved by the UK ICO and / or the European Commission.
6. How long we keep it
- Order records — kept for 6 years after the order date, to satisfy UK tax-record requirements.
- Loyalty-programme details — deleted within 30 days of the order being completed (or sooner on request), unless we need them to handle a dispute.
- Support messages — kept for up to 2 years for service quality and to handle repeat enquiries.
- Server logs — rotated automatically; kept for 30 days at most.
7. Your rights
Under UK / EU GDPR you have the right to:
- Access — get a copy of the data we hold about you
- Rectification — correct anything that's wrong
- Erasure — ask us to delete your data, subject to our legal record-keeping duties
- Restriction — pause our use of your data while a question is resolved
- Portability — get your data in a machine-readable format
- Object — to processing based on legitimate interest, on grounds particular to your situation
- Complain — to your local data-protection authority (in the UK, the Information Commissioner's Office at ico.org.uk)
To exercise any of these rights, email support@luxuryascent.com. We respond within 30 days at most, usually much faster.
8. Cookies
We use a small number of cookies to keep the site working:
- Essential — to remember items in your basket, keep you signed into the admin panel if applicable, and protect against CSRF.
- Functional — to remember your preferences (currency, region) within a session.
We do not use third-party tracking or advertising cookies. Stripe and PayPal may set their own cookies on the payment pages they host — those are governed by their own policies.
9. Children
Our service is intended for adults (18+). We do not knowingly collect personal data from children. If you believe a child has provided data, please contact us and we'll delete it.
10. Changes to this policy
We may update this policy from time to time. Material changes will be flagged on the site for at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the current version.
11. Contact
For data-protection questions, requests to exercise your rights, or anything related to this policy: