Privacy Policy

Privacy Policy

Effective Date: 25-Nov-2023

Last Updated: January 17th, 2025

Who we are

Welcome to www.mickeyvillevacations.com (“we,” “our,” or “us”). This Privacy Policy is designed to help you understand how we collect, use, and protect your personal information. By using our website https://mickeyvillevacations.com/ (the “Site”), you consent to the practices described in this Privacy Policy.

1. Information We Collect

Comments: When visitors leave comments on the site, we collect the data shown in the comments form, including the visitor’s name, email address, website (if provided), and the content of the comment. We also collect the visitor’s IP address and browser user agent string to help with spam detection.

Legal Basis: We collect this data based on your consent (Art. 6(1)(a) GDPR) and our legitimate interests in preventing spam (Art. 6(1)(f) GDPR).

Gravatar Service: An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service’s privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies: If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies. These cookies are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Google AdSense: Our website uses Google AdSense to display advertisements. Google and its partners use cookies and similar technologies to serve personalized and contextual ads based on your browsing behavior or prior visits to this and other websites.

Opt-Out Mechanisms: You can manage or withdraw consent for cookies through browser settings or by visiting Google Ads Settings.

2. Who We Share Your Data With

If you request a password reset, your IP address will be included in the reset email.

Legal Basis: We share this data as necessary to fulfill our contractual obligations to you (Art. 6(1)(b) GDPR, Art. 7 LGPD) and to protect our legitimate interests (Art. 6(1)(f) GDPR, Art. 10 LGPD).

Advertising Partners: We share data with third-party vendors, including Google, to deliver personalized or contextual advertisements.

California Residents: Users in California can opt out of the “sale” of personal data by visiting the Network Advertising Initiative.

Brazilian Residents: Your data will only be shared with third parties when necessary for providing the service or with your explicit consent, as required under Art. 7 LGPD.

3. How Long We Retain Your Data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Legal Basis: We retain this data based on our legitimate interests in maintaining the functionality of our website and improving user experience (Art. 6(1)(f) GDPR).

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Legal Basis: We retain user profile data based on your consent (Art. 6(1)(a) GDPR) and as necessary to fulfill our contractual obligations to you (Art. 6(1)(b) GDPR).

Analytics Data: Data collected for analytics purposes, including Google Analytics, is retained for up to 26 months unless required longer by applicable laws.

4. What Rights You Have Over Your Data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

Legal Basis: We provide this option to fulfill our obligations under the GDPR.

You can also request that we erase any personal data we hold about you, except for data we are obliged to keep for administrative, legal, or security purposes.

Legal Basis: We will erase your data upon request unless we have a legal obligation to retain it.

GDPR Rights: Users in the EU can also object to processing for direct marketing purposes or request data portability.

CCPA Rights: California residents have the right to request details about data sharing, delete their data, and opt out of its “sale.”

LGPD Rights: Under Brazil’s LGPD, users have the right to confirm the existence of data processing, access their data, correct inaccuracies, request anonymization or deletion, and revoke consent at any time.

5. Where We Send Your Data

Visitor comments may be checked through an automated spam detection service.

Legal Basis: We use this service to protect our legitimate interests in preventing spam (Art. 6(1)(f) GDPR).

International Transfers: If personal data is transferred outside the European Economic Area (EEA), protections such as Standard Contractual Clauses (SCCs) will be implemented to protect user data.

6. Data Security Measures

We implement appropriate Information Security, technical and organizational measures to protect your personal data.

Encryption: We use industry-standard encryption protocols (e.g., TLS/SSL) to secure data transmission between your device and our website.
Access Controls: Only authorized personnel have access to your personal data, and they are required to adhere to strict confidentiality obligations.
Data Minimization: We collect and store only the data necessary for providing our services, reducing the risk of exposure.
Regular Security Audits: Our systems and processes are routinely audited and tested to identify vulnerabilities and ensure compliance with security best practices.
Secure Data Storage: Personal data is stored on secure servers protected by firewalls and multi-factor authentication mechanisms.
Incident Response Plan: We have a comprehensive incident response plan in place to detect, respond to, and mitigate the impact of potential data breaches.

7. International Data Transfers

If data is transferred outside the European Economic Area (EEA), we will ensure that adequate protections are in place to protect your data.

8. Data Protection Officer (DPO)

Our Data Protection Officer can be reached at services@mickeyvillevacations.com

9. Data Breach Notification

In the event of a data breach that may result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, when required, affected data subjects.

10. Children’s Data

Our services are not intended for children under 18 years of age. If we become aware of the collection of personal data from a child without parental consent, we will take steps to remove the data.

11. Policy Review

This policy will be reviewed and updated quarterly to ensure ongoing compliance with data protection regulations.

Discover memorable getaways with Mickeyville's Vacation Rental

Receive Offers