legal
Effective Date: [To be inserted]
INTRODUCTION
Navari Lifestyle Management, LLC (“Navari,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website and services. Capitalized terms not defined in this Privacy Policy have the meanings given in the Client Service Agreement and Website Terms of Service.
By creating an account, clicking “I Accept,” or using our services, you agree to this Policy. If you just browse without signing up, only our cookie practices (Section 8) and automatic data collection (Section 2) apply to you.
This Policy is part of our Website Terms of Service and Client Service Agreement. In the event of any conflict between this Privacy Policy and other Navari agreements regarding data collection, use, or protection, this Privacy Policy controls. For all other matters, the hierarchy set forth in your Client Service Agreement applies.
We record when you accept this Policy (with a timestamp and IP address). You can request a copy of your consent record anytime at [privacy email].
| Topic | Key Points |
|---|---|
| What We Collect | Contact info, travel preferences, passport details, payment info, communication records |
| Why We Collect It | To plan and book your travel, process payments, communicate with you |
| Who We Share With | Third-Party Vendors (hotels, airlines, etc.), Third-Party Service Providers (payment processors, analytics) |
| Your Rights | Access, correction, deletion (subject to legal requirements) |
| How to Contact Us | [privacy email] |
We collect information you provide when you:
| Activity | Information Collected |
|---|---|
| Inquire or Sign Up | Name, email, phone, location |
| Book Travel | Full names (as on ID), dates of birth, passport numbers, citizenship, contact details, emergency contacts |
| Make Payments | Billing address, payment method details |
| Communicate | Email content, phone conversations, text messages |
| Preferences | Travel preferences, dietary restrictions, accessibility needs, health and medical information (if you voluntarily provide it) |
When you visit our website, we automatically collect:
Device and Browser Information: IP address, browser type, device type, operating system
Usage Information: Pages viewed, links clicked, time spent on site, referring website
Cookies and Tracking: Session cookies, analytics cookies (see Section 8)
We may receive information from:
Travel Vendors: Booking confirmations, changes, or cancellations
Payment Processors: Transaction confirmations
Public Sources: If you inquire through a third-party platform
If you book travel for others (“Authorized Travelers” as defined in your Client Service Agreement), you represent that you have authority to provide their personal information and that they have consented to our collection and use of their information as described in this Policy. You are responsible for ensuring all Authorized Travelers review this Privacy Policy.
If you’re organizing group travel, you’re confirming each group member has agreed to share their information with us and with the hotels, airlines, and other vendors needed for the trip. For health information or special needs, we may ask those travelers to sign acknowledgment forms directly.
We may collect sensitive information you choose to provide, including health conditions, medical information, dietary restrictions, allergies, and accessibility needs, to accommodate your travel requirements. Providing this information is optional. If you choose not to provide it, we may be unable to fulfill certain special requests, but you are not required to disclose sensitive information to use our basic services. We will share this sensitive information with Third-Party Vendors only as necessary to fulfill special requests you have made (such as dietary accommodations or accessibility arrangements).
IMPORTANT NOTICE REGARDING COMMUNICABLE DISEASE: Neither Navari’s professional liability insurance nor general liability insurance covers claims related to communicable disease exposure. This exclusion applies regardless of where or how exposure occurs. See your Client Service Agreement and the Liability Waiver for additional disclosures regarding communicable disease risks. You are strongly encouraged to obtain travel insurance with communicable disease coverage.
We use your information to:
| Purpose | Details |
|---|---|
| Provide Services | Plan itineraries, make bookings, coordinate with vendors, process payments |
| Communicate | Send confirmations, updates, travel documents, respond to inquiries |
| Improve Services | Analyze usage, improve website functionality, develop new services |
| Legal Compliance | Comply with laws, respond to legal requests, prevent fraud |
| Marketing (with consent) | Send newsletters, promotions, travel inspiration (you can opt out) |
We process your information based on:
Contract Performance: To provide travel services you requested
Legitimate Interests: To improve our services, prevent fraud, ensure security
Legal Obligations: To comply with tax, financial, and regulatory requirements
Consent: For marketing communications (you can withdraw anytime)
We share your information with Third-Party Vendors (as defined in your Client Service Agreement)-including hotels, airlines, tour operators, transportation providers, and activity providers-to complete your bookings. This includes:
Names, contact information, passport details
Special requests (dietary needs, accessibility, celebrations)
Payment information (as needed for booking)
Third-Party Vendors are independent businesses, not employees, agents, or partners of Navari. Their use of your information is governed by their own privacy policies, not ours. We are not responsible for how they handle your data. The one exception: if we knew (or should have known) a vendor had serious data security problems and used them anyway, we’re responsible for that choice. See your Client Service Agreement for additional information about Third-Party Vendor relationships.
We also share information with Third-Party Service Providers (as defined in the Website Terms of Service), the technology companies that help us run our business.
| Service Provider Type | Purpose | Examples |
|---|---|---|
| Payment Processors | Process credit card and ACH payments | Stripe, PayPal |
| Cloud Hosting | Store data and host website | AWS, Google Cloud |
| Email & Communication | Send emails, manage communications | Mailchimp, Twilio |
| Analytics | Understand website usage | Google Analytics |
| Customer Management | Manage client relationships | CRM platforms |
We require these providers to protect your information, but we can’t guarantee they’ll always comply. Our liability for their data breaches is limited (see Section 5).
We may share your information when required by law or when we genuinely believe it’s necessary to:
Respond to valid legal requests (subpoenas, court orders)
Enforce our agreements (only sharing what’s truly necessary)
Protect against serious, immediate threats to safety
Prevent fraud or security threats
Cooperate with law enforcement
If we receive a civil legal request for your information, we’ll try to let you know before responding unless the law prevents us or it would interfere with an investigation.
If Navari is acquired, merged, or undergoes a business transition, your information may be transferred to the successor entity.
We may share information for other purposes with your explicit consent.
We implement reasonable security measures, including:
Encryption: Secure transmission (SSL/TLS)
Access Controls: Limited employee access on need-to-know basis
PCI-DSS Compliance: Payment card data is processed through PCI-DSS compliant processors. We do not store your full card numbers on our systems.
Regular Updates: Security patches and monitoring
We carry $1,000,000 in cyber liability insurance covering network security issues, privacy claims, incident response, and certain cyber crimes. Like all insurance, it has exclusions: it doesn’t cover technology fraud, some regulatory fines, or communicable disease exposure. This disclosure is for informational purposes and does not create any rights in third parties to our insurance coverage.
While we maintain professional liability, general liability, and cyber liability insurance, these policies contain exclusions and limitations. Our professional liability insurance excludes bodily injury, property damage, and tour operating services. Our general liability insurance excludes claims arising from violations of statutes related to personal data, communicable disease, and cyber incidents. Regulatory fines and penalties may not be covered by any policy. These disclosures are for informational purposes and do not create any direct rights against our insurers.
No system is 100% secure. While we take reasonable precautions, we can’t guarantee your data will never be compromised. If something does happen, our cyber insurance covers up to $1,000,000 for qualifying claims. Beyond insurance, our direct liability is capped at the greater of the fees you paid us in the past 12 months or $25,000. These caps don’t apply if we were grossly negligent, acted with willful misconduct, or committed fraud. You are responsible for protecting your account credentials and notifying us immediately if you suspect unauthorized access.
We will never request sensitive information (such as passwords or full payment card numbers) via email. Before transferring funds based on email instructions, always verify by calling our confirmed phone number. We will never ask you to wire funds to personal accounts, change payment instructions by email alone, or purchase gift cards as payment. See the Website Terms of Service for additional fraud prevention guidance.
We’ll notify you as required by law. For Florida residents, that means within 30 days of confirming a reportable breach (unless law enforcement asks us to delay). We’ll tell you what happened, what information was affected, and what you can do to protect yourself. We will also notify applicable regulatory authorities as required by law.
We keep your information only as long as we need it:
For the duration of our relationship plus legal retention periods
We keep tax-related records for 7 years (IRS requirement). If you haven’t filed any claims within the 1-year window in your Client Service Agreement, we may delete or anonymize other personal information sooner.
Until you opt out or we determine it’s no longer needed
We regularly review what we’re keeping and delete information we no longer need.
You may request access to or correction of your personal information by contacting us at [privacy email].
Want a copy of your data? Just ask. We’ll send it to you in a common format (like CSV or PDF) within 30 days. Contact [privacy email].
You can ask us to delete your information. We’ll do it unless we need to keep certain records for:
Tax compliance (per IRS rules) or Florida Seller of Travel requirements
Active or anticipated legal matters, or an active booking
Ongoing fraud investigations
If we can’t delete everything, we’ll tell you why and delete whatever we can.
You may opt out of marketing emails by:
Clicking “unsubscribe” in any marketing email
Contacting us at [privacy email]
You cannot opt out of transactional emails (booking confirmations, service updates).
You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.
Our website does not currently respond to “Do Not Track” browser signals.
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
| Right | What It Means |
|---|---|
| Know | Request details about personal information we collect, use, and share |
| Delete | Request deletion (subject to exceptions) |
| Opt-Out | Opt out of “sale” of personal information. We do not sell your personal information for monetary consideration. We share information with Third-Party Vendors solely to complete your travel bookings, not in exchange for payment for your data. |
| Non-Discrimination | We will not discriminate for exercising CCPA rights |
To exercise these rights, contact us at [privacy email] with “California Privacy Rights” in the subject line.
We will verify your identity before processing requests.
You may designate an authorized agent to submit requests on your behalf.
If you are in the European Economic Area or United Kingdom, you have additional rights under GDPR:
Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion (subject to legal requirements)
Restriction: Limit processing in certain circumstances
Portability: Receive your data in machine-readable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for marketing at any time
To exercise these rights, contact us at [privacy email].
Data Controller: Navari Lifestyle Management, LLC is the data controller for your information.
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
If your jurisdiction provides additional privacy rights, please contact us to discuss.
Other States: Privacy laws are evolving. If you live in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state with privacy legislation, you may have additional rights. Contact us at [privacy email] to discuss what applies to you.
| Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Enable website functionality, security | Session |
| Analytics Cookies | Understand usage, improve website | Persistent |
| Marketing Cookies | Deliver relevant ads (if applicable) | Persistent |
Third parties (such as Google Analytics) may place cookies on your device. We do not control their cookies — their privacy policies govern.
Most browsers allow you to control cookies through settings. Disabling cookies may limit website functionality.
We’ll ask your permission before using photos or videos of you in our marketing. You can set your preferences when you sign up or book, and change them anytime by emailing [privacy email]. You may change your preferences at any time by contacting us at [privacy email]. We will not use your image in marketing materials without your consent. For adventure activities, the Liability Waiver has specific consent options. Photos taken by hotels, airlines, or other vendors are governed by their policies, not ours.
For adventure activities, you may be asked to authorize access to medical records related to injuries pursuant to the HIPAA authorization in the Liability Waiver. Medical records obtained pursuant to that authorization are governed by its terms, not this Privacy Policy, with respect to access, use, and disclosure. However, we will apply the security measures described in Section 5 to protect such medical information. The HIPAA authorization has a three-year duration and may be revoked in writing; revocation does not affect uses or disclosures made before revocation. We use medical information only for coordinating your care, documenting incidents, and if necessary, for legal proceedings.
Our services are not directed to individuals under 18. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from someone under 18 without parental consent, we will delete it promptly.
Parents or guardians may provide information about children in their care for travel purposes, but they’re responsible for that information and the child’s account activity. When you give us a child’s information, you’re confirming you have legal authority to do so. For international travel or high-risk activities, we may ask for proof of your relationship. Only adults 18 and older can create accounts, sign agreements, or book travel.
Navari is based in the United States. If you are outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws than your country. By using our services, you consent to this transfer.
We use European Commission-approved Standard Contractual Clauses and other legal safeguards to protect your data when it’s transferred to the U.S. Want a copy of these safeguards? Email [privacy email].
This Policy is governed by Florida law, without regard to conflict of law principles.
BY USING OUR SERVICES, YOU AGREE TO RESOLVE DISPUTES ABOUT THIS POLICY THROUGH BINDING ARBITRATION—NOT IN COURT. YOU’RE GIVING UP YOUR RIGHT TO A JURY TRIAL AND TO JOIN CLASS ACTIONS. You can opt out within 30 days by sending written notice to the address in Section 13. See our Website Terms and Client Service Agreement for full details.
If any part of this Policy is found unenforceable, the rest remains in effect. We’ll interpret the unenforceable provision as narrowly as needed to make it valid.
If we don’t immediately enforce any part of this Policy, that doesn’t mean we’ve waived our right to enforce it later.
We may assign our rights and obligations under this Policy in connection with a merger, acquisition, or sale of assets. You cannot assign your rights without our written consent.
This Policy, together with our Website Terms of Service, Client Service Agreement, and any other agreements you sign with us, constitutes the complete agreement regarding your privacy. It supersedes any prior discussions or representations about data practices.
We may update this Policy from time to time. Changes will be posted on our website with an updated Effective Date. For material changes, like how we collect, use, or share your information, or changes to liability limits or dispute resolution procedures, we will provide at least 30 days’ notice by email and website posting before they take effect. For material changes, we’ll ask for your consent before they take effect. If you don’t agree, you can close your account and request deletion of your information (see Section 6). The version of this Policy that was in effect when you last used our services will continue to apply to information we collected before the change. For minor updates, your continued use means you accept them.
If you have questions, concerns, or requests regarding this Privacy Policy or your data practices:
Navari Lifestyle Management, LLC | 4440 PGA Blvd Suite | 600 Palm Beach Gardens, FL 33410
Email: [privacy email] Phone: [To be inserted]
We’re registered with the Florida Department of Agriculture and Consumer Services (this doesn’t mean the state endorses us). Verify our registration at 1-800-HELP-FLA or FloridaConsumerHelp.com.
Florida Seller of Travel: ST-[INSERT NUMBER].
Accessibility: If you need this Policy in an alternative format due to a disability, please contact us and we’ll work to accommodate your needs.
Last Updated: [To be inserted]
