legal
Effective Date: [To be inserted]
INTRODUCTION
Navari Lifestyle Management, LLC (“Navari,” “we,” “us,” or “our”)
respects your privacy. This Privacy Policy explains how we collect, use,
share, and protect your personal information when you use our website
and services. Capitalized terms not defined in this Privacy Policy have
the meanings given in the Client Service Agreement and Website Terms of
Service.
By creating an account, clicking “I Accept,” or using our services,
you agree to this Policy. If you just browse without signing up, only
our cookie practices (Section 8) and automatic data collection (Section
2) apply to you.
This Policy is part of our Website Terms of Service and Client
Service Agreement. In the event of any conflict between this Privacy
Policy and other Navari agreements regarding data collection, use, or
protection, this Privacy Policy controls. For all other matters, the
hierarchy set forth in your Client Service Agreement applies.
We record when you accept this Policy (with a timestamp and IP
address). You can request a copy of your consent record anytime at
[privacy email].
| Topic | Key Points |
|---|---|
| What We Collect | Contact info, travel preferences, passport details, payment info, communication records |
| Why We Collect It | To plan and book your travel, process payments, communicate with you |
| Who We Share With | Third-Party Vendors (hotels, airlines, etc.), Third-Party Service Providers (payment processors, analytics) |
| Your Rights | Access, correction, deletion (subject to legal requirements) |
| How to Contact Us | [privacy email] |
We collect information you provide when you:
| Activity | Information Collected |
|---|---|
| Inquire or Sign Up | Name, email, phone, location |
| Book Travel | Full names (as on ID), dates of birth, passport numbers, citizenship, contact details, emergency contacts |
| Make Payments | Billing address, payment method details |
| Communicate | Email content, phone conversations, text messages |
| Preferences | Travel preferences, dietary restrictions, accessibility needs, health and medical information (if you voluntarily provide it) |
When you visit our website, we automatically collect:
Device and Browser Information: IP address, browser type, device
type, operating system
Usage Information: Pages viewed, links clicked, time spent on
site, referring website
Cookies and Tracking: Session cookies, analytics cookies (see
Section 8)
We may receive information from:
Travel Vendors: Booking confirmations, changes, or
cancellations
Payment Processors: Transaction confirmations
Public Sources: If you inquire through a third-party
platform
If you book travel for others (“Authorized Travelers” as defined in
your Client Service Agreement), you represent that you have authority to
provide their personal information and that they have consented to our
collection and use of their information as described in this Policy. You
are responsible for ensuring all Authorized Travelers review this
Privacy Policy.
If you’re organizing group travel, you’re confirming each group
member has agreed to share their information with us and with the
hotels, airlines, and other vendors needed for the trip. For health
information or special needs, we may ask those travelers to sign
acknowledgment forms directly.
We may collect sensitive information you choose to provide, including
health conditions, medical information, dietary restrictions, allergies,
and accessibility needs, to accommodate your travel requirements.
Providing this information is optional. If you choose not to provide it,
we may be unable to fulfill certain special requests, but you are not
required to disclose sensitive information to use our basic services. We
will share this sensitive information with Third-Party Vendors only as
necessary to fulfill special requests you have made (such as dietary
accommodations or accessibility arrangements).
IMPORTANT NOTICE REGARDING COMMUNICABLE DISEASE:
Neither Navari’s professional liability insurance nor general liability
insurance covers claims related to communicable disease exposure. This
exclusion applies regardless of where or how exposure occurs. See your
Client Service Agreement and the Liability Waiver for additional
disclosures regarding communicable disease risks. You are strongly
encouraged to obtain travel insurance with communicable disease
coverage.
We use your information to:
| Purpose | Details |
|---|---|
| Provide Services | Plan itineraries, make bookings, coordinate with vendors, process payments |
| Communicate | Send confirmations, updates, travel documents, respond to inquiries |
| Improve Services | Analyze usage, improve website functionality, develop new services |
| Legal Compliance | Comply with laws, respond to legal requests, prevent fraud |
| Marketing (with consent) | Send newsletters, promotions, travel inspiration (you can opt out) |
We process your information based on:
Contract Performance: To provide travel services you
requested
Legitimate Interests: To improve our services, prevent fraud,
ensure security
Legal Obligations: To comply with tax, financial, and regulatory
requirements
Consent: For marketing communications (you can withdraw
anytime)
We share your information with Third-Party Vendors (as defined in
your Client Service Agreement)-including hotels, airlines, tour
operators, transportation providers, and activity providers-to complete
your bookings. This includes:
Names, contact information, passport details
Special requests (dietary needs, accessibility,
celebrations)
Payment information (as needed for booking)
Third-Party Vendors are independent businesses, not employees,
agents, or partners of Navari. Their use of your information is governed
by their own privacy policies, not ours. We are not responsible for how
they handle your data. The one exception: if we knew (or should have
known) a vendor had serious data security problems and used them anyway,
we’re responsible for that choice. See your Client Service Agreement for
additional information about Third-Party Vendor relationships.
We also share information with Third-Party Service Providers (as
defined in the Website Terms of Service), the technology companies that
help us run our business.
| Service Provider Type | Purpose | Examples |
|---|---|---|
| Payment Processors | Process credit card and ACH payments | Stripe, PayPal |
| Cloud Hosting | Store data and host website | AWS, Google Cloud |
| Email & Communication | Send emails, manage communications | Mailchimp, Twilio |
| Analytics | Understand website usage | Google Analytics |
| Customer Management | Manage client relationships | CRM platforms |
We require these providers to protect your information, but we can’t
guarantee they’ll always comply. Our liability for their data breaches
is limited (see Section 5).
We may share your information when required by law or when we
genuinely believe it’s necessary to:
Respond to valid legal requests (subpoenas, court
orders)
Enforce our agreements (only sharing what’s truly
necessary)
Protect against serious, immediate threats to safety
Prevent fraud or security threats
Cooperate with law enforcement
If we receive a civil legal request for your information, we’ll try
to let you know before responding unless the law prevents us or it would
interfere with an investigation.
If Navari is acquired, merged, or undergoes a business transition,
your information may be transferred to the successor entity.
We may share information for other purposes with your explicit
consent.
We implement reasonable security measures, including:
Encryption: Secure transmission (SSL/TLS)
Access Controls: Limited employee access on need-to-know
basis
PCI-DSS Compliance: Payment card data is processed through
PCI-DSS compliant processors. We do not store your full card numbers on
our systems.
Regular Updates: Security patches and monitoring
We carry $1,000,000 in cyber liability insurance covering network
security issues, privacy claims, incident response, and certain cyber
crimes. Like all insurance, it has exclusions: it doesn’t cover
technology fraud, some regulatory fines, or communicable disease
exposure. This disclosure is for informational purposes and does not
create any rights in third parties to our insurance coverage.
While we maintain professional liability, general liability, and
cyber liability insurance, these policies contain exclusions and
limitations. Our professional liability insurance excludes bodily
injury, property damage, and tour operating services. Our general
liability insurance excludes claims arising from violations of statutes
related to personal data, communicable disease, and cyber incidents.
Regulatory fines and penalties may not be covered by any policy. These
disclosures are for informational purposes and do not create any direct
rights against our insurers.
No system is 100% secure. While we take reasonable precautions, we
can’t guarantee your data will never be compromised. If something does
happen, our cyber insurance covers up to $1,000,000 for qualifying
claims. Beyond insurance, our direct liability is capped at the greater
of the fees you paid us in the past 12 months or $25,000. These caps
don’t apply if we were grossly negligent, acted with willful misconduct,
or committed fraud. You are responsible for protecting your account
credentials and notifying us immediately if you suspect unauthorized
access.
We will never request sensitive information (such as passwords or
full payment card numbers) via email. Before transferring funds based on
email instructions, always verify by calling our confirmed phone number.
We will never ask you to wire funds to personal accounts, change payment
instructions by email alone, or purchase gift cards as payment. See the
Website Terms of Service for additional fraud prevention guidance.
We’ll notify you as required by law. For Florida residents, that
means within 30 days of confirming a reportable breach (unless law
enforcement asks us to delay). We’ll tell you what happened, what
information was affected, and what you can do to protect yourself. We
will also notify applicable regulatory authorities as required by
law.
We keep your information only as long as we need it:
For the duration of our relationship plus legal retention periods
We keep tax-related records for 7 years (IRS requirement). If you
haven’t filed any claims within the 1-year window in your Client Service
Agreement, we may delete or anonymize other personal information
sooner.
Until you opt out or we determine it’s no longer needed
We regularly review what we’re keeping and delete information we no
longer need.
You may request access to or correction of your personal information
by contacting us at [privacy email].
Want a copy of your data? Just ask. We’ll send it to you in a common
format (like CSV or PDF) within 30 days. Contact [privacy
email].
You can ask us to delete your information. We’ll do it unless we need
to keep certain records for:
Tax compliance (per IRS rules) or Florida Seller of Travel
requirements
Active or anticipated legal matters, or an active
booking
Ongoing fraud investigations
If we can’t delete everything, we’ll tell you why and delete
whatever we can.
You may opt out of marketing emails by:
Clicking “unsubscribe” in any marketing email
Contacting us at [privacy email]
You cannot opt out of transactional emails (booking confirmations,
service updates).
You can control cookies through your browser settings. Note that
disabling cookies may affect website functionality.
Our website does not currently respond to “Do Not Track” browser
signals.
If you are a California resident, you have additional rights under
the California Consumer Privacy Act:
| Right | What It Means |
|---|---|
| Know | Request details about personal information we collect, use, and share |
| Delete | Request deletion (subject to exceptions) |
| Opt-Out | Opt out of “sale” of personal information. We do not sell your personal information for monetary consideration. We share information with Third-Party Vendors solely to complete your travel bookings, not in exchange for payment for your data. |
| Non-Discrimination | We will not discriminate for exercising CCPA rights |
To exercise these rights, contact us at [privacy email]
with “California Privacy Rights” in the subject line.
We will verify your identity before processing requests.
You may designate an authorized agent to submit requests on your
behalf.
If you are in the European Economic Area or United Kingdom, you have
additional rights under GDPR:
Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion (subject to legal
requirements)
Restriction: Limit processing in certain circumstances
Portability: Receive your data in machine-readable
format
Object: Object to processing based on legitimate
interests
Withdraw Consent: Withdraw consent for marketing at any
time
To exercise these rights, contact us at [privacy
email].
Data Controller: Navari Lifestyle Management, LLC is the data
controller for your information.
Supervisory Authority: You have the right to lodge a complaint
with your local data protection authority.
If your jurisdiction provides additional privacy rights, please
contact us to discuss.
Other States: Privacy laws are evolving. If you live in Virginia,
Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state
with privacy legislation, you may have additional rights. Contact us at
[privacy email] to discuss what applies to you.
| Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Enable website functionality, security | Session |
| Analytics Cookies | Understand usage, improve website | Persistent |
| Marketing Cookies | Deliver relevant ads (if applicable) | Persistent |
Third parties (such as Google Analytics) may place cookies on your
device. We do not control their cookies — their privacy policies
govern.
Most browsers allow you to control cookies through settings.
Disabling cookies may limit website functionality.
We’ll ask your permission before using photos or videos of you in our
marketing. You can set your preferences when you sign up or book, and
change them anytime by emailing [privacy email]. You may
change your preferences at any time by contacting us at [privacy
email]. We will not use your image in marketing materials without
your consent. For adventure activities, the Liability Waiver has
specific consent options. Photos taken by hotels, airlines, or other
vendors are governed by their policies, not ours.
For adventure activities, you may be asked to authorize access to
medical records related to injuries pursuant to the HIPAA authorization
in the Liability Waiver. Medical records obtained pursuant to that
authorization are governed by its terms, not this Privacy Policy, with
respect to access, use, and disclosure. However, we will apply the
security measures described in Section 5 to protect such medical
information. The HIPAA authorization has a three-year duration and may
be revoked in writing; revocation does not affect uses or disclosures
made before revocation. We use medical information only for coordinating
your care, documenting incidents, and if necessary, for legal
proceedings.
Our services are not directed to individuals under 18. We do not
knowingly collect personal information from anyone under 18. If we learn
we have collected information from someone under 18 without parental
consent, we will delete it promptly.
Parents or guardians may provide information about children in their
care for travel purposes, but they’re responsible for that information
and the child’s account activity. When you give us a child’s
information, you’re confirming you have legal authority to do so. For
international travel or high-risk activities, we may ask for proof of
your relationship. Only adults 18 and older can create accounts, sign
agreements, or book travel.
Navari is based in the United States. If you are outside the U.S.,
your information will be transferred to and processed in the U.S., which
may have different data protection laws than your country. By using our
services, you consent to this transfer.
We use European Commission-approved Standard Contractual Clauses and
other legal safeguards to protect your data when it’s transferred to the
U.S. Want a copy of these safeguards? Email [privacy
email].
This Policy is governed by Florida law, without regard to conflict of
law principles.
BY USING OUR SERVICES, YOU AGREE TO RESOLVE DISPUTES ABOUT THIS
POLICY THROUGH BINDING ARBITRATION—NOT IN COURT. YOU’RE GIVING UP YOUR
RIGHT TO A JURY TRIAL AND TO JOIN CLASS ACTIONS. You can opt out within
30 days by sending written notice to the address in Section 13. See our
Website Terms and Client Service Agreement for full details.
If any part of this Policy is found unenforceable, the rest remains
in effect. We’ll interpret the unenforceable provision as narrowly as
needed to make it valid.
If we don’t immediately enforce any part of this Policy, that doesn’t
mean we’ve waived our right to enforce it later.
We may assign our rights and obligations under this Policy in
connection with a merger, acquisition, or sale of assets. You cannot
assign your rights without our written consent.
This Policy, together with our Website Terms of Service, Client
Service Agreement, and any other agreements you sign with us,
constitutes the complete agreement regarding your privacy. It supersedes
any prior discussions or representations about data practices.
We may update this Policy from time to time. Changes will be posted
on our website with an updated Effective Date. For material changes,
like how we collect, use, or share your information, or changes to
liability limits or dispute resolution procedures, we will provide at
least 30 days’ notice by email and website posting before they take
effect. For material changes, we’ll ask for your consent before they
take effect. If you don’t agree, you can close your account and request
deletion of your information (see Section 6). The version of this Policy
that was in effect when you last used our services will continue to
apply to information we collected before the change. For minor updates,
your continued use means you accept them.
If you have questions, concerns, or requests regarding this Privacy
Policy or your data practices:
Navari Lifestyle Management, LLC | 4440 PGA Blvd Suite | 600 Palm
Beach Gardens, FL 33410
Email: [privacy email] Phone: [To be
inserted]
We’re registered with the Florida Department of Agriculture and
Consumer Services (this doesn’t mean the state endorses us). Verify our
registration at 1-800-HELP-FLA or FloridaConsumerHelp.com.
Florida Seller of Travel: ST-[INSERT NUMBER].
Accessibility: If you need this Policy in an
alternative format due to a disability, please contact us and we’ll work
to accommodate your needs.
Last Updated: [To be inserted]
