Privacy Policy

Last updated: January 2026

Trendarcadenok ("we," "us," or "our") is committed to protecting the privacy and personal data of every guest, visitor, and client who engages with our website and luxury hospitality services. This Privacy Policy explains in detail how we collect, use, store, share, and safeguard your personal information when you visit trendarcadenok.com or submit an inquiry through our concierge channels. By using our website you acknowledge and accept the practices described below.

1. Information We Collect

We collect personal information directly from you, automatically through our website, and occasionally from trusted third-party partners such as resorts and payment processors.

1.1 Information You Provide

Full name, title, and preferred salutation
Email address and telephone number
Postal address and country of residence
Resort preferences, travel dates, and party composition
Special requests, dietary needs, accessibility requirements
Payment details (processed by certified PCI-DSS third parties — we never store full card numbers)
Identification details required by Maltese hospitality law upon booking

1.2 Information Collected Automatically

IP address, device identifiers, browser type, operating system
Pages visited, time on site, referral source, click patterns
Approximate geolocation derived from IP address
Cookies and similar tracking technologies (see our Cookies Policy)

2. How We Use Your Information

Your personal data is used strictly for legitimate hospitality and business purposes including:

Responding to VIP inquiries and concierge requests
Coordinating and confirming resort, spa, dining, and transfer reservations
Delivering personalised luxury offers tailored to your preferences
Processing payments and issuing invoices through our partners
Sending essential service communications and itinerary updates
Sending marketing communications (only with your explicit consent)
Improving website functionality, user experience, and content relevance
Preventing fraud, ensuring security, and complying with legal obligations

3. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation, we rely on the following lawful bases:

Contract: Processing necessary to fulfil bookings and concierge services you request.
Consent: Marketing communications, optional cookies, and certain analytics.
Legitimate interests: Improving our services, securing our platform, and preventing misuse.
Legal obligation: Tax, accounting, and Maltese tourism compliance requirements.

4. Data Sharing & Third Parties

We share your personal information only when necessary to deliver the experiences you request, and only with carefully selected partners bound by strict confidentiality and data protection agreements.

Partner resorts and hotels in Malta (for booking fulfilment)
Licensed transportation, yacht, and chauffeur providers
Spa and wellness operators delivering your treatments
Secure payment processors (Stripe, PayPal, and equivalents)
IT infrastructure, hosting, and email service providers
Legal, accounting, and regulatory authorities when required by law

We never sell, rent, or trade your personal data to third parties for their own marketing purposes.

5. International Data Transfers

Some of our service providers may operate outside the European Economic Area. When transferring data internationally, we ensure adequate safeguards through Standard Contractual Clauses approved by the European Commission or by relying on adequacy decisions where applicable.

6. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse traffic patterns, and deliver relevant content. You can manage your preferences at any time. Please review our dedicated Cookies Policy for full details.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (TLS/SSL), restricted-access servers, role-based authentication, regular security audits, staff confidentiality agreements, and ongoing GDPR compliance training.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or to satisfy legal obligations.

Inquiry and booking records: 7 years (Maltese tax and accounting law)
Marketing consent records: until withdrawn by you
Website analytics data: 26 months
Customer service correspondence: 24 months

9. Your Rights Under GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

Right of access — request a copy of your personal data
Right to rectification — correct inaccurate information
Right to erasure — request deletion of your data
Right to restriction — limit how we use your data
Right to data portability — receive your data in a structured format
Right to object — to processing based on legitimate interests or marketing
Right to withdraw consent — at any time, without affecting prior processing
Right to lodge a complaint with the Maltese Information and Data Protection Commissioner (idpc.org.mt)

10. Children's Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from minors without parental consent. If you believe a minor has provided information without authorisation, please contact us and we will delete the data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legislation, technology, or our business practices. The latest version will always be available on this page with an updated revision date. Material changes will be communicated by email where appropriate.

12. Contact Us

For any privacy-related questions, requests, or to exercise your rights, please reach our Data Protection Officer through our contact page. We aim to respond to all legitimate requests within 30 calendar days.