Privacy Policy

Last Updated: October 15, 2024 Effective Since: April 19, 2017

CTF BM Operations Ltd. Operating as Baha Mar and its affiliates (collectively, “Baha Mar”, “we”, “our” or “us”) are committed to safeguarding your privacy and want you to be familiar with how we collect, disclose and otherwise use information about you.

References in this Privacy Policy to “Baha Mar,” “we,” “our” or “us” are references to the entity responsible for the processing of your personal data, which generally is the entity that obtains your personal data in the respective case, or the data controller.

This Privacy Policy describes:

• our practices in connection with the information we collect from you when you visit our websites that link to this Privacy Policy (the “Site”), or when you use any applications made available by us on or through computers and mobile devices (the “Apps”),
• when we communicate with you through e-mail messages that link to this Privacy Policy (collectively, including the Site and Apps, referred to as the “Services”);
• our privacy practices when we communicate with you by offline channels, such as when you provide your information to our call centers, or in person (“Offline Services”); and
• the basis on which we will process personal data we collect from you or that you provide to us, and your choices with respect to that data.
• California residents’ rights under CCPA

This Privacy Policy excludes those websites and online services that have separate privacy policies and do not incorporate this Privacy Policy by reference or otherwise. Different privacy policies also may apply to other parts of our web presence – for example, web pages for online recruitment.

Our privacy practices may be more or less limited in certain countries in which we operate to reflect local practices and legal requirements.

By providing your personal data and other information through our Services, you acknowledge that your personal data will be processed pursuant to the terms of this Privacy Policy. If any term in this Privacy Policy is unacceptable to you, please do not use the Services or provide any personal data.

1. What Information is Collected About Me?

1.1 Personal Data

The term “Personal Data” as used in this Privacy Policy refers to any information relating to an identified or identifiable individual, or as defined under applicable law. We collect Personal Data such as:

• Your name, e-mail address, phone number, physical address (billing and shipping), company affiliation, title;
• Demographic information and location, and government-issued identifiers;
• Your credit card and/or debit card details;
• Guest stay information, special requests and preferences (including preferred room type or floor, spend, vacation preferences, amenities requested, language preferences, interests, hobbies, ages of children or companions and any other aspects of the Services used), telephone numbers dialed, faxes and telephone messages received;
• IP addresses,  online user account details or profiles when you log-in to your Baha Mar account;
• Frequent flyer and travel partner program affiliations and member number; hotel, airline and rental car packages booked;
• Social media account information, profile pictures or posts;
• Information, feedback or content you provide regarding your marketing preferences, in surveys, comment cards, sweepstakes, or promotional offers on our Services and those of third parties;
• Images and visual recordings through the use of closed circuit television systems collected while visiting a Baha Mar hotel or property, where permitted by applicable law;
• Conversations, including records or monitoring of guest service calls for quality assurance and training purposes, and other communications such as in-app messages or SMS text messages, where permitted by applicable law or based upon consent;
• Contact details concerning the employees of corporate accounts and vendors and other individuals with whom we do business (e.g., travel agents, bookers, event planners); and
• Other types of information that you voluntarily choose to provide to us.

1.2 Sensitive Personal Data

From time to time, you may provide or we may collect what is considered sensitive personal information or “special categories of personal data” under applicable privacy laws (herein referred to as “Sensitive Personal Data”). For example, you may disclose your religious affiliation to us when you host or attend an event at one of our hotels or provide your health information or dietary restrictions so that we can accommodate you during your stay.

We only process Sensitive Personal Data if and to the extent permitted and required by applicable law or with your express consent. Unless otherwise required by applicable law, you are not required to provide us with any of your Sensitive Personal Data. Should you choose not to, your decision would not prevent you from using our Services.

1.3 Personal Data from Third Parties
We may collect Personal Data related to you from third parties such as from airlines, payment card providers, travel agencies and online booking services, other affiliates and Baha Mar hotel and properties you have previously visited, public databases, joint marketing partners, third parties who sell products and services under our brands and your social medial sites consistent with your settings on such services.

Additionally, if you submit Personal Data relating to other people – such as your children or other companions – in connection with the Services, you are also deemed to be representing that you have the authority to do so and permit us to use their Personal Data for the purposes described in this Privacy Policy.

2. When is Your Personal Data Collected?

We collect Personal Data about you in a number of ways, including:

When you make reservations, stay at a property or plan or attend an event. Visitors who elect to make reservations using our Services or Offline Services will be asked to supply specific Personal Data, including name, e-mail address and contact information, as well as information to secure the reservation, such as a credit card number. We collect your Personal Data to provide you with services, including when you purchase goods and services, inform us of any requests, or take advantage of services such as concierge services, health clubs and spa treatments, activities, equipment rentals, and child care services. If you plan or host an event with us, we collect meeting and event specifications, such as your name, contact details, date of event, occasion, number of guest rooms required, and length of stay. We also collect information about guests that are a part of your group or event.
From Owners. We manage hotels and other properties on behalf of third-party owners (“Owners”). If you make a reservation to stay at a property managed by us, we will share and receive Personal Data with and from the Owner of that property, e.g., your stay information, payment information and any observations about your service preferences. Owners’ use of your Personal Data will be governed by their own privacy practices and is only covered in this Privacy Policy where specifically noted.
When you sign up for promotional offers. We collect your e-mail address when you sign up for promotional offers.
When you provide your comments and feedback or communicate with us. We may collect Personal Data that you voluntarily share with us in surveys, guest feedback or comment cards, as well as on third-party websites. We also collect your Personal Data when you communicate with us via text or e-mail or otherwise, like WeChat.
When you share photos. We collect and publish photos and images you voluntarily share with us about your experience with us.
When you purchase a gift card. If you decide to purchase a gift card, we collect Personal Data including the recipient’s name, e-mail address, shipping information, and any other information you voluntarily provide.
From social media. We collect information from social media activity such as when you ‘like’ the Website, share content or follow us on social media sites like Facebook, Twitter, Pinterest Instagram, or WeChat. If you choose to log-in, connect with or link to Services using your social media account certain Personal Data is shared with us consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates, as well as Personal Data that may be a part of your profile or friend’s profile.
From other sources. We may receive your Personal Data from other sources, like public databases, joint marketing partners, and other third parties including travel agencies, airline and credit card partners.
When you inquire about development or Owner opportunities. We may collect your Personal Data including your e-mail address when you contact us to learn more about development or ownership opportunities with us.

3. Why is Personal Data Used?

We use your Personal Data in a number of ways as set forth below.

3.1 Performance of a Contract. We process your Personal Data in order to perform a contract with you, including to complete your reservation, provide you goods and services that you requested, or to inform Owners of your stay in order to render services to you while visiting a hotel or other property that we manage.

3.2 Legitimate Business Reasons. We use your Personal Data where it has a legitimate business reason to do so, pursued by a third party or us. This includes providing you with superior customer service and a personalized experience when staying with us, keeping our Services safe and secure and to protect our operations or those of any of our affiliates or other third parties, and distributing and responding to surveys regarding your experience, allowing you to participate in sweepstakes, contests, and other promotions and to administer these activities. Please bear in mind that some of these promotions have additional rules, which could contain additional information regarding what Personal Data we collect and how it is used. We encourage you to read these rules carefully. Such legitimate business reasons also include providing you with information that you have requested and responding to your inquiries, anonymizing Personal Data provided under this Privacy Policy to improve the Services and guiding the development of new features and services, and subject to applicable law and regulations, in the event of a corporate event such as a sale, merger or change in control.

3.3 To Comply with Legal Obligations. We process your Personal Data where it is necessary to comply with legal obligations to which it may be bound. This includes complying with legal processes, responding to requests from public and government authorities around the world, and pursuing available remedies or limit damage we or other third parties may sustain.

3.4 With Your Consent. We process your Personal Data when we have your valid consent to do you, including to communicate (including by e-mail and SMS) with you during your stay, to send you promotional offers, newsletters, information on us, our Services, and other marketing communications in accordance with your preferences; and to process Sensitive Personal Data you may have provided us in connection with your stay; for example, any dietary restrictions or special accommodations for physical and medical conditions.

3.5 Vital Interest. In certain circumstances when it is not possible to obtain your consent, it may be necessary for us to process your Personal Data, including Sensitive Personal Data you provided through our Services, where it is in your vital interest or in the interest of others, for example in the event of a medical emergency.

3.6 We will not sell, rent, or share your information without your consent except in accordance with this Privacy Policy or for the purposes disclosed on any online form or location on the Services where you provide Personal Data to us.

4. When Do We Disclose Your Personal Data?

We may disclose or share your Personal Data as follows:

4.1 To Hotels and Other Properties. The Personal Data you provide to us in connection with making a reservation is shared with the respective hotel or property for purposes of meeting your reservation request. The hotel or other property may be managed by us but owned by an independent third-party Owner. After your stay, we retain your Personal Data, including the details of your stay and your preferences (e.g., room, type, interest, hobbies, amenities used) to provide you personalized service during your next stay, subject to your preferences.

You can object to the retention of your Personal Data for this purpose by contacting us as described in Section 11 of this Privacy Policy.

4.2 To Affiliates. We are a global enterprise and may disclose your Personal Data to other companies or hotels within our group, including in our offices in Hong Kong, the European Economic Area (EEA) and the United States in order to help render services to you associated with your stay at our hotels or other properties and to provide you marketing communications, consistent with your choices. For a complete listing of our affiliates, please contact us as indicated in Section 14.

4.3 Commercial Service Providers and Suppliers. We may outsource the processing of certain functions and/or information to third parties that provide services such as Services hosting, data analysis, payment and credit card processing, order fulfillment, customer service, e-mail delivery, financial services companies, delivery services, advertising networks, and information technology. We may also share your Personal Data with third-party providers that provide services such as spa treatment, salons, and restaurants within our hotels or other properties, or event planners or organizers of any event you plan or host with us.

4.4 External Partners. We may share your Personal Data to other partners, consultants and advisors who render services to us, including financial institutions, external auditors, lawyers, and credit card issuers. When you request credit, your personal information will be used and disclosed to appropriate third parties in accordance with applicable laws for the purpose of determining whether to grant and maintain a line of credit to you.

4.5 Travel-Related Service Partners. We may share your Personal Data with select third parties. For example, we may help arrange rental cars and share Personal Data with them in order to provide those services. We also may work with third parties, such as travel agencies and airlines to help provide you with a single source for purchasing travel-related services. Please note that this Privacy Policy does not apply to information that you provide directly to third parties.

4.6 E-Folio Program. If you are an employee or corporate client of a company that participates in Baha Mar’s E-Folio Program, a summary of the goods and services provided to you during your stay will be shared with the payment card provider, who in turn, may share that summary with your employer or corporate client. Once the Personal Data is transferred to the credit card issuer, credit card network operator, your employer and/or corporate client, it is no longer subject to the provisions of this Privacy Policy. Please visit the privacy policies of your employer or corporate client, the relevant payment card provider and card issuer for more information on their data privacy and protection practices.

4.7 Co-Sponsors of Promotions. Your Personal Data may be shared with our affiliates or other unaffiliated business partners that serve as co-sponsors or third-party sponsors of promotions, or other contests if you enter into one of these activities on our Services.

4.8 Social Media and Message Boards. If you connect to one of our social media pages, we may disclose your Personal Data to your friends associated with your social medial account, to other website users, and to your social media account provider, in connection with your social sharing activities. We may make reviews, message boards, blogs and other user-generated content available to users on our Services. Any information disclosed in these areas is public information and you should accordingly exercise caution when deciding to disclose your Personal Data in this context. We are not responsible for the privacy practices of other users including web operators to whom you provide information.

4.9 Business Transfers. From time to time, we may sell our business, hotels and other assets or may cease managing a hotel or property owned by an Owner. In those circumstances, we may include Personal Data collected about you, or control of that Personal Data, as a business asset in any such transfer. For example, if we cease to operate a hotel property we do not own, the Owner may continue to have and use your Personal Data for continued business purposes consistent with the hotel’s operations, including direct marketing. Additionally, we may disclose your Personal Data to a buyer or other successor in the event of a merger, sale or other transfer event, in which Personal Data held by us about our users is among the assets transferred.

4.10 Anonymized Data. We may share aggregated data with third parties collectively in an anonymous way, which does not reveal Personal Data.

4.11 Legal Obligation. If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, pursuant to a legal request, subpoena or other legal processes, or in order to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; or to protect the rights, property, or our safety, our guests, or others. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

5. What Cookies and Other Technologies Do We Collect?

#cookie5.1 Automatic Data Collection. We may use automatic data collection technologies to collect certain statistical (non-personal) information about your equipment, browsing actions, and patterns, including (a) details of your visits to our Services, including traffic data and location data, date and time of access, frequency and other communication data; (b) information about your computer and internet connection, including your IP address, operating system, host domain, and browser type; and (c) details of referring websites actions, and patterns.

5.2 Cookies. As further described in our Cookie Policy, we use cookies and other similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) on or across different Services and devices. We also allow other third parties to use cookies as described in our Cookie Policy. You can control cookies through your browser settings and other tools. For more information on the cookies we collect and how to disable them, please visit our Cookie Policy.

5.3 Social Media Plug-ins. One of the features of our Site is that it uses what are called social plugins (“plugins”) from the social networks Twitter, Facebook, YouTube, Pinterest, and Instagram. These plugins are indicated by the respective logo of the social network. When you access our Site, your browser establishes a direct connection with the servers of these social networks. The content of the plugin is transferred by the social network directly to your browser, which then integrates it into the Site.

5.3.1 Integration of the plugin causes Facebook, for example, to receive the information that you have loaded the corresponding page of our Site. If you are logged in with Facebook, it will be able to assign your visit to your Facebook account. Please note that an exchange of this information already takes place when you visit our Site, regardless of whether you interact with the plugin or not. If you interact with the plugins, such as by pressing the “Like” button, the corresponding information is sent directly to Facebook by your browser and saved there. You can find information on the purpose and extent of data acquisition as well as how the data is processed further and used by the social networks, together with your rights and optional settings to protect your private sphere, in the data protection notes of the social networks.

5.3.2 If you do not want incorporated social networks to gather data about you via our Site, you must log out on the respective domain of the social network before visiting our Site. If you wish to prevent information being exchanged with the above-mentioned social networks during your visit to our Site, you can opt out of cookies through your browser settings and other tools. For more information, please visit our Cookie Policy.

5.4 Wi-Fi and Location-Based Services. In the course and for the purpose of providing Wi-Fi services at our hotels and other properties, we may collect device identifiers (such as your IP address, or other unique identifier). Based upon your consent, we also may collect information about the physical location on your device through use of the Wi-Fi services or other technologies to provide you with personalized location-based services, such as to customized offers and promotions or to find a hotel near you.

5.5 Do Not Track. Currently, we do not alter our data collection and use practices in response to Do Not Track signals.

6. How Do We Protect Personal Data?

We maintain commercially reasonable security safeguards that are designed to protect the Personal Data we collect against unauthorized use, disclosure, alteration or destruction. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure and we cannot guarantee or warrant that your Personal Data is under absolute security with the existing security technology. Additionally, when requesting information or sending information or forms to us by e-mail, please be advised that e-mail communication to and from our Services are not secure unless clearly noted otherwise. This is a risk inherent in the use of e-mail.

7. Third-Party Websites and Services

7.1 Our Services may contain links to, or have features that are hosted by, other third-party websites or services that are not owned or controlled by us. If you visit a Baha Mar website and decide, for example, to purchase a gift certificate, make an airline reservation, rent a car, submit award request forms or apply for a job online, you may be seamlessly linked to websites maintained by third parties with whom we have contracted to provide those services. If you click on a link found on our websites or on any other website, you should always look at the location bar within your browser to determine whether you have been linked to a different website. This Policy, and our responsibility, is limited to our own information collection practices. We are not responsible for, and cannot always ensure, the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal information directly to such websites. In addition, we cannot ensure the content of the websites maintained by these third parties or our service providers, even if accessible using a link from our websites. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.

7.2 This Privacy Policy only addresses the collection, use, and disclosure of information by us through your interaction with our Services. This Privacy Policy does not address the policies or practices of any third parties or any third-party websites or features that are linked to or available from our Services. If you provide any information to any other third parties, different rules regarding the collection and use of your Personal Data by such third parties may apply. Please contact these entities directly if you have any questions about their privacy practices.

7.3 We also may partner with a limited number of Internet providers to offer Internet access to our guests. Your use of on-property Internet service is subject to the third-party Internet provider’s terms of use and privacy policy, which you can access using the links on the service sign-in page, or by visiting the Internet provider’s website.

8. Cross-Border Data Transfers

8.1 The Personal Data and other information that we collect from you will be transferred to, and stored at, a destination outside the EEA. It also may be processed by staff operating outside the EEA who work for us or other entities acting as data processors processing data on our behalf. This includes staff and providers engaged in, among other things, the fulfillment of your request or order and the provision of support services. More information on to whom your data is disclosed can be found in Section 4.

8.2 To comply with applicable data protection law, we have implemented international data transfer agreements on the basis of EU Standard Contractual Clauses in order to provide appropriate and suitable safeguards for Personal Data transferred to countries outside the EEA where an adequate level of protection is not already guaranteed. A redacted copy (removing commercial terms) can be obtained by contacting us at the contact details provided in Section 14 below.

9. How Long Do We Retain Your Personal Data?

9.1 We retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable law.  Note that we may need to retain certain information for recordkeeping purposes and/or to complete transactions (e.g., when you make a purchase or reservation), and you may not be able to change or delete the Personal Data you provided until after completion of such purchase or reservation.

10. How Can You Manage Your Preferences and Information?

10.1 Commercial E-mails. You may opt-out of receiving commercial e-mails from us by following the instructions contained in any of the commercial e-mails. Unsubscribing from one type of communication may not unsubscribe you from another type. Please note that even if you unsubscribe from commercial e-mail messages, we may still e-mail you non-commercial (transactional) e-mails related to your account and your transactions via the Services.

10.2 Owners (following termination or expiration of our management agreements) and third-party providers may use your Personal Data for marketing purposes. If you wish to opt-out of receiving offers directly Owners and third-party providers, you can follow the instructions in the e-mails that they send you.

10.3 EU Users and Commercial E-mails. If you are a user based in the EU, we only send you commercial e-mails when we have obtained your explicit prior consent, except where we have obtained your e-mail address in the course of a sale or negotiations for a sale of a product or service and where the commercial e-mails are only marketing similar products or services.

10.4 Text Messages and SMS. To opt out of text messages, reply STOP to the message you received or contact the hotel or property front desk to inform them you no longer wish to receive text messages.

10.5 Mobile Apps. You can control whether our Apps send you push notifications by change your notification settings on your mobile device.

10.6 Access and Connections to Social Media. If you registered with the Services through your social media account, or connected, linked, or shared your use of our Services via your social media profile, you can manage the permissions granted to such third-party social media services by accessing your user settings under your account. You also can remove our access to your social media account or otherwise control what information these third-party social media services share with us at any time by accessing the privacy settings in your social media account.

11. What Are Your Rights Regarding Your Data?

Under applicable law and regulations, you may, at any time, exercise certain rights, including the following:

11.1 Access. The right to request access to your Personal Data, which includes the right to obtain confirmation from us as to whether Personal Data concerning you is being processed, and where that is the case, access to the Personal Data and information related to how it is processed.

11.2 Rectify or Erase. The right to rectification or erasure of your Personal Data, which includes the right to have incomplete Personal Data completed.

11.3 Restrict. The right to obtain a restriction of processing concerning your Personal Data, which includes restricting us from continuing to process your Personal Data under certain circumstances (e.g., where you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of the personal data).

11.4 Object. The right to object to the processing of your Personal Data under certain circumstances, including objecting to processing your Personal Data for direct marketing purposes, or objecting to processing your Personal Data when it is done based upon legitimate interests.

11.5 Data Portability. The right to data portability, which includes certain rights to have your Personal Data transmitted from us to you or another controller.

11.6 Consent. Where we process your Personal Data based on your consent, the right to withdraw consent at any time with effect for the future.  Any requests related to the above rights may be made by contacting us as set forth in Section 14.

11.7 Complaint. In some jurisdictions, you may also have the right to lodge a complaint with a supervisory authority.

11.8 Choice. Whether you provide Personal Data is your choice; however, please keep in mind that in many instances certain personal data is necessary for you to participate in a particular activity, for us to provide a certain service or benefit to you, or for you to gain access to certain features, services or content on our Website. If you elect not to provide us with certain personal data, you may not be able to participate in a particular activity, realize a benefit we may offer, or gain access to certain content, functionalities or services.

12. What Information is Collected From Children?

12.1 Should we inadvertently acquire Personal Data or other information from users under the age of 18, we will not knowingly provide this data to any third party for any purpose. If a child does provide us with Personal Data over Services, a parent or guardian of that child may contact us and upon notification, we will delete from our records any information collected from children under the age of 16.

13. What About Privacy Policy Modifications?

13.1 We reserve the right to change this Privacy Policy at any time. Any changes we make will be posted on this page. If we make material changes to how we treat your Personal Data, we will notify you through a notice on the Services home page. The date this Privacy Policy was last revised is identified at the top of the page. It is your responsibility to ensure that we have a deliverable e-mail address for you, and for you to periodically monitor and review any updates to this Privacy Policy. Your continued use of our Services after such amendments will be deemed your acknowledgement of these changes to this Privacy Policy.

14. How to Contact Us:

If you have any questions or comments about our privacy practices or this Privacy Policy, please contact us by email at privacy@bahamar.com or by mail at:

CTF BM Operations Ltd. operating as Baha Mar
One Baha Mar Blvd.
Nassau, The Bahamas
Attn: Legal Department

15. California Privacy Rights (CCPA)

This section only applies to customers who are residents of California under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Laws”).

If you are a California resident, you have specific rights regarding the personal data we collect from you. As provided under California Civil Code Section 1798.83, also known as the “Shine the Light” law, we provide our customers with the ability to “opt out” of having their personal information shared with independent affiliates and non-affiliated third parties for their direct marketing purposes.

15.1 Information we collect

Personal Data

Your name, e-mail address, phone number, physical address (billing and shipping), company affiliation, title, demographic information, location and government-issued identifiers.

Payment information such as your credit card and/or debit card details

Guest stay information including preferences and excursions

Frequent flyer and travel partner program affiliations and member number.

Social media information
Survey and/or contest entry information

Images and visual recordings through the use of closed-circuit television systems

Conversations (audio and text/chat) including records or monitoring of guest calls for quality assurance and training purposes

Other types of information that you voluntarily choose to provide to us.

Sensitive Personal Data

sensitive personal information or “special categories of personal data” which may include religious affiliation, health information or dietary restrictions. For example, wedding services or catered events.

Personal Data from Third Parties

We may collect Personal Data related to you from third parties such as from airlines, payment card providers, travel agencies and online booking services, other affiliates and Baha Mar hotel and properties you have previously visited, public databases, joint marketing partners, third parties who sell products and services under our brands and your social medial sites consistent with your settings on such services.

For additional details concerning types of information collected, please refer to sections 1.1-1.3 of our Privacy Policy.

15.2 California Residents’ Rights.

Under California Laws, California residents can exercise three privacy rights

• Right of Access
• Right of Deletion
• “Do Not Sell My Personal Information

These are described in more detail in Sections 9, 10 and 11 below (collectively, “Rights”). These Rights are not absolute and are subject to certain exceptions. For example, we cannot disclose or permit access to specific pieces of personal information if the disclosure or access would present a certain level of risk to the security of the personal information, your account with us or the security of the business’s systems of networks.

Please note that California residents have a right not to be discriminated against for the exercise of their Rights.

Verification and Record-keeping. If you are a California resident, we will process your request to exercise your Rights in accordance with California Laws. When a request is made, we will first take steps to verify your identity to protect your privacy and security by asking you to provide information that matches information in our customer records. We will also require a declaration, signed under penalty of perjury, that you are the person whose personal information is the subject of the request. Further, if you designate an authorized agent to make a request on your behalf, you will have to submit information confirming such designation.

A record concerning the requests may be maintained pursuant to our legal obligations. Further, we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.

In certain circumstances, we may decline a request to exercise the Right to Know or Right to Delete, particularly where we are unable to verify your identity. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

15.3 Access Requests

You have the right to request that we disclose to you, for the 12-month period preceding the date we receive your request, the following: (1) the categories of Personal Information we have collected about you, (2) the categories of sources from which Personal Information was collected about you, (3) the business or commercial purpose for which your Personal Information was collected or sold, and (4) the categories of third parties to whom we have sold or disclosed your Personal Information. In addition, you have the right to request that we disclose to you the specific pieces of Personal Information we have about you.

15.4 Deletion Requests

California consumers have the right to have their personal information deleted, subject to certain exceptions (for example, to comply with legal obligations, complete transactions or for our certain internal uses). In the course of fulfilling a valid deletion request, we will also endeavor to direct our service providers to delete your personal information from their records.

15.5 “Do Not Sell My Personal Information” Requests

California consumers have the right to opt-out of having their personal information sold. Under the CCPA, the definition of “sale” includes a typical sale (i.e., a transfer of data from a seller to a buyer in exchange for money), but it also includes sharing of personal information with a third party in exchange for anything of value (money or otherwise). Although we do not sell your personal information, we may share personal information of with our Joint Marketing Partners.

California residents can opt out from having personal information “sold” to third parties, subject to the limitations of California Law.

Subject to applicable law, opting out through this mechanism will not prevent your personal information from being shared with third parties for non-marketing purposes (for example, to process one of your transactions). Further, this opt out mechanism will not prevent the transfer of personal information in connection with a merger, acquisition, bankruptcy or other sale of all or a portion of our assets.

15.6 Contact Us

If you are a California resident, and wish to request this information, please email privacy@bahamar.com or call 1-888-228-3421and indicate that you wish to request this information and provide the identifying information requested. All requests are subject to verification of your identity to protect the privacy and security of your Personal Information. We are required to fulfill these requests no more than twice within a 12-month period.