BethsAida
Skip to content
Privacy Notice
Legal

Privacy Notice

What we collect, why we collect it, who helps us process it, how long we keep it, and the rights you have over it.

Last updated · 26 June 2026

01Who is responsible for your data

The controller of your personal data is BethsAida Boutique Hotel & Conference Center, at #1 Sister Patientia Houtman Rd., Simpson Bay, Sint Maarten.

For any privacy question, request or complaint, contact our privacy lead at privacy@bethsaidasxm.com or by post at the address above.

02What we collect, and why

When you make a reservation

Name, email, phone, postal address, country of residence, date of birth (where required for ID), arrival and departure dates, room and rate preferences, special requests, booking channel and confirmation number. We do not collect or store any payment card details when you book online — a reservation is held without payment, and you pay in full at the front desk on check-in (or check-out) by card on the property's WIB (Windward Islands Bank) terminal or by cash. We need this booking information to form and perform the reservation contract and to meet legal obligations (tax, hospitality registration).

When you check in

A copy or scan of a government-issued photo ID, as required by Sint Maarten hospitality law, and a payment card for incidentals. ID copies are retained only for as long as the law requires and then securely destroyed.

When you browse the site

Pages viewed and referring site, logged by our own first-party analytics against a random anonymous session identifier ("ba_session") held in your browser's sessionStorage. We do not use Google Analytics or any third-party analytics service, and we do not build a profile from your IP address. See our Cookie Policy for the full list of storage we use.

When you contact us

The content of your messages, the channel you used (email, phone, WhatsApp, contact form), and the metadata that channel provides. We may record voice calls for training and quality — you will be told at the start of a call when this happens.

When you use the AI concierge

The questions and information you submit, and the responses generated. Conversations are processed by our AI provider under contractual terms that forbid training their general models on your inputs. We may review transcripts to monitor quality and prevent abuse.

When you subscribe to marketing

Email address and your consent to receive seasonal offers and journal updates. You can unsubscribe at any time using the link in every message.

On site (CCTV)

Closed-circuit imagery of common and exterior areas for security and safety. Footage is retained for a short period (approximately 30 days) and then overwritten, unless required for an active incident.

03Why we are allowed to use it
  • Performance of a contract — to take, manage and deliver your reservation.
  • Legal obligation — for tax, accounting, guest registration and other regulatory duties.
  • Legitimate interests — to secure our site and premises, prevent fraud and abuse, improve our services, and respond to enquiries.
  • Consent — for marketing email, non-essential cookies and any sensitive special requests you choose to share. You may withdraw consent at any time.
04Who we share it with

We share personal data with carefully chosen processors who act on our written instructions and only for the purposes set out here:

  • Cloudbeds — our property management system and direct-booking engine (reservations, room inventory, guest profiles).
  • Payment — we use no online payment processor. Payment is taken in person at the front desk on the property's WIB (Windward Islands Bank) card terminal, or in cash. No card details are collected, processed or stored online by us or by any third party on this site.
  • Lovable Cloud (Supabase) — hosting of our application database, authentication for staff, and storage of CRM, leads and concierge transcripts.
  • Lovable AI Gateway (which routes to a Google Gemini model) — for the AI concierge. The provider operates under contractual data processing terms. We do not route concierge chat to any other model provider.
  • Email delivery provider — if and when we send email (such as a booking confirmation or, with your consent, marketing), an email delivery provider may process your address to send the message.
  • First-party page-view analytics — basic traffic measurement is logged to our own Supabase / Lovable Cloud backend against an anonymous session identifier. We do not use a third-party analytics provider.
  • AeroDataBox (via RapidAPI) — supplies the public flight-arrivals board shown on the site. No personal data is sent to it.
  • OpenStreetMap (via Leaflet map tiles) and Google Fonts — serve map tiles and webfonts to your browser when a page loads.
  • Cloudflare — hosting and content delivery (CDN) for the site.
  • Online travel agencies (such as Booking.com, Expedia, Hotels.com or Airbnb) — if you book through a travel site, it shares that booking with us. We do not currently run live channel-manager distribution to these sites.
  • Public authorities — where the law requires it (tax filings, police requests under proper legal process).

To protect the concierge and booking endpoints from abuse, we apply a per-IP rate limit. Your IP address is used transiently for this purpose and is not used to build a profile of you.

Several of these processors are based in the United States or the European Union. Where data leaves Sint Maarten we rely on appropriate safeguards and contractual protections with each processor. International transfers are reviewed under Sint Maarten law.

We do not sell personal data. We do not share it for cross-context behavioural advertising.

05How long we keep it
  • Reservation and billing records: 7 years from the end of the stay (tax / accounting law).
  • Guest registration ID copies: kept for the period required by Sint Maarten hospitality and tax law, then securely destroyed.
  • Marketing subscriptions: until you unsubscribe.
  • AI concierge transcripts: 90 days for quality / abuse review, then deleted or anonymised.
  • CCTV footage: approximately 30 days.
  • Web analytics: 14 months in aggregated form; raw event logs trimmed to 90 days.
06Your rights

You can ask us to:

  • confirm what personal data we hold about you, and give you a copy;
  • correct data that is inaccurate or out of date;
  • delete data we no longer need to keep — subject to legal retention obligations (tax records, for example);
  • restrict or object to certain uses;
  • port the data you gave us to another provider, where technically feasible;
  • withdraw a consent you previously gave.

Send requests to privacy@bethsaidasxm.com. We will respond within 30 days. If you believe we have not handled your data properly, you can lodge a complaint with the supervisory authority for personal data protection in Sint Maarten.

07How we protect it

We use TLS encryption in transit, encrypted storage at rest, role-based access controls for staff, audit logging on administrative actions, and routine vulnerability scanning. No system is perfectly secure; if we become aware of a breach likely to result in risk to your rights we will notify the supervisory authority and, where required, the people affected.

08Children

This website is not directed at children under 16, and we do not knowingly collect personal data from them other than as part of a parent or guardian's reservation.

09Changes to this notice

We may update this notice from time to time. Material changes will be flagged on the site and, where appropriate, sent by email to newsletter subscribers and active guests.

Related documents