Document 01Privacy Policy.
This document explains how Deluxe VIP Club Sp. z o.o. ("the Club", "we", "our") collects, uses, stores, and protects the personal data of its members and applicants. We process member data with the same level of confidentiality with which we conduct every other club activity — quietly, with deliberate restraint, and only to the extent necessary to provide the services you have asked for.
§ 1 Who is the data controller
The data controller is Deluxe VIP Club Sp. z o.o., a private company registered in Poland (registered office: Warsaw), entered in the National Court Register. You may contact our Data Protection Officer at any time at dpo@deluxevipclub.com or by registered post to the address listed in the footer of our public website.
§ 2 What data we collect
We collect only the data we genuinely need to operate your membership. Where a piece of information is optional, we say so before we ask. We do not buy data from third parties and we do not enrich your record from public databases without your consent.
| Category | Examples |
|---|---|
| Identity | Full name, date of birth, nationality, residential country |
| Contact | Email, mobile number, mailing address |
| Membership | Unique member number, tier, activation date, certificate metadata |
| Preferences | Travel cadence, dietary requirements, dress sizes (only if you provide them), language |
| Booking history | Reservations made through us, points balance, redemption record |
| Technical | Login timestamps, IP address, device fingerprint, encrypted session token |
| Financial | Billing address only — card data is processed by a PCI-DSS-certified provider; we never store full card numbers on our servers |
§ 3 Why we process your data
- Performance of contract. To deliver the membership services you have signed up for — reservations, concierge, communications, certificate generation.
- Legal obligation. Tax records, anti-money-laundering checks, accounting requirements imposed on us by Polish and EU law.
- Legitimate interest. Fraud prevention, security monitoring, internal analytics aggregated and stripped of personal identifiers, and the day-to-day administration of the club.
- Consent. Optional marketing communications, exclusive event invitations beyond the calendar of your tier, and any voluntary preference profile you build inside the panel. You may withdraw consent at any time.
§ 4 How long we keep it
Active member data is retained for the duration of your membership. After cancellation, we keep an anonymised audit trail (no name, no contact details — only the unique member number and aggregate booking statistics) for as long as required by Polish accounting law. Identifiable data is deleted no later than 24 months after termination unless a longer retention period is mandated by law or by an open dispute.
§ 5 Where your data lives
All personal data is stored in ISO 27001-certified data centres located within the European Union (primary: Frankfurt; backup: Warsaw). Data does not leave the EU unless you specifically request a service that requires it — for example, when reserving a hotel in Tokyo, we transmit only the data the hotel needs, under a written data-processing agreement.
§ 6 Encryption and security
Member documents, including your certificate of membership, are encrypted at rest using AES-256-GCM — the same standard used by banks and government institutions. Data in transit is protected by TLS 1.3. Our infrastructure is audited annually by an independent Big Four firm.
Two-factor authentication is enforced on every panel sign-in. We will never ask you for your password by phone, by email or in person. If anyone claiming to represent the Club does, please report it to security@deluxevipclub.com.
§ 7 Who we share data with
We share the minimum amount of data necessary to deliver a service, only when you have requested that service. Categories of recipients include:
- Our partner venues, hoteliers, charter operators, restaurants, and event organisers — only when fulfilling your reservation
- Payment service providers (Stripe, Adyen) — for payment processing
- Cloud infrastructure providers operating in the EU — under written data-processing agreements
- Tax authorities and law enforcement — only when legally compelled
We do not sell or rent member data, ever. We do not share it with advertisers, data brokers, or marketing networks.
§ 8 Your rights
Under the EU General Data Protection Regulation (GDPR) and Polish law, you have the right to:
- Access the data we hold about you and receive a copy in a portable format
- Correct any inaccurate or incomplete data
- Erase your data, subject to retention obligations imposed on us by law
- Restrict or object to certain types of processing
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with the Polish Data Protection Authority (Urząd Ochrony Danych Osobowych)
To exercise any of these rights, write to dpo@deluxevipclub.com. We respond within thirty (30) calendar days.
§ 9 Cookies and analytics
The public website (deluxevipclub.com) uses only strictly necessary cookies for sign-in and session management. We do not deploy advertising trackers, social-media pixels, or behavioural-profiling scripts. Aggregate, fully anonymised performance metrics are collected through self-hosted analytics that never leave our infrastructure.
§ 10 Changes to this policy
We may revise this policy from time to time. Material changes are communicated to active members in writing at least thirty (30) days before they take effect, by email and inside the member panel. The version number and effective date in the header of this document always reflect the current revision.
Warsaw, Poland · NIP: 000-000-00-00 · KRS: 0000000000
dpo@deluxevipclub.com · Member panel
© 2027 Deluxe VIP Club. This document is a binding part of your membership agreement.