Privacy Policy

1. Introduction

At Limitless Resorts, your privacy matters. This Privacy Policy explains how we collect, use, store, and safeguard your personal data when you visit www.limitless-resorts.com or interact with our services, including property enquiries, investment information, and communications.

We are committed to complying with the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR where applicable, and all other applicable data protection legislation across the jurisdictions in which we operate.

Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood how we handle your personal data.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity Data: name, title, company name.
• Contact Data: email address, phone number, postal address.
• Transaction Data: records of property enquiries, bookings, reservations, or investment interest.
• Financial Data: bank account details and payment information where relevant to transactions. We do not store full card details.
• Technical Data: IP address, browser type and version, device information, time zone, operating system, and cookies.
• Usage Data: information about how you use our website, including pages visited, time spent, referral source, and navigation paths.
• Marketing & Communication Data: your preferences for receiving communications from us, and records of communications sent and received.
• Profile Data: any information you provide about your property preferences, investment interests, or lifestyle requirements.

4. How We Use Your Data

We use your personal data only for the purposes for which it was collected and as set out in this policy:

• To respond to and process property enquiries, booking requests, and investment-related communications.
• To provide information about our properties, services, and investment opportunities.
• To manage our relationship with you, including sending contractual communications and service updates.
• To send newsletters and marketing communications where you have given consent, or where we have a legitimate interest in doing so.
• To improve our website, digital marketing, and customer experience through analytics and performance data.
• To administer and protect our business, including for fraud prevention, security, and legal compliance purposes.
• To comply with legal and regulatory obligations, including tax, accounting, and anti-money laundering requirements.
• To measure the effectiveness of our advertising and marketing campaigns.

5. Legal Basis for Processing

We rely on the following lawful bases under Article 6 GDPR to process your personal data:

• Contractual necessity: to fulfil enquiries, process reservations, and perform any agreement entered into with you.
• Legitimate interests: to improve our services, prevent fraud, protect our legal rights, and conduct direct marketing where appropriate and proportionate. We conduct a balancing test to ensure our interests do not override your rights.
• Consent: for newsletters, non-essential cookies, marketing communications, and any other processing where consent is required. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal obligation: to meet regulatory, tax, accounting, or other legal requirements applicable in the jurisdictions where we operate.

6. Sharing of Personal Data

We do not sell your personal data. We may share your data with the following categories of recipient, strictly on a need-to-know basis and subject to appropriate data protection obligations:

• Service providers: including IT infrastructure, website hosting, CRM platforms (including HubSpot), email marketing, analytics providers (including Google Analytics), and advertising platforms (including Meta).
• Professional advisors: including solicitors, accountants, auditors, and financial advisors.
• Partner sales offices and agents: acting on behalf of Limitless Resorts in the sale or marketing of properties, subject to appropriate agreements.
• Regulatory authorities: where we are legally required to disclose data, including tax authorities, law enforcement, and supervisory authorities.

All third-party processors are required to handle your data in compliance with GDPR and to use it only as instructed by us. We maintain written data processing agreements with all third-party processors as required under Article 28 GDPR.

7. International Transfers

Some of our service providers and platforms operate outside the EU/EEA, including in the United States. Where personal data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V GDPR, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions where the receiving country has been deemed to provide an adequate level of data protection.
• Other lawful transfer mechanisms as appropriate and as advised by legal counsel.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting obligations. Our general retention guidelines are as follows:

When data is no longer required, it is securely deleted or anonymised in accordance with our data disposal procedures.

9. Your Rights Under GDPR

Under GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to limitations in certain circumstances:

• Right of access: you may request a copy of the personal data we hold about you (Subject Access Request).
• Right to rectification: you may ask us to correct inaccurate or incomplete data.
• Right to erasure: you may request deletion of your personal data where there is no lawful reason for us to continue processing it (the 'right to be forgotten').
• Right to restriction: you may ask us to restrict processing of your data in certain circumstances, for example while a complaint is being investigated.
• Right to object: you may object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will always comply.
• Right to data portability: you may request that we provide your personal data in a structured, commonly used, machine-readable format, or that we transfer it directly to another controller.
• Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Right to lodge a complaint: you have the right to lodge a complaint with the relevant supervisory authority if you believe we have not handled your data in accordance with applicable law.

To exercise any of these rights, please contact us at info@limitless-resorts.com. We will respond within 30 days. We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We use the following categories of cookies:

You can manage or withdraw your cookie consent at any time by adjusting your browser settings or using the cookie preferences tool on our website. Please note that disabling certain cookies may affect the functionality of the website.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (SSL/TLS) across all website pages.
• Access controls limiting data access to authorised personnel only.
• Regular review of data processing practices and security measures.
• Secure handling of all third-party data processor relationships.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required under Article 33 and 34 GDPR.

12. AI Tools and Automated Processing

We may use AI-powered tools to support our content production, marketing, and communications. Where such tools process personal data, we ensure that appropriate data processing agreements are in place and that processing is conducted lawfully under this policy.

We do not use solely automated decision-making processes that produce legal or similarly significant effects on individuals without human review, as prohibited under Article 22 GDPR.

13. Marketing Communications

We may send you marketing communications about our properties, services, investment opportunities, and events where:

• You have given us explicit consent to do so; or
• We have a legitimate interest in contacting you based on a prior enquiry or relationship, and you have not opted out.

You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email, or by contacting us at info@limitless-resorts.com. Opting out of marketing will not affect service-related communications.

14. Third-Party Links

Our website may contain links to third-party websites. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of any third-party sites and encourage you to review their privacy policies before providing any personal data.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our data practices, or the services we provide. The current version will always be available at www.limitless-resorts.com/privacy-policy.

Where changes are material, we will take reasonable steps to notify you — for example, by email or a notice on our website. The 'Last Updated' date at the top of this policy will always reflect the most recent revision.

16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us: