Legal

Privacy Policy

Last update: 1 January 2026

Lux Living BV ("Lux Living", "we", "us") respects your privacy and is committed to protecting your personal data. This privacy policy describes how we collect, use, share, and protect personal data, in accordance with the General Data Protection Regulation (GDPR) and Belgian privacy law.

1. Data controller

Lux Living BV
E-mail: info@luxliving.be
Phone: +32 479 36 11 04

For any question about your data, you can contact us at any time via info@luxliving.be.

2. What data do we collect?

We only collect data strictly necessary for the provision of our services:

At booking

• Identification: first name, surname, date of birth (if legally required), address;
• Contact details: e-mail, phone number;
• Reservation: stay dates, number of guests and their names, preferences, dietary requirements, special requests;
• Payment: payment method (credit card details are not stored by us; they are processed exclusively by secure providers);
• Security deposit: a credit card pre-authorisation (handled by an external payment provider).

Statutory registration

Belgian law requires us to register certain data about overnight guests (e.g. identity, date of birth, nationality) and to make it available to the competent authorities upon request.

Communication

• E-mails, form submissions, and messages you send us;
• Any feedback or preferences shared during your stay.

Technical data (website)

• IP address, browser type, operating system;
• Browsing behaviour on the website (see our cookie policy).

3. Why do we process this data?

The legal bases on which we rely are:

• Performance of the contract (Art. 6.1.b GDPR): reservation, payment, communication, customer service, concierge services;
• Legal obligation (Art. 6.1.c GDPR): invoicing, VAT administration, guest registration, tourist tax;
• Legitimate interest (Art. 6.1.f GDPR): improving our website, fraud prevention, security, handling complaints or damage claims;
• Consent (Art. 6.1.a GDPR): newsletter or marketing communication, subject to your explicit opt-in.

4. With whom do we share your data?

We only share your data with parties necessary for the provision of our services, always under appropriate data-processing agreements and security measures:

• Booking platform: Lighthouse (mylighthouse.com) — for the management of reservations and calendar;
• Payment providers: Stripe, Mollie, or similar — for the processing of payments and deposits;
• Accounting and administration: for invoicing and bookkeeping obligations;
• Cleaning and maintenance partners: limited to the necessary check-in/check-out information;
• Hosting of our website: Cloudflare, Netlify, or a similar provider, with servers in the EU/EEA;
• IT suppliers and e-mail provider: for the functioning of our internal tools;
• Legal authorities: if legally required (police, tax administration, municipality).

We never sell your data to third parties and we do not use it for advertising purposes.

5. International transfer

We aim to keep your data within the European Economic Area (EEA). If one of our processors processes data outside the EEA, this is done exclusively with appropriate safeguards (Standard Contractual Clauses of the European Commission or an equivalent mechanism).

6. How long do we keep your data?

• Booking data, contracts and correspondence: 7 years after the stay (accounting and tax obligation);
• Guest registration data: as required by applicable law;
• Marketing lists: until you unsubscribe;
• Cookies: as described in our cookie policy;
• Camera footage (if any, in access areas): maximum 30 days, unless an incident justifies a longer retention;
• Anonymised data for statistical purposes: unlimited.

7. How do we secure your data?

We take appropriate technical and organisational measures to protect your data against loss, unauthorised access, disclosure, or alteration:

• Secure HTTPS connection for the entire website;
• Access control: only authorised staff have access to your data;
• Encryption of sensitive data;
• Periodic backups;
• Data-processing agreements with all external partners.

8. Your rights

Under the GDPR, you have the following rights:

• Right of access: you can request which data we hold about you;
• Right to rectification: you can have inaccurate data corrected;
• Right to erasure: you can request the deletion of your data, subject to statutory retention periods;
• Right to restriction: you can request that processing be limited;
• Right to data portability: you can request your data in a structured, commonly used, machine-readable format;
• Right to object: you can object to certain processing activities, particularly those based on legitimate interest;
• Right to withdraw consent: you can withdraw previously given consent at any time;
• Right not to be subject to automated decision-making: we do not apply automated decision-making with legal effects on you.

To exercise these rights, send an e-mail to info@luxliving.be, attaching proof of identity. We will respond within 30 days.

9. Lodging a complaint

If you believe that we are violating your rights, you may — without prejudice to other remedies — lodge a complaint with the Belgian Data Protection Authority (DPA):

Drukpersstraat 35, 1000 Brussels, Belgium
T: +32 2 274 48 00
E: contact@apd-gba.be
www.dataprotectionauthority.be

10. Changes to this privacy policy

This privacy policy may be updated from time to time. The most recent version is always available on this page, with the date of the last update. We recommend reviewing this policy periodically.

Contact

Questions about this privacy policy or about the processing of your data? Write to info@luxliving.be or call +32 479 36 11 04.