Privacy Policy | Grand Oaks Hotel
alt=""
BOOK NOW

Privacy Policy

Who we are

Grand Oaks Hotel
2315 Green Mountain Dr
Branson, MO 65616

website address is: https://grandoakshotel.net.

Scope &Effective Date:

This Privacy Policy describes how Grand Oaks Hotel (“we,” “us,” or “our”) collects, uses, and shares information when you visit https://grandoakshotel.net or interact with any site we operate (collectively, the “Services”).

Information We Collect

Identifiers:

Directly Entered Personal Identifiers:

  • Full name
  • Email Address
  • Phone Number
  • Mailing Address

Technical & Device Identifiers:

  • IP address (captured server-side on submission)
  • User-Agent String (browser + OS + device info)
  • Viewport size

Tracking & Marketing Identifiers

  • Session ID
  • First & Third Party Cookie Values (Analytics)
  • Ad Network identifiers
  • Referral URL

Location & Session Metadata

  • Geolocation coordinates (if you consented to HTML5 Geo-API)
  • Time stamps (when the form was loaded, interacted with, and submitted)
  • Time on form (helps detect spam/bots)
  • Referring page and click-path tracking

Internet Activity:

Page Views, Clicks, Referring URL, IP Address, Device/Browser from sources: Automated via GA4, Meta Pixel, Google Ads

Inferences for Advertising:

Ad interest segments (e.g., marketing-services-seekers) from sources: Generated by Google Ad platform

How We Use Data

We use information to:

  • Provide & respond — reply to your inquiries, schedule calls, and send requested content.

  • Improve & secure — debug, measure engagement, run A/B tests, and protect against fraud.

  • Market (with consent/opt-out) — build look-alike audiences, retarget visitors, and email you Oddball-quality content (puns included).

  • Comply — meet legal obligations, exercise our rights, or defend against claims.

Purpose And Legal Basis

We collect your personal data only for the purposes listed in this policy. For individuals in the EEA, we process personal data under the following lawful bases:

  • Contract Performance (Art. 6(1)(b)): To provide our services;

  • Consent (Art. 6(1)(a)): Where you have explicitly consented;

  • Legitimate Interests (Art. 6(1)(f)): For analytics and service improvement, with your rights protected

Google Ads Call Recordings

Call Recording & Quality Review When you contact us through a phone number associated with our Google Ads campaigns, your call may be recorded. These recordings are used solely for quality assurance, training, and performance analysis. We review call recordings to:

  • Confirm that callers are receiving accurate, helpful, and relevant information

  • Better understand the nature of inquiries generated through our advertising

  • Improve our customer service and advertising effectiveness

  • Ensure our team is responding appropriately and professionally

Call recordings are not used for marketing, are not shared with third parties except service providers who assist in processing the recordings, and are retained only as long as necessary for the purposes listed above.

By calling a number connected to our Google Ads campaigns, you acknowledge and consent to this limited use of call recordings.

How We Share Data

We never sell personal data. We may disclose it to:

Hosting & Infrastructure: Host With Love (website/server)

Advertising & Analytics: Google (GA4, Ads)

Third-PartyData Sharing

We may share your personal information with the following categories of recipients:

  • Service Providers: Payment processors, email marketing, analytics;

  • Advertising Partners: Ad networks, social media platforms;

  • Professional Advisors: Legal, accounting, auditors;

  • Affiliates: Our parent or subsidiary companies;

  • Government Agencies and Law Enforcement: Where required by law.

  • Targeted Advertising and Analytics: We share your browsing history and online identifiers with ad networks and analytics providers for cross-context behavioral advertising. To opt out of this sharing, please contact Grand Oaks Hotel to request us not to sell or share your data.

Cookies & Tracking Technologies

We use first- and third-party cookies, pixels, and similar technologies for analytics and advertising.


You can:

  1.  **Send a browser-based opt-out signal such as **Global Privacy Control (“GPC”). We honor it for all U.S. visitors, as required by the Texas Data Privacy and Security Act. bendelelegal.com

Data Retention

Contact form submissions & CRM Records: We will retain until you unsubscribe or request deletion in writing to Grand Oaks Hotel; Grand Oaks Hotel reviews the list and decides to keep or delete data based on relevance

GA4 Event Level Logs: 14 months (Googles longest option for standard GA4)

MissouriData Retention

For Missouri residents, we retain personal information only as long as necessary to fulfill the purpose for which it was collected, or as required by law. We maintain records of any risk assessments sustaining that no harm would likely result from any breach, consistent with Mo. Rev. Stat. §407.1500(5).

Security

We employ a comprehensive security program designed to protect your personal information against unauthorized access, disclosure, or modification, including:

  • Administrative Safeguards: Annual security training for staff, data minimization reviews;

  • Physical Safeguards: Access-controlled facilities, secured backup storage;

  • Technical Safeguards: AES-256 encryption at rest, TLS 1.2+ encryption in transit, role-based access controls, two-factor authentication, and regular vulnerability scanning and penetration testing.

We secure data with:

  • TLS/SSL encryption in transit (look for the lock icon in your browser). cloudflare.com

  • Encrypted daily backups & access logging on our servers.

  • Multi-Factor Authentication (MFA) for all admin and cloud accounts.

  • Quarterly vulnerability scans and annual vendor & contact reviews.

Missouri BreachNotification

In compliance with Mo. Rev. Stat. §407.1500, if we discover or are notified of a breach resulting in unauthorized access to personal information of Missouri residents, we will:

  • Notify affected individuals ‘without unreasonable delay’ and in no event later than sixty (60) days after discovering the breach, unless law enforcement requests a delay in writing;

    • The notification will include at minimum:

      • A general description of the breach incident;

      • The categories of personal information involved (e.g., name combined with Social Security number, driver’s license number, financial account information);

      • A toll-free number or email address for affected individuals to obtain further information;

      • Contact information for the three nationwide consumer reporting agencies;

      • Guidance to monitor credit reports and account statements for fraudulent activity

  • Provide notification by written notice, electronic notice, or substitute notice consistent with statutory requirements; and

  • If more than 1,000 Missouri residents are affected, also notify consumer reporting agencies that maintain nationwide files.

Cookie Notice

We use cookies to
(a) remember your preferences
(b) count visitors
(c) show ads for our creatively un-boring marketing services.