Privacy Policy

1. Introduction

Epix Cruise and Travel ("Epix Cruise and Travel," "we," "us," or "our") is an independent travel agency located in San Diego County, California. We are committed to protecting the privacy and personal information of our clients, prospective clients, and website visitors. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with the Services we provide.

For purposes of this Privacy Policy, "Services" means all travel booking, cruise reservation, land tour, vacation package, group travel coordination, destination consultation, and related travel planning services, as well as all channels through which those services are delivered or through which you communicate with us — including our website (http://www.epixcruiseandtravel.com), in-person meetings, telephone, email, videoconference, fax, and SMS/text message. This definition is consistent with the term "Services" as used in our Terms of Service.

By accessing or using any of our Services — including visiting our website, contacting us by telephone, email, fax, videoconference, SMS/text, or in person, or engaging us to book or plan travel — you acknowledge that you have read, understood, and agree to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please refrain from using our Services.

This Privacy Policy is incorporated into and should be read alongside our Terms of Service. Defined terms used but not defined herein have the meanings given to them in our Terms of Service.

Note Regarding Our Host Agency: Epix Cruise and Travel operates as an independent travel agency affiliated with Outside Agents, a host agency based in Jacksonville, Florida, for administrative and licensing purposes only. Outside Agents is not responsible for the data collection, use, or privacy practices of Epix Cruise and Travel. Questions or concerns regarding our privacy practices should be directed to Epix Cruise and Travel only. Outside Agents should not be contacted regarding any privacy matters related to Epix Cruise and Travel or its clients.

2. Information We Collect

We collect both personal information and business information in the course of providing our Services, processing travel bookings, and communicating with clients. This includes information provided by individual travelers as well as information provided by or on behalf of businesses, corporations, organizations, and other entities that engage our Services. The categories of information we collect are described below.

2.1 Personal Information You Provide to Us

You may provide us with personal information directly when you request a quote, engage our services, make a booking, communicate with us, or otherwise interact with Epix Cruise and Travel through any channel. This information may include:

  • Identity Information: Full legal name, date of birth, and gender (where required by travel suppliers for booking and ticketing purposes).

  • Contact Information: Email address, telephone number(s), mailing address, and any other contact details you provide.

  • Government Identification and Travel Documents: Passport number, passport expiration date, country of issuance, and other government-issued identification information required by travel suppliers, cruise lines, airlines, or government authorities to complete international and domestic travel bookings.

  • Payment Information: Credit and debit card numbers, billing address, and related financial information necessary to process payments for travel services. Payment data is processed through secure, third-party payment processors. Epix Cruise and Travel does not retain full payment card details beyond what is strictly necessary to complete a transaction and does not store payment card numbers on its own systems.

  • Travel Preferences and Special Requests: Seating preferences, cabin preferences, dietary restrictions or food allergies, accessibility or mobility needs, special occasion requests, and other travel-related preferences you share with us.

  • Emergency Contact Information: Names and contact details of individuals you designate as emergency contacts.

  • Group Travel Information: For group bookings, names, contact information, and travel document details for all members of the traveling party, provided by the group organizer or individual travelers.

  • Communications: The content of any communications you send to us — including emails, voicemails, text/SMS messages, faxes, and notes from in-person or telephone consultations — along with the date, time, and channel of communication.

2.2 Business Information You Provide to Us

When a business, corporation, organization, or other entity engages our Services — whether for corporate travel management, group bookings, employee travel programs, or business travel coordination — we collect business information provided by authorized representatives of that entity. This information may include:

  • Business Identification Information: Legal business name, trade name or DBA (doing business as), business type, and state or country of incorporation or registration.

  • Business Contact Information: Business email address(es), business telephone number(s), business mailing address, business website, and the name(s) and title(s) of authorized representatives, travel coordinators, account managers, or points of contact.

  • Billing and Financial Information: Business billing address, corporate credit card or payment account information (processed through secure third-party payment processors), purchase order numbers, cost center codes, department codes, and any other internal billing or accounting references required to process invoices or payments on behalf of the business.

  • Tax and Legal Information: Tax identification number (EIN or equivalent) where required for invoicing, and any other information necessary to satisfy applicable legal or regulatory requirements.

  • Corporate Travel Policy Information: Preferred airlines, cruise lines, hotel brands, or other supplier preferences; cabin class or service level preferences; spending limits or budget parameters; approval workflows or authorization requirements; and any other travel policy guidelines provided by the business client to facilitate compliant travel bookings.

  • Employee and Traveler Profile Information: Names, dates of birth, passport or government-issued identification details, contact information, travel preferences, and special accommodation needs for individual employees or travelers whose travel arrangements are managed through a business account. This information is collected and used solely for the purpose of completing travel bookings on behalf of those individuals.

  • Account and Communication Records: Records of communications between Epix Cruise and Travel and authorized business representatives, including emails, telephone records, meeting notes, and correspondence by any channel, as well as a history of bookings, quotes, and travel arrangements made under the business account.

Epix Cruise and Travel collects business information only as necessary to provide the Services requested by the business client and to maintain an accurate and effective business relationship. Business information is not used for purposes beyond those described in this Privacy Policy without the consent of an authorized representative of the business.

2.3 Information Collected Automatically (Website)

When you visit our website at [WEBSITE URL], certain information is collected automatically through standard web technologies, including:

  • Device and Technical Information: IP address, browser type and version, device type, operating system, and screen resolution.

  • Usage Information: Pages visited, links clicked, time spent on pages, and the URL of the page that referred you to our website.

  • Cookies and Similar Technologies: Data collected through cookies and similar tracking technologies, as further described in Section 5 of this Privacy Policy.

  • Analytics Data: Aggregated and anonymized usage statistics collected through web analytics tools such as Google Analytics or similar services, used to understand how visitors interact with our website.

2.4 Information Received from Third Parties

We may also receive personal and business information from third parties in certain circumstances, including:

  • Travel Supplier Confirmations: Booking confirmation numbers, reservation details, and related travel data received from cruise lines, airlines, hotels, tour operators, and other travel suppliers with whom we place bookings on your behalf.

  • Group Organizers: For group travel bookings, a group organizer may provide us with personal information about individual travelers in the group, including names, contact information, and travel document details.

  • Referrals: Basic contact information provided by a person who refers you to our Services.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Processing and Managing Travel Bookings: To book and manage travel reservations, including cruise reservations, flights, hotel accommodations, land tours, vacation packages, group travel, and all other travel services requested by you.

  • Client Communications: To communicate with you regarding your bookings, itineraries, travel updates, schedule changes, cancellations, and other matters directly related to your travel.

  • Quotes, Consultations, and Inquiries: To respond to your requests for price quotes, travel recommendations, destination information, or general consultations.

  • Sharing with Travel Suppliers: To transmit necessary personal information to travel suppliers — including cruise lines, airlines, hotels, tour operators, travel insurance providers, and visa or government authorities — in order to complete bookings and fulfill your travel arrangements. Each travel supplier maintains its own privacy policy governing its use of your information.

  • Payment Processing: To process payments for travel services, including transmitting payment information to secure third-party payment processors.

  • Marketing Communications: To send you promotional communications about travel deals, special offers, new destinations, and services offered by Epix Cruise and Travel, where you have not opted out of such communications. See Section 12 for information on opting out.

  • Legal and Regulatory Compliance: To comply with applicable laws and regulations, including tax recordkeeping requirements, government-mandated travel data reporting, and obligations under California law.

  • Business Records and Service Improvement: To maintain accurate business records, evaluate and improve the quality of our Services, and train our staff.

  • Disputes, Complaints, and Legal Claims: To investigate and respond to client complaints or disputes, and to establish, exercise, or defend legal claims.

  • Identity Verification and Fraud Prevention: To verify your identity when required and to detect, prevent, and address fraudulent activity or other illegal conduct.

4. How We Share Your Information

We do not sell your personal information. We share personal information only in the circumstances described in this section.

4.1 Travel Suppliers

In order to book and fulfill your travel arrangements, we necessarily share personal information — including names, dates of birth, passport and government identification details, payment information, and special needs or dietary information — with the travel suppliers required to complete your booking. These suppliers include, but are not limited to, cruise lines, airlines, hotels, resort properties, tour operators, ground transportation providers, travel insurance companies, and applicable government or immigration authorities. Each travel supplier is responsible for its own use of your personal information and operates under its own privacy policy. We encourage you to review the privacy policies of any travel supplier with whom we book on your behalf.

4.2 Host Agency

Epix Cruise and Travel operates as an independent agency affiliated with Outside Agents as its host agency for licensing and administrative compliance purposes. Limited administrative information — such as booking volumes, agency identifiers, and agent credentials — may be shared with Outside Agents solely for the purposes of maintaining host agency compliance and licensing. Outside Agents does not use client personal data for its own marketing or for any purposes unrelated to host agency administration. Outside Agents is not a party to the booking relationship between Epix Cruise and Travel and its clients and is not responsible for the privacy practices of Epix Cruise and Travel.

4.3 Third-Party Service Providers

We may share personal information with third-party service providers who perform services on our behalf, such as website hosting, payment processing, email marketing platforms, customer relationship management (CRM) software, and data storage. These service providers are authorized to use your personal information only as necessary to provide services to Epix Cruise and Travel and are required to maintain appropriate confidentiality and security obligations.

4.4 Legal Requirements and Protection of Rights

We may disclose personal information when we believe in good faith that such disclosure is required or permitted by law, including in response to a subpoena, court order, legal process, or government request. We may also disclose personal information when we believe disclosure is necessary to protect the rights, property, or safety of Epix Cruise and Travel, our clients, or the public.

4.5 Business Transfers

In the event that Epix Cruise and Travel undergoes a merger, acquisition, sale of assets, or other business transfer, client personal information held by us may be transferred to the successor entity as part of that transaction. We will make reasonable efforts to notify affected clients of any such transfer and of any material changes to privacy practices that may result.

4.6 No Sale of Personal Information

We do not sell, rent, lease, or trade your personal information to third parties for their own independent marketing or commercial purposes. This practice applies to all clients regardless of California residency status.

5. Cookies and Tracking Technologies

Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites function correctly, to improve efficiency, and to provide information to website owners. Our website may use cookies and similar tracking technologies as described below.

Types of Cookies We Use:

  • Essential / Functional Cookies: These cookies are necessary for the website to function properly. They enable basic features such as page navigation and access to secure areas of the website. The website cannot function correctly without these cookies.

  • Analytics Cookies: These cookies allow us to collect information about how visitors use our website — for example, which pages are visited most often and whether visitors receive error messages. We use this information to improve our website. Analytics data is collected and processed through tools such as Google Analytics or similar services and is generally aggregated and anonymized.

  • Marketing and Advertising Cookies: These cookies may be used to deliver relevant promotional content to you, either on our website or on third-party platforms. These cookies track your browsing activity across websites. We will seek your consent before placing non-essential cookies where required by applicable law.

Managing Cookies: You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, please note that disabling certain cookies may affect the functionality of our website and may prevent you from accessing certain features or services. Instructions for managing cookies are typically found in the "Help," "Settings," or "Preferences" menus of your browser.

Third-Party Analytics: Our website may use Google Analytics, a web analytics service operated by Google LLC. Google Analytics uses cookies to help us analyze how visitors use our website. Information generated by the Google Analytics cookie about your use of our website (including your IP address) may be transmitted to and stored by Google on servers in the United States. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on available at [https://tools.google.com/dlpage/gaoptout].

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, to provide our Services, and to comply with applicable legal, accounting, and regulatory obligations.

Travel booking records — including names, travel document details, itinerary information, and payment records — are generally retained for [X] years following the completion of travel, in accordance with applicable tax, legal, and business recordkeeping requirements.

Marketing communication preferences and related contact information are retained until you opt out of marketing communications or request deletion, whichever occurs first, subject to any applicable retention obligations.

When personal information is no longer required for the purposes for which it was collected and no legal obligation requires its continued retention, we will securely delete or anonymize that information.

California residents may request deletion of their personal information subject to the limitations and exceptions described in Section 8 of this Privacy Policy, including any legally mandated retention periods.

7. Data Security

We take the security of your personal information seriously. We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, encrypted communications for sensitive data transmissions, secure storage practices, access controls limiting personal data access to authorized personnel, and training staff on data privacy and security obligations.

However, no method of electronic transmission or data storage is completely secure. We cannot guarantee absolute security of your personal information, and you transmit personal information to us at your own risk. We encourage you to exercise caution when transmitting sensitive information and to use secure, up-to-date internet connections when doing so.

Clients are responsible for maintaining the confidentiality and security of any login credentials, account passwords, or access information associated with any accounts they maintain with us or with third-party platforms we recommend.

In the event of a data breach that affects the personal information of California residents, we will notify affected individuals as required by the California Data Breach Notification Law (California Civil Code § 1798.29 and § 1798.82) and any other applicable law. Notification will be provided in the manner and within the timeframes required by law.

8. California Privacy Rights (CCPA / CPRA)

As a business located in California, Epix Cruise and Travel is subject to the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act of 2020 ("CPRA"). This section describes the rights of California residents and how to exercise those rights. These rights apply to California residents only.

8.1 Rights of California Residents

California residents have the following rights with respect to their personal information:

  • Right to Know: You have the right to request that we disclose: (a) the categories of personal information we have collected about you; (b) the categories of sources from which we collected your personal information; (c) the business or commercial purposes for which we collected your personal information; (d) the categories of third parties with whom we share your personal information; and (e) the specific pieces of personal information we have collected about you.

  • Right to Delete: You have the right to request that we delete personal information we have collected from you. This right is subject to certain exceptions, including where we must retain information to complete a transaction you have requested, to detect and protect against security incidents, to comply with a legal obligation, or for other purposes permitted by law.

  • Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the information and the purposes for which it is processed.

  • Right to Opt-Out of Sale or Sharing: We do not sell your personal information. To the extent that any sharing of your personal information for cross-context behavioral advertising purposes is deemed "sharing" under the CPRA, you have the right to direct us to stop such sharing. You may submit such a request using the contact information in Section 14 of this Privacy Policy.

  • Right to Limit Use of Sensitive Personal Information: California residents have the right to request that we limit our use and disclosure of sensitive personal information — including passport and government identification numbers, financial account information, and health-related or dietary information collected to fulfill accessibility or accommodation requests — to only those purposes necessary to perform the Services you have requested or as otherwise permitted by the CPRA.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under the CCPA/CPRA. We will not deny you Services, charge you a different price or rate, provide you with a different level or quality of Services, or retaliate against you in any way because you exercised your privacy rights.

8.2 How to Submit a Privacy Rights Request

To exercise any of the rights described in Section 8.1, you may submit a verifiable consumer request by any of the following methods:

  • Email: [EMAIL ADDRESS]

  • Telephone: [PHONE NUMBER]

  • Website Contact Form: [WEBSITE CONTACT FORM URL]

We will respond to a verifiable consumer request within forty-five (45) calendar days of receipt. If we require additional time, we will notify you in writing within the initial 45-day period and may extend our response by an additional forty-five (45) days, for a maximum total response period of ninety (90) days, as permitted under the CCPA/CPRA.

We may need to verify your identity before fulfilling a privacy rights request. Verification may include matching information you provide with information we already maintain about you. We will not fulfill a request we cannot reasonably verify. Verification requirements will be proportional to the sensitivity of the personal information and the type of request made.

You may make a verifiable consumer request for the Right to Know or Right to Delete up to two (2) times in a twelve (12)-month period, free of charge, unless requests are manifestly unfounded or excessive.

8.3 Authorized Agents

A California resident may designate an authorized agent to submit a privacy rights request on their behalf. To use an authorized agent, you must provide the authorized agent with written permission signed by you, and we may require you to verify your identity directly with us in connection with the request, even when an authorized agent is acting on your behalf. We reserve the right to deny a request from an authorized agent who does not provide sufficient proof of authorization.

8.4 Categories of Personal Information Collected (CCPA Categories)

In accordance with the CCPA/CPRA, the following is a summary of the categories of personal information we have collected about California residents in the preceding twelve (12) months, the purposes for which each category is used, and whether each category is shared with third parties:

  • Identifiers: Names, email addresses, telephone numbers, mailing addresses, IP addresses, and passport or government identification numbers. Collected to provide Services, communicate with clients, verify identity, and comply with legal obligations. Shared with travel suppliers, payment processors, and government authorities as required.

  • Personal Information Categories (California Civil Code § 1798.80): Financial data including credit and debit card information, billing address, and banking information. Travel preferences and special accommodation requests. Collected to process payments and fulfill bookings. Shared with payment processors and travel suppliers.

  • Protected Classification Characteristics: Date of birth and gender, collected solely for booking purposes as required by travel suppliers and government authorities for identification and ticketing. We do not use this information for any other purpose.

  • Commercial Information: Travel booking history, services purchased, quotes requested, and transaction records. Collected to manage bookings, maintain business records, and improve Services. Not shared with unaffiliated third parties for marketing purposes.

  • Internet or Other Electronic Activity: Website browsing history on our website, including pages viewed, click patterns, and time spent on the site. Collected through cookies and analytics tools. May be shared with analytics service providers such as Google Analytics.

  • Geolocation Data: Destination preferences and approximate geographic information derived from bookings or inquiries. We do not collect precise real-time geolocation data from your device. Shared with travel suppliers only as relevant to fulfill bookings.

  • Sensitive Personal Information: Passport and government-issued identification numbers, financial account information (e.g., credit card numbers), and health-related or dietary information collected to fulfill accessibility and accommodation requests. Collected only as necessary to provide Services. Shared with travel suppliers and government authorities only as required to complete bookings.

9. Children's Privacy

Our Services are intended for use by adults and are not directed to children under the age of eighteen (18). We do not knowingly collect personal information directly from children under the age of 18 without first obtaining verifiable parental or legal guardian consent, consistent with the requirements of the Children's Online Privacy Protection Act ("COPPA") and applicable California law.

For family travel bookings involving minor children, parents or legal guardians are responsible for providing any personal information relating to their minor children that is required to complete a booking. By providing information about a minor child, the parent or guardian represents that they have the legal authority to provide such information on behalf of the child.

If we become aware that we have collected personal information from a child under 18 without verifiable parental consent, we will take prompt steps to delete that information from our records. If you believe we may have inadvertently collected personal information from a child under 18, please contact us immediately using the contact information in Section 14 of this Privacy Policy.

10. Third-Party Links

Our website may contain links to third-party websites, including websites operated by cruise lines, airlines, hotels, tour operators, travel insurance providers, and other travel-related businesses. These links are provided for your convenience and informational purposes only. Epix Cruise and Travel does not control, operate, or endorse any third-party websites and is not responsible for the privacy practices, security measures, or content of those websites.

This Privacy Policy applies solely to personal information collected by Epix Cruise and Travel. When you navigate to a third-party website — whether through a link on our website or through other means — you do so at your own risk and are subject to that third party's terms and privacy policies. We strongly encourage you to review the privacy policy of any third-party website you visit before providing any personal information.

11. International Travel Data

When booking international travel, certain personal information — including, without limitation, passport details, full legal name, date of birth, nationality, and other travel document information — may be required to be transmitted to foreign governments, immigration and customs authorities, embassies, consulates, or other governmental agencies as a legal requirement of entry into or transit through foreign countries, or as required by applicable travel supplier regulations or government-mandated advance passenger information systems (such as the United States Customs and Border Protection (CBP) or equivalent foreign authorities).

By engaging Epix Cruise and Travel to book international travel on your behalf, you acknowledge and consent to such disclosures of personal information to foreign governments or authorities as are necessary and required to facilitate your travel. We have no control over the data practices, retention policies, or privacy protections of foreign governments or immigration authorities, and we are not responsible for the use of your personal information by such entities.

Clients booking international travel are encouraged to review the entry requirements and data privacy practices of their destination country prior to travel.

12. Marketing Communications

With your implicit or explicit consent, Epix Cruise and Travel may contact you from time to time with promotional communications, including travel deals, limited-time offers, new destinations, cruise promotions, vacation packages, and updates about our Services. These communications may be delivered by email, SMS/text message, postal mail, or telephone, depending on the contact preferences you have provided.

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the "unsubscribe" or "opt-out" link included in any marketing email we send you;

  • Replying "STOP" to any marketing SMS/text message we send you;

  • Contacting us directly using the contact information in Section 14 of this Privacy Policy and requesting removal from our marketing list.

Please allow a reasonable period of up to ten (10) business days for your opt-out request to be processed. Please note that opting out of marketing communications will not affect transactional or service-related communications — such as booking confirmations, itinerary updates, travel alerts, or responses to your inquiries — which we may continue to send as necessary to provide the Services you have requested.

13. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our business practices, applicable law, or the Services we provide. When we update this Privacy Policy, we will revise the "Last Updated" date at the top of this document and post the revised Privacy Policy on our website at [WEBSITE URL].

Your continued use of our Services following the posting of any changes to this Privacy Policy constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information.

For material changes — meaning changes that significantly affect your rights or our use of your personal information — we will make reasonable efforts to notify you directly, such as by sending a notice to the email address on file for your account or by posting a prominent notice on our website prior to the effective date of the change. Your continued use of our Services after notification of a material change constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or the exercise of your privacy rights, please contact us using any of the following methods:

Epix Cruise and Travel

San Diego County, California

Website: EpixCruiseAndTravel.com

We will make reasonable efforts to respond to your inquiry in a timely manner. For formal privacy rights requests from California residents, please refer to the procedures described in Section 8.2 of this Privacy Policy.

Important: Outside Agents, the host agency affiliated with Epix Cruise and Travel for administrative and licensing purposes only, should not be contacted regarding any privacy matters, data requests, or complaints relating to Epix Cruise and Travel or its clients. All privacy-related communications must be directed to Epix Cruise and Travel directly using the contact information provided above.