Privacy Policy

Introduction

We’re committed to respecting your privacy and keeping your personal information safe. This privacy policy tells you what to expect when Legacy International Center, Legacy Resort Hotel & Spa (“Legacy”) collects personal information.

COOKIE POLICY

We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience and analyze website traffic. By clicking “Accept,” you agree to our website’s cookie use as described in our Cookie Policy as described below.

This Cookie Policy explains how LegacyResortHotelandspa.com (“Company,” “we,” “us,” and “our”) uses cookies and similar technologies to recognize you when you visit our website at https://legacyresorthotelandspa.com (“Website”). The following explains what these technologies are and why we use them, as well as your rights to control our use of them. In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information. Cookies set by the website owner (Morris Cerullo World Evangelism and Plaza Del Sol Real Estate, LLC) are called “first-party cookies.” Cookies set by parties other than the website owner are called “third-party cookies.” Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., room booking and reservations, advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use first and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Website are used to enable room and other reservations, for advertising, analytics, and other purposes.

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services. Rejecting third party cookies may result in the inability of some of our website functions to work (such as placing reservations). The Cookie Consent Manager can be found in the notification banner. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies.

What Personal Information We Collect About You
We collect Personal Data in accordance with the law, and to provide you with exemplary services. We do not collect sensitive personal information about our customers unless there is a clear reason for doing so. Legacy gathers Personal Data to responsibly provide you with requested products, materials or services. Personal information can include information such as your name, communication preferences, email address, postal address, IP address, telephone number, mobile number, date of birth or bank account or bank card details so we can process payments, or information as to whether you are a taxpayer (where applicable). In some cases, we may also collect information about you from publicly available sources.

This can occur when you:

  • Ask about our activities
  • Reserve a room or make a reservation
  • Register with us for information
  • Sign up for publications or newsletters
  • Submit feedback
  • Purchase an item
  • Purchase services
  • Telephone, write, contact us online or text us
  • Otherwise provide us with your personal information

General information such as full name, postal address, e-mail address, telephone number, social media account ID, profile photo and other data made publicly available, or data made available by linking your social media and loyalty accounts, or other similar identifiers. Demographic information my include gender, language preferences, nationality, birthdays, anniversaries, or special occasions. Government issued identification may include passport, visa, or other government-issued identification (and the Personal Data contained therein). Financial information may include credit, debit, or other payment data. Loyalty program information may include membership or loyalty program data, co-branded payment cards information, and travel partner program affiliations. Travel information may include prior guest stays or interactions (including interactions via our chat functionalities), goods and services purchased, special service and amenity requests, travel itinerary, tour group information, activity data, or employer details (for business-related bookings). Health information may include information collected in connection with providing our spa, wellness, and beauty service treatments.

In more limited circumstances, we may also collect data about family members and companions (including names, and ages of children), biometric data, images, videos, and audio data via: (a) recordings of your voice (such as when we record customer service calls for quality assurance); (b) security cameras located in both exterior and interior public areas, such as walkways, hallways and lobbies. We may also collect information about your preferences that you provide to us or that we learn about you during your stay, in order to make your current and future stays and experiences with us more enjoyable. These include your interests and passions such as what type of other activities you prefer to take part in when staying with us; your food or beverage preferences, which may include your dietary preferences or personal needs so that we can provide for your wellbeing; and your room stay preferences, which include room options, amenities and any likes and dislikes so that we can improve the Services. Other Preferences may also include details about who you usually travel with, their relationship to you, special dates such as anniversaries and birthdays, and your marital status.

If you submit any Personal Data about other people to us (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.

Service Providers
We use service providers such as Google Analytics, Trip Advisor, Meta, MailChimp, and other advertising partners, Synxis Booking Engine, Spa Web, marketing providers, software and software as a service (SaaS) providers and any other service providers that use essential cookies to help us provide you with our services.

We may give relevant persons within these service providers access to your personal information, but only to allow them to perform their authorized services for us. Some service providers may be based in the US, the UK, or inside or outside of the European Economic Area (EEA) however, we will endeavor to ensure that any data transfers outside of the EEA are carried out in compliance with relevant data protection legislation for the location you have specified as your place of legal residence, and that the processing of your data is subject to appropriate security measures.

How We May Use Your Information
We will not rent, swap or sell your personal information. The legal basis that we rely on for processing your data will depend upon the circumstances in which it is being collected and used, but will in most cases fall into one of the following categories:

  • Where you have provided your consent to allow us to use your data in a certain way
  • Where the processing is necessary to carry out for the performance of a contract with you
  • Where the processing is necessary in order for us to comply with a legal obligation such as reporting and audit requirements; or
  • Where it is in our legitimate interests to perform our functions

Legal Requirements
We may disclose your personal/sensitive personal information when required to by law, for tax purposes, or as a result of a subpoena or court order. Further, we safeguard the sharing of such information with our vendors by using formalized information sharing agreements where appropriate, or on an ad hoc basis after ensuring the request and disclosure are legally compliant.

Other ways we may use your information:

Online Payments
To make an online payment by direct debit or payment card, you will be directed to a payment gateway which uses security features and encryption to ensure your data remains safe. The payment gateway encrypts your bankcard information through the use of tokens, so we never keep your bankcard information in our records.

Further information about the collection and use of your data will be provided on the relevant payment gateway for you.

If you enter your details into one of our online forms and you don’t “send” or “submit” the form we may contact you to see if we can help you with any problems you may be experiencing with the form or our website.

Legacy’s Contracted Payment Gateways
The online payment gateways process your payment on behalf of Legacy. They use, retain and disclose your personal and credit card details for this purpose only. Where such transfer occurs, we will ensure your data is adequately protected under data protection laws where applicable.

Data Profiling and Analysis
We may also carry out analysis of the personal information we collect about you and add publicly available information to create a profile of your interests and preferences. This is so we can contact you in the most appropriate way and with the most relevant information. Publicly available information is compiled from sources such as public registers (e.g. listed Directorships), newspaper articles, and social media posts. Please let us know if you would prefer us not to process your data in this way by contacting us here.

Email:
info@legacyresortandspa.com

Write to:
Legacy International Center
Legacy Resort Hotel & Spa
875 Hotel Circle South
San Diego, CA 92108

Marketing Communications
Where you give us your consent, we will also use your personal data in order to send you marketing communications. You decide how you want us to contact you, whether by mail, email or by phone or text message (SMS/MMS) and you can update your communication preferences at any time by contacting us. Occasionally, we will also send you a communication to update and refresh your communication preferences.

Visitors to Our Website
When someone visits a Legacy website, we use third party services such as Google Analytics, Trip Advisor and other third party partners to collect standard internet log information and details of visitor behavior patterns. We do this to understand how our website was accessed, and the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow these third-party companies to make any attempt to find out the identities of those visiting our website other than a general IP Address. If we do want to collect personal information through our website such as asking you to fill out a form, we will make this clear and explain what we will do with it.

We also use click through and open mail tracking when sending emails so that we can understand whether the recipient has opened an email, unsubscribed, or clicked on a link to our website. This enables us to assess the effectiveness of our communication with you.

Information Security
We protect your data by using up-to-date security features and procedures and we respect the privacy of all visitors to our website.

Associated Websites
legacysandiego.com
legacyresortandspa.com
legendsoflightfall.com
thecenter.legacysandiego.com
theresas.legacysandiego.com
mcwe.com

Our website may also include links to other websites, not owned, associated or managed by Legacy Resort Hotel and Spa. While we try our best to only link to reputable websites we cannot be held responsible for the privacy of information collected by sites not managed by us, nor can we accept responsibility or liability for them. For this reason, you should consult the privacy notice on any external website you link to before you submit any personal information to those websites.

How We Keep Your Data Safe and Who Has Access
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and our contracted vendors. We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collect or have access to.

Some of our suppliers run their operations in the US, the UK or inside or outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with applicable US, EU or UK data protection law. By submitting your personal information to us you agree to this transfer, storing and/or processing at a location of our choosing. We may need to disclose your details if required to the police, regulatory bodies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.

How Long We Hold Your Personal Information For
We regularly review personal information we hold, and delete anything we no longer need. We will only keep your personal data for as long as necessary. Different laws require us to keep different data for different periods of time. Certain regulations we are subject to, including the United States Internal Revenue Code, require that we keep records of financial transactions for seven years. Certain regulations we are subject to in the EU and UK, including the HMRC, require that we keep certain records for 6 years and 35 days. Otherwise, data on former partners and supporters is typically retained for up to three years after last contact. However, we will keep your data during your lifetime if you have included us in your will, estate planning, or trust. Information that does not need to be accessed regularly, but which still needs to be retained, is archived or placed offline.

Keeping Your Information and Preferences Up To Date
We continually strive to improve the quality and accuracy of the information you have provided, such as your contact details, by checking against external data lists such as the Post Office’s National Change of Address database & The National Deceased Register. This helps us ensure our records are fully up-to-date and to avoid misdirecting communications.

You can help us keep our records up to date by telling us when your contact details and other personal information changes. You can also change your mind at any time about how we contact you or ask us to stop contacting you altogether.

Please contact us and we will make the changes for you:

Email:
info@legacyresortandspa.com

Write to:
Legacy International Center
Legacy Resort Hotel & Spa
875 Hotel Circle South
San Diego, CA 92108

If you tell us that you no longer want to receive further contact from us and you are in our database, it may take a short while before our communications stop altogether. If you request to receive no further contact from us, we will keep the information we hold on you and add you to our suppression lists to ensure that you do not receive unwanted materials in the future.

Access to Your information, Correction, and Erasure
You have the right to see and access information contained in personal data we hold about you. If you would like to receive or transfer some or all of your personal information (called a Subject Access Request), please contact us:

Email:
info@legacyresortandspa.com

Write to:
Legacy International Center
Legacy Resort Hotel & Spa
875 Hotel Circle South
San Diego, CA 92108

We may require proof of identity of the person making the request. Please see the appropriate Legacy Personal Data Request form for more information.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove any information you think is inaccurate by contacting us at the address provided below.

You have a right to ask us to delete your personal data; however, this is not an absolute right. We can refuse to erase personal data which we need to keep to comply with a legal obligation (for instance, bankcard provider requirements) and in relation to the exercise or defense of any legal claims. Please note, upon a request for erasure, we may also keep a minimal amount of personal data on an in-house marketing suppression file in order to comply with a request not to receive marketing.

Changes To This Policy
We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on February 16, 2026.

How To Contact Us
If you have any questions, comments or suggestions, please let us know by contacting us:

Email:
info@legacyresortandspa.com

Write to:
Legacy International Center
Legacy Resort Hotel & Spa
875 Hotel Circle South
San Diego, CA 92108

Last Updated: February 16, 2026