Privacy Policy

This Privacy Policy explains how the Saugatuck/Douglas Area Convention and Visitors Bureau (“SDACVB,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data when you visit saugatuck.com, sign up for communications, submit forms, request information, or otherwise interact with our website, listings, guides, and digital services.

Last updated: April 16, 2026

Who We Are

The controller responsible for personal data covered by this Privacy Policy is the Saugatuck/Douglas Area Convention and Visitors Bureau.

Mailing address:
P.O. Box 28
Saugatuck, MI 49453

Visitors Center:
95 Blue Star Hwy
Douglas, MI 49406

Phone: (269) 857-1701
Email: staff@saugatuck.com

If you have questions about this Privacy Policy or your personal data, you can contact us using the details above or submit a request through our Privacy Rights Request form.

Scope of This Policy

This Privacy Policy applies to personal data we collect through the website, our newsletter and marketing signup tools, our request and submission forms, and related interactions tied to the website. It does not govern third-party websites, booking platforms, social networks, or businesses that we link to or help you contact. Those third parties handle personal data under their own privacy notices and terms.

Personal Data We Collect

  • Contact details and identifiers: such as name, email address, phone number, mailing address, ZIP or postal code, country or region, organization name, business name, and similar identifiers you provide.
  • Inquiry and planning details: such as booking preferences, requested dates, guest counts, event details, travel interests, notes, questions, and information about the services or businesses you want to hear from.
  • Submission content: such as event submissions, sponsorship or vendor interest details, media requests, uploaded files, and free-text descriptions you submit to us.
  • Marketing and communication preferences: such as newsletter sign-up status, browser notification permissions if you opt in, and your choices about receiving updates.
  • Technical, device, and usage information: such as IP address, browser type, operating system, device information, pages viewed, links clicked, referring URLs, cookie or local-storage identifiers, approximate interaction data, and other usage signals collected automatically through the site and its tools.
  • Security and anti-abuse data: such as CAPTCHA responses, bot-detection outcomes, fraud-prevention signals, and related technical information used to protect forms and the site.

Please do not submit sensitive personal data through general website forms unless we specifically ask for it for a lawful reason.

How We Collect Personal Data

  • Directly from you when you fill out forms, request guides, sign up for emails, submit event or vendor information, ask for media access, submit a privacy request, or otherwise contact us.
  • Automatically from your device and browser through cookies, tags, analytics tools, log files, caching tools, popup-preference cookies, embedded media, and similar technologies when you browse or interact with the site.
  • From third parties connected to your request in limited cases, such as when a local business, venue, or operator responds to a request you asked us to route or support.

If you choose not to provide certain required information, we may not be able to respond to your inquiry, process your request, or provide the service or communication you asked for.

How We Use Personal Data and Our Legal Bases

For GDPR purposes, we rely on one or more of the following legal bases depending on the situation: your consent, taking steps at your request, compliance with legal obligations, and our legitimate interests in operating, protecting, promoting, and improving the website and the Saugatuck/Douglas area travel experience.

  • To operate, secure, maintain, and improve the website and related services. Legal basis: legitimate interests and, where required by law, consent for non-essential tracking technologies.
  • To respond to inquiries, send requested guides or information, and communicate with you about your submissions or requests. Legal basis: taking steps at your request and our legitimate interests in responding to visitors, businesses, and community partners.
  • To route booking requests, referrals, or tourism-related inquiries to the appropriate operator, venue, or business when you ask us to do so. Legal basis: taking steps at your request and our legitimate interests in helping connect visitors with local businesses and services.
  • To administer submissions such as events, vendor or sponsor interest, media requests, and partnership inquiries. Legal basis: taking steps at your request and our legitimate interests in operating destination marketing, community, and partnership programs.
  • To send newsletters, promotional updates, and browser or push communications if you choose to receive them. Legal basis: consent. You can withdraw consent at any time.
  • To measure performance, understand site usage, improve content, and evaluate marketing effectiveness. Legal basis: legitimate interests and, where required by law, consent for analytics or marketing technologies.
  • To detect, prevent, and investigate spam, fraud, abuse, and security incidents. Legal basis: legitimate interests in protecting the website, our visitors, and our systems.
  • To comply with applicable law, respond to legal requests, and document how we handle privacy rights requests. Legal basis: legal obligation and, where applicable, legitimate interests in establishing, exercising, or defending legal claims.

Our legitimate interests include promoting the region, helping visitors plan trips, communicating with businesses and partners, securing the website, understanding how the site is used, and improving the content and services we offer.

Cookies, Analytics, and Similar Technologies

We and our service providers use cookies, local storage, scripts, tags, pixels, and related technologies to operate the site, remember preferences, secure forms, analyze usage, and support communications and embedded content. Depending on the page you visit, this may include tools and services such as Google Analytics 4, Google Tag Manager, Brevo, WonderPush, Google reCAPTCHA, Cloudflare Turnstile, NitroPack, popup-preference cookies, social-sharing tools, and embedded media such as YouTube or Vimeo.

  • Essential technologies help the website function, remember basic preferences, manage popup behavior, protect forms, and improve load and security behavior.
  • Analytics and performance technologies help us understand how visitors use the site, which pages perform well, and how we can improve content and functionality.
  • Communication and marketing technologies support newsletter signups, marketing preferences, and optional browser or push notification features when you opt in.
  • Embedded media and social features may set their own technologies or receive technical data when you view or interact with embedded or shared content.

You can manage many cookies through your browser or device settings. Some third-party technologies are controlled directly by the provider offering the tool or embedded content, and the choices available to you may vary by provider, page, and jurisdiction.

Newsletters, Marketing, and Browser Notifications

If you subscribe to our newsletter or other promotional communications, we process your contact details and preferences to send the updates you asked to receive. We currently use Brevo for newsletter and related communication features, and certain browser notification or push features may involve WonderPush or related tools if you choose to enable them.

You can withdraw consent at any time by unsubscribing, changing your browser notification settings, or contacting us. Withdrawing consent does not affect processing that took place before withdrawal.

Third-Party Listings, Booking Requests, Embedded Content, and Payments

The website may feature listings, events, guides, referrals, embedded media, social tools, and booking or inquiry forms that connect you with independent hotels, activity operators, event organizers, venues, restaurants, and other local businesses. If you submit a request that we route to one of those businesses, or if you leave the website to complete a booking, purchase, or signup, that third party processes your personal data under its own privacy notice and terms.

We typically do not collect or process payment card data directly through this website. If payment is required for a booking, ticket, or other transaction, the relevant third-party operator or platform generally collects and processes that payment information directly.

When We Share Personal Data

  • Service providers and processors that help us operate the website, manage communications, analyze traffic, secure forms, cache content, provide embedded content, or support similar functions.
  • Local businesses, venues, or operators when you ask us to connect you, forward a request, or facilitate an inquiry related to travel planning, events, or services.
  • Professional advisers and authorities if reasonably necessary for legal, compliance, audit, insurance, tax, fraud-prevention, or law-enforcement purposes.
  • Successors or counterparties in connection with a merger, reorganization, or transfer of all or part of our operations, if applicable.

Recipients may include technology and communications providers such as Google, Brevo, WonderPush, Cloudflare, NitroPack, social or media platforms, and similar vendors, depending on the tools active on the page or feature you use.

International Data Transfers

We are based in the United States, and some of the service providers we use may process personal data in the United States or other countries outside the European Economic Area or United Kingdom. Where applicable, we rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, or similar safeguards. You can contact us if you want more information about the safeguards relevant to a particular transfer.

How Long We Keep Personal Data

  • Newsletter and marketing records are retained until you unsubscribe, withdraw consent, or the communication program ends, plus a reasonable period to maintain suppression or compliance records.
  • Inquiry, booking, event, partnership, vendor, sponsorship, media, and guide request records are retained for as long as needed to respond, administer the request, support follow-up communications, maintain ordinary business records, and meet legal or operational requirements.
  • Analytics, log, security, popup, and cookie-related data are retained according to browser persistence, our provider settings, operational needs, and security or fraud-prevention requirements.
  • Privacy rights requests are retained for as long as needed to verify identity, respond, document the request, and demonstrate compliance with applicable law.

When we no longer need personal data for the purposes described above, we will delete, anonymize, or archive it in accordance with applicable law and our retention practices.

Your Privacy Rights

Depending on where you live and the law that applies, you may have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing based on legitimate interests;
  • receive a portable copy of certain personal data;
  • withdraw consent at any time where processing is based on consent; and
  • lodge a complaint with a supervisory authority, including the authority in your habitual residence, place of work, or place of the alleged infringement if GDPR applies.

These rights are not absolute and may be limited in some situations under applicable law.

How to Exercise Your Rights

The fastest way to submit a rights request is through our Privacy Rights Request form. You can also contact us by email at staff@saugatuck.com or by mail at the address above.

We may ask for information necessary to verify your identity and to understand the scope of your request. Where GDPR applies, we aim to respond without undue delay and in accordance with applicable legal timelines, including lawful extensions where permitted.

Automated Decision-Making

We do not knowingly use personal data collected through this website to make solely automated decisions that produce legal or similarly significant effects about you.

Children’s Privacy

The website is intended for a general audience. We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided us with personal data unlawfully, please contact us so we can review and address the situation.

Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data. No system is completely secure, however, and we cannot guarantee absolute security of information transmitted to or from the website.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the website, our practices, legal requirements, or the services and providers we use. When we do, we will post the updated version here and update the “Last updated” date above.