APG Concierge

Privacy Notice

APG Group LLC — apgconcierge.com

Last updated: June 2026  ·  Effective date: June 2026

1 About This Notice

This Privacy Notice explains how APG Group LLC, operating as APG Concierge ("we," "us," or "our"), collects, uses, stores, and shares your personal information when you visit apgconcierge.com ("the Site") or use our travel concierge and planning services ("the Services").

Please read this notice carefully. By using the Site or submitting an inquiry, you acknowledge that you have read and understood how we handle your personal data.

Data Controller

APG Group LLC
10028 High Banker Dr., Aubrey, TX 76227, United States
Operational address: Madrid, Spain (European Union)
travel@apgconcierge.com
+1 972-265-9555 (US)  ·  +34 669-265-333 (Spain)

Because we are based in the EU (Spain) and serve clients globally including in the European Economic Area, this notice is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), applicable Texas privacy law, and other applicable state privacy statutes.

2 What Personal Information We Collect

2.1 Information You Provide Directly

  • Contact information: Your first and last name, email address, and phone number, provided when you submit an inquiry or contact us.
  • Travel preferences: Destinations of interest, travel dates, trip duration, budget range, number of travelers, preferred travel pace, and specific interests.
  • Dietary and health-related preferences: Dietary needs or restrictions you voluntarily provide (e.g., vegetarian, halal, allergies). This information may constitute health-related data under GDPR and is collected only with your explicit consent. Providing this is always voluntary.
  • Special occasion information: Details about anniversaries, honeymoons, birthdays, or other occasions you share voluntarily.
  • Traveler names and passport information: Full legal names and passport details when required to make bookings with third-party vendors on your behalf.
  • Payment card information: Credit or debit card details provided on a signed Credit Card Authorization Form when you authorize us to process specific travel bookings. Full card numbers are never stored electronically.
  • Marketing attribution: How you heard about APG Concierge (e.g., Instagram, Google, referral), provided voluntarily in our inquiry form.
  • Correspondence: Any emails, messages, or communications you send us during planning or trip support.

2.2 Information Collected Automatically

When you visit the Site, we may automatically collect the following technical information:

  • IP address and general geographic location (country/city level)
  • Browser type, version, and operating system
  • Pages visited, time on page, and navigation path
  • Referring website or search query
  • Device type (desktop, mobile, tablet)

This information may be collected via cookies, analytics tools, or server logs. See Section 6 (Cookies) for details.

2.3 Information We Do Not Collect

  • Social Security numbers or national identification numbers
  • Financial account numbers beyond limited payment card data for authorized transactions
  • Biometric data
  • Personal information from children under 16 without verifiable parental consent

3 How We Use Your Information

We process your personal information for the following purposes, each supported by a lawful basis under GDPR:

PurposeGDPR Lawful Basis
Responding to inquiries; planning and delivering your custom trip itinerary; coordinating bookings; providing on-trip support; processing authorized payment transactions Performance of a contract (Art. 6(1)(b))
Maintaining tax and financial records; complying with legal obligations in the US and/or Spain Legal obligation (Art. 6(1)(c))
Website analytics; service improvement; fraud prevention; communicating with existing clients about active or completed trips Legitimate interests (Art. 6(1)(f))
Sending newsletters, travel guides, and promotional content to subscribers who have opted in Consent (Art. 6(1)(a)) — withdraw at any time
Processing dietary restrictions and health-related preferences for trip arrangements Explicit consent for special category data (Art. 9(2)(a))

Where we rely on legitimate interests, we have considered the impact on your privacy and determined our interests are not overridden by your rights and freedoms. You may request details of our legitimate interests assessment by contacting us.

4 How We Share Your Information

We do not sell your personal information. We do not share your information with third parties for their independent marketing purposes.

4.1 With Third-Party Service Providers to Fulfill Your Trip

When coordinating your travel arrangements, we share relevant personal information (such as your name, dietary requirements, and booking details) with hotels, restaurants, tour operators, and transportation providers. We share only the minimum information necessary for each vendor to fulfill the relevant booking. These vendors act as independent data controllers and are subject to their own privacy policies.

4.2 With Technology Service Providers

We share information with third-party technology providers who process data on our behalf, including website hosting and CDN services, email marketing platforms, and website analytics tools. These providers are contractually required to protect your data and may only use it to provide services to us.

4.3 For Legal Compliance

We may disclose personal information when required by law, court order, or regulatory authority, or to protect the rights, property, or safety of APG Group LLC, its clients, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of APG Group LLC's assets, your personal information may be transferred to the successor entity. We will notify you of any such transfer and the privacy practices that will apply.

5 International Data Transfers

APG Group LLC is incorporated in Texas, United States, and operates from Madrid, Spain (EU). Your personal information may therefore be transferred between the EU and the United States in the course of providing our Services.

Under GDPR, such transfers require appropriate safeguards. Where we transfer personal data from the EU/EEA to the United States or other third countries, we do so using one or more of the following mechanisms:

  • EU Standard Contractual Clauses (SCCs), incorporated into agreements with US-based processors
  • EU-US Data Privacy Framework (where applicable to specific processors)
  • Derogations under Article 49 GDPR for transfers necessary for the performance of a contract at your request (e.g., sharing your name with a hotel)

You may request details of the safeguards we apply to international transfers by contacting us at travel@apgconcierge.com.

6 Cookies and Tracking Technologies

Our Site may use cookies and similar tracking technologies to improve your browsing experience, analyze traffic, and support marketing efforts.

  • Strictly necessary cookies: Required for the Site to function. Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the Site (e.g., page views, traffic sources). These are set only with your consent.
  • Marketing/advertising cookies: Used for retargeting and measuring ad performance, if advertising tools are enabled. Set only with your consent.

You can manage your cookie preferences through the cookie consent banner displayed when you first visit the Site, or by adjusting your browser settings. Disabling certain cookies may affect Site functionality.

7 How Long We Keep Your Information

We retain personal information only for as long as necessary for the purposes described in this notice, or as required by law:

  • Active client records: Duration of the engagement plus 7 years (US and Spanish legal and tax requirements).
  • Credit Card Authorization Forms: Retained only until the authorized transaction is complete, then securely destroyed. Full card numbers are never stored electronically.
  • Inquiry records (non-clients): Up to 2 years from the date of last contact, then deleted.
  • Marketing subscriber data: Until you unsubscribe or withdraw consent. Suppression records may be kept to honor your opt-out.
  • Website analytics data: Per the default retention period of the analytics tool in use (typically 26 months for Google Analytics 4).

When data is no longer needed, it is securely deleted or anonymized.

8 How We Protect Your Information

We implement commercially reasonable administrative, physical, and technical safeguards to protect your personal information, including:

  • Encrypted communications (HTTPS/TLS) for all data transmitted through the Site
  • Restricted access to personal information on a need-to-know basis
  • Secure handling and destruction of Credit Card Authorization Forms after transaction completion
  • Access-controlled systems for client records

In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33) and will notify affected individuals without undue delay where required (GDPR Art. 34).

9 Your Rights Under GDPR (EU/EEA Residents)

If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation:

Access (Art. 15)

Request a copy of the personal information we hold about you.

Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

Erasure (Art. 17)

Request deletion of your personal information, subject to legal retention obligations.

Restriction (Art. 18)

Request that we limit how we use your data in certain circumstances.

Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent (Art. 7(3))

Withdraw consent at any time for consent-based processing (e.g., marketing).

No Automated Decisions

We do not make automated decisions with legal or significant effects about you.

To exercise any right, contact us at travel@apgconcierge.com. We will respond within 30 days. We may need to verify your identity first.

You also have the right to lodge a complaint with a supervisory authority:

Agencia Española de Protección de Datos (AEPD) — Spain www.aepd.es  ·  +34 901 100 099

If you are based in another EU member state, you may contact the data protection authority in your country of residence.

10 Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the CPRA):

  • Right to know: Request information about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it.
  • Right to delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: APG Group LLC does not sell your personal information and does not share it for cross-context behavioral advertising.
  • Right to limit sensitive personal information: Request that we limit the use of sensitive personal information to purposes strictly necessary to provide the Services.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, submit a verifiable consumer request to travel@apgconcierge.com. We will respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorized agent with appropriate written authorization.

Do Not Sell or Share My Personal Information: APG Group LLC does not sell or share personal information for cross-context behavioral advertising. No opt-out action is required, but you may contact us to confirm this in writing.

11 Additional US State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states with applicable consumer privacy laws may have rights similar to those in Section 10, including rights to access, correct, delete, and opt out of certain processing activities. Contact us at travel@apgconcierge.com to exercise your rights. We will respond within the timeframe required by applicable law.

12 Children's Privacy

Our Services are directed to adults. We do not knowingly collect personal information from children under the age of 16 without verifiable parental consent. If you believe we have inadvertently collected information from a child under 16, please contact us immediately at travel@apgconcierge.com and we will promptly delete it.

For travel bookings that include children, we collect only the minimum information necessary (such as names and ages for reservations) and handle it with the same protections described in this notice.

13 Third-Party Websites and Links

The Site may contain links to third-party websites, including hotel booking platforms, restaurant pages, and tour operator sites. This Privacy Notice applies only to apgconcierge.com. We are not responsible for the privacy practices of linked third-party sites and encourage you to review their privacy policies before providing any personal information.

14 Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this notice and post the updated version on this page. We may also notify active clients by email for significant changes affecting how we process their data.

Your continued use of the Site or Services after changes become effective constitutes your acknowledgment of the updated notice. We encourage you to review this page periodically.

15 Contact Us

For any questions, concerns, or requests related to this Privacy Notice or your personal data, please reach out. We will acknowledge your request within 5 business days and respond substantively within 30 days (GDPR) or 45 days (CCPA).

Get in Touch

BusinessAPG Group LLC (APG Concierge)
Emailtravel@apgconcierge.com
US Phone+1 972-265-9555
Spain+34 669-265-333
WhatsApp+1 775-770-4700
Address10028 High Banker Dr., Aubrey, TX 76227, USA