Privacy Policy

OUR ONLINE PRIVACY NOTICE

Last Updated: May 20, 2025

Our property and/or any affiliated entities (the “Company” or “we”) respect the privacy of our guests, customers, visitors to our website, job applicants and independent contractors. The purpose of this Privacy Notice is to describe the privacy practices of the Company and to provide information about the data we collect, use, and disclose.

Personal Information Covered by this Privacy Notice

The Personal Information we collect, use, process, and disclose is applicable to an individual guest, customer, job applicant, or contractor who visits or interacts with the Company, whether online or as a visitor of our offices, facilities or locations, purchases or inquiries about any of our products or services, contracts with the Company to provide services, applies for employment, or otherwise interacts or does business with the Company.

When visiting our website, we will collect data from you automatically as a result of navigating this site, and voluntarily when you submit information using a form on the website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our website. Through our website, we will collect information that can identify you or your activity.

This privacy notice does not apply to our current and former employees and their family members, dependents, or beneficiaries. If you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Notice by sending an email to wecare@crescenthotels.com.

Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked, directly or indirectly to an individual, alone or when combined with other Personal Information or identifying information, and includes certain categories of Personal Information discussed below that constitute “Sensitive Personal Information”.
Sensitive Personal Information: A subset of Personal Information that includes certain government identifiers (e.g., social security numbers); account details, financial information, debit card or credit card numbers with its security code, password, or credentials allowing access to an account; geolocation; contents of mail, email, and text messages; genetic data; biometric information; or health information. Personal Information and Sensitive Personal Information are collectively known as ‘Personal Information’ throughout this Privacy Notice.

Sharing of Personal Information: The disclosure or making Personal Information available to third parties without receiving monetary or other valuable consideration in return.

Sale of Personal Information: The disclosure of Personal Information for monetary or other valuable consideration but does not include, for example, the transfer of Personal Information as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business. A sale includes Personal Information that is transferred to any other business or third party.

Personal Information We CollectThe table below lists the types of Personal Information we collect and process about you based on transactions and interactions with the Company. For each category of Personal Information, we list the categories of third parties and service providers to whom we may disclose Personal Information. Generally, we do not sell or share Personal Information unless otherwise noted, and we limit the amount of Personal Information collected.

PERSONAL IDENTIFIERS

 We collect the following Personal Information when it is necessary. Personal Information that may be collected could include:

Name or alias
Social security number
Date of birth
Driver’s license or state identification card number
Passport number
Vehicle ID or license number
Membership or Loyalty Data
Postal address
Email address
Telephone number
Financial information, for customers, such as credit card or other payment card account information
Internet, online portal, and Mobile App activity, such as website visitor information, and related information
Usernames and passwords, user history, and related information
Mobile device data, such as device types, software versions, and cell phone details
Transactional data, such as purchase history, reservation details, products or services purchase, and event details
Public information, such as social media IDs, social media posts and images or videos, or images submitted to the Company

In more limited situations, depending on your relationship with our Company, we may also collect:

Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, union membership, citizenship status, or immigration status
Biometric data, such as fingerprints, retina scans, facial recognition, handprint
Geolocation data, such as IP address and/or GPS location, latitude & longitude
Surveillance video, images, video, and audio data related to: (1) security cameras located in public areas; (2) audio recordings of calls and virtual meetings disclosed to you at the time of the meeting; or (3) body cameras worn by loss prevention professionals and security personnel.

Our affiliates or the Company may also collect information about your stay that are used to enhance your experience including interests, and other relevant information related to your stay. This may include likes and dislikes about our services, dietary needs, health restrictions, or other personal needs to ensure your wellbeing. Additionally, we may collect personal inferences, such as analysis of your activity on the website, which is used to develop inferences regarding individual preferences and characteristics.Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about guests, customers, independent contractors, or job applicants:

1. Personal Identifiers (social security number, driver’s license or state identification card number, passport number)

2. Account Information (your company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)

3. Protected Classifications (racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation)

4. Biometric Information (used for the purpose of uniquely identifying you)

5. Geolocation Data (IP address and/or GPS location, latitude & longitude)

6. Medical and Health Information

CANDIDATE, APPLICANT AND EMPLOYEE DATA
Throughout the applicant and candidate process, and during or after your employment, certain Personal Information could be collected by the Company. Types of data collected at any stage of the process could include:

For job applicants, based on analysis of the Personal Information collected, we may develop inferences regarding job applicants’ predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for purposes of recruiting and hiring assessments and decisions.
Pre-Hire Information (Job Applicants Only), such as background screening and reference checks, pre-hire drug test results, information documented in job interview notes by persons conducting an interview for the Company, information contained in candidate evaluation records and assessments, information in work product samples you provided, and voluntary disclosures by you.
Company ID number
Systems security or access codes, passwords, security questions, or credentials allowing access to employee systems
Employment and Education History (Job Applicants Only), such as information contained in job applicants’ resumes regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations.
Candidate or job applicant username and password
Medical and health information for contact tracing purposes, or other public health related purposes
Facility and systems access information, such as security cameras, network access information, and physical security access logs

INDEPENDENT CONTRACTOR DATA

For contractors, there is a limited set of data collected, which could include one or more of the following:

Pre-Contract Information, such as for independent contractors, information you provided in your portfolio or proposal for services, information gathered as part of vendor evaluation and reference checks and other assessments of your qualifications to provide services to the Company, information in work product samples you provided, and voluntary disclosures you provided to Company.
Invoices and records of payment made to the individual, or other financial information
Financial records provided by you for accounting and tax related purposes (e.g., 1099)
Credentials, such as education, degrees, and vocational certifications, prior work experience, and prior client names
Safety, licensing and certification, and performance records
Contracts and Statements of Work
Medical and health information for contact tracing purposes, or other public health related purposes
Facility and systems access information, such as security cameras, network access information, and physical security access logs

Personal Information does not include:

Publicly available information from government records.
Information that a business has a reasonable basis to believe is lawfully made available to the public by the guest, customer, independent contractor, or applicant, or from widely distributed media.
Information made available by a person to whom the guest, customer, independent contractor, or applicant has disclosed the information if the guest, customer, independent contractor, or applicant has not restricted the information to a specific audience.
Deidentified or aggregated information.

How and Where We Collect your Personal Information

We may collect your Personal Information from the following sources:You (the guest, customer, independent contractor, or job applicant), when you:

1. visit the website and voluntarily submit information through forms on the website or social media.

2. visit any of our physical locations.

3. purchase or inquire about any of our products or services.

4. are contracted to perform services for us. 

5. apply for a position of employment.

Our employees, contractors, vendors, suppliers, guests, visitors, and customers based on interactions with them (if any)
We utilize cookies to automatically collect information about our website visitors
Surveillance cameras at our physical locations
Lead generators and referral sources
Credit and consumer reporting agencies
HR support vendors
Recruiters
Staffing agencies
Social media platforms
Company-issued computers, electronic devices, and vehicles
Company systems, networks, software applications, and databases you log into or use while applying for a position with the Company, interacting with our website, or otherwise interacting with us in any other capacity, including from vendors the Company engages to manage or host such systems, networks, applications, or databases.
Personal references and former employers (if you are a job applicant)
Schools, universities, or other educational institutions which you attended (if you are a job applicant)
From friends, family, or colleagues who choose to email you job postings that they think you may be interested in from our application platform or careers page
Reservation and booking systems or agents
Marketing and hotel operations support vendors

How and Where We Sell, Disclose, or Share your Personal Information

We do NOT and will not sell your Personal Information or Sensitive Personal Information in exchange for monetary consideration, and we do not and will not disclose or share your Personal Information or Sensitive Personal Information for cross-context behavioral advertising.

PERSONAL INFORMATION We may disclose your Personal Information for any one or more of the business purposes as outlined below. We and our affiliates strive to provide our guests, customers, employees, contractors, and candidates excellent service, and to do so, we may your Personal Information for the following reasons:

Personal identifiers, commercial transaction data, and account information could be shared with PMS (Property Management Systems), CRM (Customer Relationship Management) platforms, guest services and hotel operations, and hotel property owners. Certain situations may require that we share your Personal Information with promotional or fulfillment vendors, marketing support vendors, vendors supporting or hosting the website, transaction support vendors, data analytics vendors, professional employer organizations, recruiting firms, staffing agencies, consumer reporting agencies, security and risk management vendors, corporate customers, insurance carriers or administrators and brokers, company affiliates, and financial institutions. In limited situations, your Personal Information could be shared with government agencies.
Geolocation and mobile app device data could be shared with security and risk management vendors, including IT, cybersecurity, and privacy employees, vendors, and consultants. Facility and systems access information may be disclosed to security and risk management vendors and employees, including IT, cybersecurity, and privacy professionals, and Company Affiliates.
Mobile App, online portal data, Internet, and Inferences could be shared with PMS and CRM platforms, guest services, hotel operations, hotel property owners, promotional or fulfillment vendors, marketing support vendors, vendors that support the website services, and data analytics vendors.
Candidate, applicant, employee, independent contractor data, including, but not limited to, Personal Information and Personal Sensitive Information, could be shared with financial institutions, government agencies, talent acquisition management systems, vendors providing HRIS (Human Resource Information Systems), company affiliates, and job applicant and recruiting vendors and employees. Additionally, candidate, applicant, employee, independent contractor data could be disclosed to professional employer organizations, staffing agencies, consumer reporting agencies, and credit reporting agencies.
Biometric data is not shared or disclosed to parties other than the vendor we engage to process this data, and video data is only disclosed to the video security and risk management vendors and employees, including IT, Cybersecurity, and Privacy employees, vendors, and consultants.

SENSITIVE PERSONAL INFORMATION

We will use or disclose your Sensitive Personal Information for the following purposes:

1. To perform the services expected by an average employee who requests those services.

2. o detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted Personal Information.

3. To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.

4. To ensure the physical safety of natural persons.

5. For short-term, transient use.

6. To perform services on behalf of the Company.

7. To verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the Company.

8. For purposes that do not involve inferring characteristics about the guests, customers, contractors, and applicants.

DISCLOSURE OR SHARING OF DATA IN THE PRIOR 12 MONTHS

In the last 12 months we have shared the following types of personal data with the parties mentioned in the ‘How and When we Share your Personal Information’ section, including personal identifiers, commercial transaction data, account information, mobile device data, geolocation data, inferences, and account information has been shared with promotional or other fulfillment vendors. For job applicants, based on analysis of the Personal Information collected, we may develop inferences regarding job applicants’ predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for purposes of recruiting and hiring assessments and decisions, which is not shared, disclosed, or sold to third parties.

Mobile App, online portal data, Internet, credentials, education, other professional information, job applicant, facility and systems access information, medical and health information, or surveillance data have not been shared within the last 12 months.

Why We Collect Your Personal Information

We may collect and process your Personal Information for the following business purposes:
1. To fulfill or meet the purpose for which you provided the information.
2. To process, complete, and maintain records on transactions.
3. To support hotel management operations.
4. To retain your selection for text message, opt in/opt out to ensure guests and customers who opted out are not sent any text messages.
5. To schedule, manage and keep track of guest and customer appointments.
6. To maintain records of when customers decline a service or sale.
7. To respond to guest and customers inquiries, including requests for information, customer support online, phone calls, and onsite inquiries.

8. To manage loyalty rewards programs (if applicable).
9. To manage promotions and events.

10. To provide interest-based and targeted advertising.

11. To market relevant products and/or services.

12. To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked the Company to provide to you.

13. To comply with federal, state, and local law.

14. To improve user experience on our website.

15. To understand the demographics of our website visitors.

16. To detect security incidents.

17. To debug, identify, and repair errors that impair existing intended functionality of our website.

18. To protect against malicious or illegal activity and prosecute those responsible.

19. To verify and respond to guest and customer requests.

20. To prevent identity theft.

21. JOB APPLICANT PURPOSES:

1. To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.

2. To comply with local, state, and federal law and regulations requiring employers to maintain certain records, as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements.

3. To evaluate your job application and candidacy for employment.

4. To obtain and verify background check and references.

5. To communicate with you regarding your candidacy for employment.

6. To permit you to create a job applicant profile, which you can use for filling out future applications if you do not get the job you apply for.

7. To keep your application on file even if you did not get the job applied for in case there is another position for which we want to consider you as a candidate even if you do not formally apply.

8. To evaluate and improve our recruiting methods and strategies.

9. To engage in lawful monitoring of job applicant activities and communications when they are on Company premises or utilizing Company internet and Wi-Fi connections, computers, networks, devices, software applications or systems.

10. To engage in corporate transactions requiring review or disclosure of job applicant records subject to any non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.

11. To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company related to recruiting or processing of data from or about job applicants.

12. To improve job applicant experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.

13. To reduce the risk of spreading infectious diseases in or through the workplace.

22 INDEPENDENT CONTRACTOR PURPOSES:

1. To fulfill or meet the purpose for which you provided the information.

2. To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms).

3. To engage the services of independent contractors and compensate them for services.

4. To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate.

5. To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.

6. To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems.

7. To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.

8. To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.

9. To reduce the risk of spreading infectious diseases in or through the workplace.

Your Privacy Rights

Guests and customers may make the following privacy rights requests in accordance with applicable law.

1. Right to Know and Access: You may have the right to confirm: (1) the categories of Personal Information we have collected about you, (2) the categories of sources from which the Personal Information was collected, (3) the business or commercial purpoe for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your Personal Information, (5) the categories of Personal Information that we have sold or shared about you and the categories of third parties to whom the Personal Information was sold or shared, by category or categories of Personal Information for each category of third parties to whom the Personal Information was sold or shared, and (6) the categories of Personal Information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.

2. Right to Data Portability: You have the right to obtain a copy of your Personal Information, that you previously provided to us, in a format that: to the extent technically feasible, is portable; to the extent practicable, is readily usable; and allows you to transmit the data to another without impediment, where the processing is carried out by automated means.

3. Right to Delete: You may be entitled to request that we delete the Personal Information that we have collected from you, subject to certain exceptions.
4. Right to Correct: You have the right to request that we correct inaccurate Personal Information (to the extent such an inaccuracy exists) that we maintain about you.

5. Right to Limit the use of your Sensitive Personal Information: You have the right to limit our use or disclosure of your sensitive Personal Information to uses that are necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those services or goods.

6. Right to Not Be Discriminated: You have the right not to receive discriminatory treatment if you exercise the rights conferred to you by applicable privacy law.

7. Right to Designate an Authorized Agent: You have the right to designate an authorized agent to submit one of these requests on your behalf. See below for how you can designate an authorized agent. You can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

8. Opt-out of Selling and Sharing of your information (Do Not Sell or Share): While we do not sell or share your Personal Information in exchange for money, we may share your Personal Information for other valuable consideration. You have the right to tell us NOT to sell or share your Personal Information. You have the full and free right to opt-out of our disclosure of your Personal Information to any third parties where the disclosure constitutes “selling” or “sharing.”

9. Opt-out of processing Personal Information for Targeted Advertising and Profiling: You have the right to opt-out of targeted ads and profiling based on cross-contextual or behavioral data, as well as data collected from automated processes, that have been obtained from your activities over time and across nonaffiliated internet websites or online applications to predict your preferences or interests. Targeted advertising does not include (a) advertisements based on activities within a controller’s own internet websites or online applications, (b) advertisements based on the context of your current search query, visit to an internet website or online application, (c) advertisements directed to you in response to your request for information or feedback, or (d) processing personal data solely to measure or report advertising frequency, performance or reach.

10. Do Not Track (Opt-out Preference Signal): Opt-out preference signals provide consumers with a simple and easy-to-use method by which to exercise the right to opt-out of the selling and sharing of their information. Global Privacy Controls (GPC) is a user-enabled opt-out preference signal which can communicate a user’s “Do Not Sell or Share” request on behalf of the person or device. We will process opt-out preferences from GPC signals which are in formats commonly used and recognized by businesses, such as an HTTP field header. We will treat a consumer’s use of GPCs as a valid request to opt-out of the selling and sharing of information for that browser. We currently do not connect browser use to consumers and, as such, you will need to use GPCs on all browsers in which you access our website and use our opt-out form to opt-out of offline sales. Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals or other mechanisms (except for GPCs) that provide a choice regarding the collection of Personal Information about activities over time and across different websites or online services. We encourage users who have DNTs to use GPCs.

SPECIAL NOTICE FOR CALIFORNIA RESIDENTS

In compliance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), we provide California residents with certain information upon request, up to 2 times in a 12-month period, going back to January 1, 2023 (except for Right to Opt-out and Right to Limit), unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time-period. You have:

Right to Know and Access
Right to Data Portability
Right to Deletion
Right to Correct
Right to Opt-Out of Sales and Sharing of Personal Information. You may opt out of sales of your Personal Information to third parties and to opt out of the disclosure of your Personal Information to third parties for certain targeted advertising. A request to opt-out by a California resident need not be a verifiable request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.
Right to Limit Use of Sensitive Personal Information. You have the right to limit the use or disclosure of your sensitive Personal Information to uses that are necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those services or goods.
Right to Non-Discrimination. The California Shine the Light law (Civil Code 1798.83) permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of Personal Information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email to privacy@hotel-privacy.com. Please mention that you are making a “California Shine the Light” request.

SPECIAL NOTICE FOR COLORADO RESIDENTS
In compliance with the Colorado Privacy Act (CPA), we provide Colorado residents with certain information upon request. You have:

Right to Know and Access
Right to Data Portability

Right to DeleteRight to Correct

Right to Opt-Out. You may request to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling, used to make important decisions that have legal or similarly significant impacts on a consumer or the sale of Personal Information.

SPECIAL NOTICE FOR CONNECTICUT RESIDENTS
In compliance with the Connecticut Personal Data Privacy and Online Monitoring Act (CTDPA), we provide Connecticut residents with certain information upon request. You have:

Right to Know and Access
Right to Data Portability
Right to Delete
Right to Correct
Right to Opt-Out of the processing of your Personal Information for purposes of targeted advertising and profiling, used to make important decisions that have legal or similarly significant impacts on a consumer or the sale of Personal Information.

SPECIAL NOTICE FOR NEVADA RESIDENTS
In compliance with Nevada Senate Bill 220, we provide Nevada residents with the right to opt out of the sale of the Personal Information we may have collected about you. We do not sell, rent, or lease your Personal Information to third parties.

SPECIAL NOTICE FOR UTAH RESIDENTS
In compliance with the Utah Consumer Privacy Act (UCPA), we provide Utah residents with certain information upon request. You have:

Right to Know and Access
Right to Data Portability
Right to Delete
Right to Opt-Out of certain processing. You have the right to opt out of the processing of your Personal Information for the purposes of targeted advertising, or the sale of Personal Information.

SPECIAL NOTICE FOR VIRGINIA RESIDENTS
In compliance with the Virginia Consumer Data Protection Act (VCDPA), we provide Virginia residents with certain information upon request up to two (2) times in a 12-month period. You have:

Right to Know and Access
Right to Correct
Right to Delete
Right to Obtain a copy of your Personal Information, in a readily usable format.
Right to Opt-out of
1. the processing of your Personal Information for targeted advertising purposes.
2. the sale of your Personal Information.
3. profiling based upon your Personal Information.

How To Exercise Your Rights

We will not treat you differently because of you exercise your privacy rights. We will not deny goods or services to you; charge different rates for goods or services; provide a different level quality of goods or services; or suggest any of the preceding will occur. Thus, you may exercise your rights without fear of discrimination. We ask you to identify yourself and the information requested before processing such requests, and, to the extent permitted by applicable law, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others or would be extremely impractical.

To exercise your rights, you can do any of the following:

Submit an online request on our website by clicking HERE
Call our privacy toll-free line at (888) 828-4280.

How We Verify your Identity when you Submit a Request

When you submit a consumer request, we will ask you to provide some information to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, amount of your last purchase with the business, and/or date of your last transaction with the business.

Responding To Your Rights

State: CALIFORNIA

Response Time: Upon receiving a verifiable request for Right to Know, Right to Access, Right to Delete, and Right to Correct, we will confirm receipt of the request no later than ten (10) business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional forty-five (45) calendar days, or ninety (90) calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Upon receiving a request to opt-out we will act within fifteen (15) business days of its receipt. We will notify all third parties to whom we have sold or shared Personal Information of your request and instruct them to comply with the request within the same time frame. We will notify you when the request has been completed by mail or electronically, at your option.

Fee: We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Procedure to Appeal: You may appeal our refusal to act on a request without an undue delay after your receipt of our decision. To submit an appeal, you may call our privacy toll-free line at (888) 828-4280 to request an appeal form, which must be returned within thirty (30) calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the California Attorney General to submit a complaint. (This appeal process does not apply to California job applicants or independent contractors.)

State: COLORADO

Response Time: We endeavor to respond to a verifiable request for Right to Opt-Out, Right to Know, Right to Access, Right to Delete, and Right to Correct without undue delay or within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request. If we deny your request, we shall inform you within forty-five (45) calendar days of our decision not to comply and provide an explanation as to why we believe the request cannot be processed further.

Fee: We do not charge a fee for first request. We may charge for a second or subsequent request within a 12 -month period.

Procedure to Appeal: You may appeal our refusal to act on a request within a reasonable period of time after your receipt of our decision. To submit an appeal, you may call our privacy toll-free line at (888) 828-4280 to request an appeal form, which must be returned within forty-five (45) calendar days of your receipt of our decision. Within forty-five (45) calendars days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Colorado Attorney General to submit a complaint. (This appeal process does not apply to Colorado job applicants or independent contractors.

State: CONNECTICUT

Response Time: We endeavor to respond to a verifiable request for Right to Opt-Out, Right to Know, Right to Access, Right to Delete, and Right to Correct without undue delay or within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request. If we deny your request, we shall inform you within forty-five (45) calendar days of our decision not to comply and provide an explanation as to why we believe the request cannot be processed further.

Fee: We do not charge a fee for first request (during 12-month period), unless the requests are manifestly unfounded, excessive, or repetitive, in which case we may charge you a reasonable fee to cover the administrative costs of complying with the requests, or we may decline to act on the request.

Procedure to Appeal: You may appeal our refusal to act on a request within a reasonable period after your receipt of our decision. To submit an appeal, you may call our privacy toll-free line at (888) 828-4280 to request an appeal form, which must be returned within 60 calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Connecticut Attorney General to submit a complaint. (This appeal process does not apply to Connecticut job applicants or independent contractors.)

State: UTAH

Response Time: We endeavor to respond to a verifiable request for Right to Opt-Out, Right to Know, Right to Access, Right to Delete, and Right to Correct within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request. If we deny your request, we shall inform you within forty-five (45) calendar days of our decision not to comply and provide an explanation as to why we believe the request cannot be processed further.

Fee: We do not charge a fee for up to 2 requests annually, unless the requests are manifestly unfounded, excessive, or repetitive, in which case we may charge you a reasonable fee to cover the administrative costs of complying with the requests, or we may decline to act on the request.

Procedure to Appeal: You may appeal our refusal to act on a request within 30 calendar days after your receipt of our decision. To submit an appeal, you may call our privacy toll-free line at (888) 828-4280 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Virginia Attorney General to submit a complaint. (This appeal process does not apply to Virginia job applicants or independent contractors.)

State: VIRGINIA

Response Time: We endeavor to respond to a verifiable request for Right to Opt-Out of Targeted Advertising, selling of Personal Information, and Profiling, Right to Know, Right to Access, Right to Delete, and Right to Correct within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request.

Children Under the Age of 16
We do not process sensitive data concerning a known child without processing such data in accordance with the federal Children’s Online Privacy Protection Act (15 U.S.C. § 6501 et seq.).

Retention of Personal Information

We will retain each category of Personal Information in accordance with our established data retention schedule as indicated above. In deciding how long to retain each category of Personal Information that we collect, we consider many criteria, including, but not limited to the business purposes for which the Personal Information was collected; relevant federal, state, and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the Personal Information, and legal reasons for retaining the Personal Information, have both expired. If so, we will purge the information in a secure manner.The following retention periods are applied based on the categories of data outlined below.

Personal Information and account information are retained throughout the duration of our relationship with you, or from date of our last interaction or transaction, plus five (5) years, whichever is longer.
Transactional data is retained for four (4) years after the date of the transaction, unless necessary to maintain it for a longer period due to a product warranty, OSHA (Occupational Safety and Health Administration), or other regulatory obligation.
Usernames are retained permanently, and passwords and security codes are retained for two (2) years if there is account activity.
If you are a job applicant and are hired by the Company, then your name will be retained permanently, and other Personal Information will be retained for duration of employment plus six (6) years. If you are not hired, this data will be retained for four (4) years from when position is filled or the date we received your information, whichever is longer.
Medical and health information provided before, during or after employment is retained for two (2) years.
Facility management data (e.g., video surveillance) is retained for no more than three (3) years, unless required under law or to fulfill a regulatory obligation.
Independent contractor information, such as professional history, education, credentials, and other related performance information is retained for the duration of our relationship, or from date of our last interaction or transaction, plus five (5) years, whichever is longer.
Surveillance data is retained for 60[IJ1] days. In certain cases, based on the employment or independent contractor, surveillance data is retained for the duration of our relationship with you, or from date of our last interaction or transaction, plus five (5) years, whichever is longer.
Internet, website, geolocation data, IP addresses, online portal, and Mobile App information is retained for three (3) years.

Biometric data is retained while it in use for identity verification purposes plus one (1) year. This data is not collected from job applicants (unless required by law or government contract).

Sensitive Personal Information is retained for the duration of our relationship with you, or from date of our last interaction or transaction, plus five (5) years, whichever is longer. This data is not collected from job applicants (unless required by law or government contract).

Third Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include utilizing a third party vendor application that allows for text/chatting with hotel guests or allows guests to purchase products and services and make reservations, administering e-mail services, and running special promotions. Such parties only have access to the Personal Information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.

Business Transfers
In the event we sell or transfer a particular portion of its business assets, information of customers, contractors and job applicants may be one of the business assets transferred as part of the transaction. If substantially our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Compliance with Law and Safety
In the event we sell or transfer a particular portion of its business assets, information of customers, contractors and job applicants may be one of the business assets transferred as part of the transaction. If substantially our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

How We Protect the Information That We Collect

Your Personal Information is protected by the implementations of physical, electronic, and procedural security measures that are maintained to protect all Personal Information within our organization. Such security measures include:

1. Storing automatically collected Personal Information separate from the voluntarily collected Personal Information.

2. Encrypting all Personal Information.

3. Using tools and techniques to protect against unauthorized access to internal systems.

4. Restricting access to Personal Information only to those that require access to Personal Information in the course of their duties for the Company.

Please note that no data transmission over the Internet or wireless network or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us in accordance with the Contact Us section.

Use of Cookies and Other Tracking Technologies

Cookies are small files that a website may transfer to a user’s device that reside there for either the duration of the browsing session (session cookies) or on a permanent, until deleted, basis (persistent cookies) that may be used to identify a user, a user’s machine, or a user’s behavior. We make use of cookies under the following circumstances and for the following reasons:

Provide you with services available through the website and to enable you to use some of its features.
Authenticate users and prevent fraudulent use of user accounts.
Identify if users have accepted the use of cookies on the website.
Compile data about website traffic and how users use the website to offer a better website experience.
Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the website.
Track your browsing habits to enable us to show advertising which is more likely to be of interest to you.
You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:
Safari
Opera
Internet Explorer
Google Chrome
Mozilla


External Links

This Privacy Notice contains links outside of the Company for other practices, which include franchisors, authorized licensees, or third parties operating our service sites such as payment services, and loyalty programs. For your privacy, please ensure you review the Privacy Notice of the sites you visit via our website, as we are not responsible for the privacy practices of those other third parties and entities. Our Company is not responsible for the Personal Information that is processed and the privacy practices of other app developers, app providers, social media platforms, or operating system providers, such as Facebook, Apple, Google, Microsoft.

Passwords

The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Changes To Our Privacy Notice

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Notice. We encourage you to check our website frequently to see the current Privacy Notice in effect and any changes that may have been made to them. If we make material changes to this Privacy Notice, we will post the revised Privacy Notice and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Notice.

Consumers with Disabilities

This Privacy Notice is in a form that is accessible to consumers with disabilities.

Questions About the Privacy Notice

If you have any questions about this Privacy Notice, please contact us at privacy@hotel-privacy.com or call (888) 828-4280.