Sydell Group LLC Legal Department
30 West 26th Street, 12th Floor
New York, NY 10010
Please read this Policy carefully before submitting any Personal Information about you to us. Please note that this Policy does not apply to our processing of Personal Information on behalf of or subject to the instructions of any third parties such as airlines, car rental companies, and other service providers. We recommend that you review the privacy policies of any third-party service providers you may use to ensure adequate protection of your Personal Information. This Policy provides technical details about the steps we take to respect your privacy concerns. We have divided it into subsections allowing you to skip directly to the information of most interest to you.
The appendices at the end of this Policy contain provisions applicable to EU or California residents only. If you are an EU or California resident, please read the applicable appendix carefully.
I. WHAT IS PERSONAL INFORMATION AND WHAT PERSONAL INFORMATION MAY WE COLLECT FROM YOU?
"Personal Information" is any information that can be used to identify you as an individual.
Generally, we have collected and will collect the following categories of Personal Information about consumers (as defined under Cal. Civ. Code § 1798.140 (o)(1)):
Categories of personal information related to California Customer Records statute (Cal. Civ. Code § 1798.80);
Protected classifications, such as age and national origin;
Internet or other electronic network activity information;
Audio, electronic, visual, or similar information;
Professional or employment related information; and
Inferences for use in creating a consumer profile.
Specifically, we may collect and process the following specific types or categories of Personal Information about you: your name and contact information such as physical address, email address, and telephone number; information related to your reservation or your visit to our properties; information about your purchase of products or services; personal characteristics, including date of birth, and nationality; passport number and date and place of issue; travel history; payment information, including credit card information; dates of and amount of charges for stays at properties; guest preferences, including preferred communication methods and preferred methods of payment; marketing preferences; business name, title and address; reviews and opinions about our brands or properties (if they are identified or associated with you); frequent flyer or travel partner program affiliation and member number; hotel, airline and rental car packages booked; and groups with which you are associated for stays at properties. We may also record similar information on your traveling companions.
In addition, when you visit our website, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the website (e.g., your IP address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, and the date and time of your request).
II. WHEN AND WHY WE COLLECT PERSONAL INFORMATION
Any point of interaction between you and Sydell, whether electronic, by phone, or in person, is a point at which we may collect Personal Information and other information from you.
We may use the categories of personal information we collect to:
Advance our commercial or economic interests;
Audit customer activity;
Maintain or service customer accounts;
Provide customer service;
Process reservations, bookings and other transactions;
Verify customer information;
Provide advertising or marketing services;
Provide analytic services; and
Perform internal research for technological development.
In addition, we process Personal Information for the following purposes related to operating our business: providing our websites and services to you, customizing our services for your stay and anticipating your needs to provide you with the best experience possible, communicating with you (including sending promotional offers and customer satisfaction surveys); managing our IT and finance systems; ensuring the security of our premises and our systems; conducting investigations where necessary; compliance with applicable law; improving our websites and services; and, as applicable, recruitment and job applications.
Below are additional examples of when and why we may collect your Personal Information, which we provide for your convenience, but please note that this list is not exhaustive.
We collect Personal Information to assist us in making your reservation and to ensure that the services meet your needs. This information helps us customize and personalize your experience in our properties. Maintaining this information on file also allows guests to review prior transaction statements or invoices and see itemized reports on spending.
PROMOTIONS AND MARKETING
This information also enables us to inform you of promotions or other offers or information (always in accordance with applicable laws). Some such promotions require that your Personal Information be shared with a third party, including marketing and communications companies. These companies are under contract with us and are obligated to protect any such Personal Information to which they may have access. If you do not wish to receive such promotions and information from us, you may indicate as such when you stay with us, or you may contact one of our properties, or you may e-mail us at firstname.lastname@example.org.
We also collect Personal Information when we conduct customer satisfaction surveys or focus groups in order to improve our products or services. Such information may be collected by third parties under contract with us, and they are obligated to protect any such information to which they may have access.
ONLINE ACCOUNTS AND SOCIAL MEDIA
We collect Personal Information, including your username and password, when you register for an online account on any of our property’s websites. If you choose to participate in or access Sydell-related social media activities, giveaways, or events, we may collect Personal Information from your social media account with your permission. Such information may include, without limitation: location, activities, interests, photos, status updates, friend lists, and any other information.
We collect Personal Information from individuals who choose to apply to us for employment. Such information includes, without limitation, any information provided in a resume, information on education and employment history, information obtained through background checks, desired salary scale, working permits, and any other information relevant to the application. Any Personal Information obtained by us during the application process may be retained by us for purposes of considering the applicant for employment as well as for management and research purposes.
OTHER TYPES OF INFORMATION
Please note that in addition to the Personal Information described in the foregoing sections, we also may use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas. You acknowledge that by accessing any of our public spaces, we may capture and use your image for security and investigative purposes. We also may collect additional Personal Information in connection with on-site services, such as concierge services, health clubs, spas, activities, childcare services, and equipment rental.
Sensitive information refers to information related to your racial or ethnic origin, political opinions, religion or other beliefs, physical or mental health, sexual life, criminal background or trade union membership. We do not generally collect sensitive information unless it is volunteered by you. We may use health data provided by you exclusively to serve you better and meet your particular needs.
If you are an EU resident, please see the Appendix for additional provisions applicable to sensitive information.
III. HOW WE COLLECT PERSONAL INFORMATION
Personal Information may be obtained when you provide it to us, e.g., when making a reservation, when logging onto our w-fi network, through online forms, over the phone, over e-mail, in person, or by any other method covered by this Policy. Except for the security measures discussed above or other areas indicated in this Policy, when we need to collect Personal Information from you, we will ask you to voluntarily supply us with the information we need. The most common examples of such requests are when you make a reservation, which we describe in more detail below. We may also obtain Personal Information when you visit any of our websites or use any features or resources available on or through any of our websites.
If you wish, you may submit your e-mail address to our subscription list or to receive other information. We will only place you on such lists when you indicate your desire to be included. We do not sell or rent our lists to anyone. Once on such a list, you may ask to be removed from the list at any time. Visitors will always have the ability to accept or decline any form of communication from Sydell.
We may use third parties to provide us with additional contact information about you based on information you provide to us directly. For example, if we know your name and postal address, we may use a third party to provide us with your e-mail address. We may request your Personal Information from your traveling companion. In such cases, we rely on your companion to obtain your consent for disclosing such information to us.
We also may collect data by using pixel tags, web beacons, clear GIFs, or similar means that allow us to know when you visit our site and to understand how you interact with our e-mails or advertisements. These methods also collect aggregate data that we hope to use to improve our websites to better suit our visitors and customers preferences.
When making a room reservation, we will ask you for Personal Information necessary for ensuring that your room is properly reserved and your needs are met.
Visitors to websites who elect to make reservations online will be required to create an online account and fill out a profile the first time they make a reservation. When you complete a profile, you will be asked to provide specific information, including your name, address, other contact information, and credit card information as a guarantee and deposit for your reservation. Your transmittal of this information shall constitute your acknowledgment and agreement to the terms and conditions contained in this Policy.
Your credit card number will be verified using a checking sequence, but we do not authorize any payments at this point. Once your reservation is confirmed, the property you have selected will be sent all of the reservation information through a secure network. You can also make a reservation by contacting a particular property directly. When you make a reservation over the phone, we may ask you for information such as your name, address, telephone number, and method of payment. We may also obtain from you any room preferences or special requests. Confirmation of your reservation will be provided to you, generally by email, directly from the property.
Any credit/debit card payments and other payments you make through our website will be processed by our third-party payment providers and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Please note that we do not ourselves directly process or store the debit/credit card data that you submit.
IV. HOW WE STORE PERSONAL INFORMATION AND KEEP IT SECURE
We treat the information you provide to us as confidential and have implemented appropriate technical and organizational security measures designed to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law. Information stored at our properties is kept in a secure location, whether in locked filing cabinets or in protected electronic databases. Reservation information is stored in a secure customer database. We also maintain a separate database for Personal Information used for marketing and research purposes. For online transactions, we use technology to protect the Personal Information that you transmit to us via our site. When we ask for your credit card data, it is transferred over a Secured Sockets Layer (SSL) line, provided you are using an SSL-enabled browser. We also use SSL on other pages where you would enter Personal Information. This ensures that your information is encrypted as it travels over the Internet. After information reaches Sydell, it is stored on a secure server behind firewalls designed to block unauthorized access. Please note that no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure.
For your own privacy protection, please do not include sensitive Personal Information, including, without limitation, credit card numbers, in any e-mails you may send to us.
V. HOW WE SHARE PERSONAL INFORMATION
Sydell has disclosed Personal Identifiers to third parties for a business or commercial purpose in the preceding 12-months. Specifically, Sydell may share your Personal Information for business purposes, including the performance of services on our behalf, in order to ensure the best quality service for you. We may share Personal Information with:
other companies in the Sydell family of companies, who may access and process this information for the purposes described above, including to offer products and services to you, but only for the purposes for which we originally collected it;
affiliates, partners, and vendors, who act on our behalf to support our operations;
your employer, if you use a corporate credit card;
event organizers associated with any events you plan with us;
third parties you engage in conjunction with our services, such as rental car companies or airlines;
providers of onsite services such as concierge services, spa treatments, excursion experiences, and any other similar services;
law enforcement or emergency responders;
legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
accountants, auditors, lawyers and other outside professional advisors to us, subject to binding contractual obligations of confidentiality;
any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights; and
in the event of a merger, consolidation, sale, liquidation or transfer of assets, Sydell may, in its sole and absolute discretion, transfer, sell or assign information collected, including without limitation, both non-Personal Information and Personal Information, to one or more affiliated or unaffiliated third parties. Sydell, however, does not sell any Personal Information.
If you are an EU resident, please see the applicable Appendix for additional provisions applicable to our use of third party processors.
VI. PERSONAL INFORMATION FROM CHILDREN
Sydell’s websites are not intended for children and we do not knowingly solicit or collect Personal Information from individuals under the age of eighteen (18).
VII. ACCESSING SYDELL FROM WEB-ENABLED MOBILE DEVICES
You can access our websites and make, view, or cancel reservations from web- enabled mobile devices.
VIII. OPTING OUT OF PROMOTIONAL MATERIALS
If you prefer not to receive promotional and marketing materials from us, you may opt out by emailing an opt-out request to an e-mail address that will be provided for such purposes in our promotional and marketing materials, in which case we will update your preferences as soon as reasonably practical.
Please note that if you opt out as described above, we will not be able to remove your Personal Information from the databases of affiliates, partners, or vendors with which we have already shared your Personal Information in accordance with this Policy and applicable laws.
IX. LINKS TO THIRD-PARTY WEBSITES
X. APPLICABLE LAW
Sydell’s websites are United States websites and are subject to laws of the United States and the State of New York. Sydell will disclose Personal Information without your permission when required to do so by law or in good faith belief that such action is necessary to investigate or protect against harmful activities to Sydell guests, visitors, associates, or property (including this site), or to others.
XI. POLICY MODIFICATIONS
We may modify this Policy from time to time. Please check this Policy periodically for changes. You can tell when this Policy was last updated by looking at the date at the bottom of the Policy. Any changes to our Policy will become effective upon posting of the revised Policy. Your use of our websites following such changes constitutes your acceptance of the revised Policy.
XII. CONTACT US
If you have any questions about this Policy or how Sydell obtains and uses your Personal Information, please contact us by e-mail at email@example.com or by postal mail at:
Additional terms applicable to EU residents
Legal bases for processing Personal Information
In processing your Personal Information in connection with the purposes set out in this Policy, we will rely on one or more of the following legal bases, depending on the circumstances:
Consent: we have obtained your prior express consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way);
Contractual necessity: the processing is necessary in connection with any contract that you may enter into with us;
Compliance with applicable law: the processing is required by applicable law;
Vital interests: the processing is necessary to protect the vital interests of any individual; or
Legitimate interests: we have a legitimate interest in carrying out the processing for the purpose of managing, operating, or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
Legal bases for processing sensitive information
Where it becomes necessary to process your sensitive information for any reason, we rely on one of the following legal bases:
Compliance with applicable law: the processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
Detection and prevention of crime: the processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
Establishment, exercise or defense of legal rights: the processing is necessary for the establishment, exercise or defense of legal rights; or
Consent: we have, in accordance with applicable law, obtained your prior, express consent prior to processing your sensitive information (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Third party processors
Where we engage a third-party processor to process your Personal Information, the processor will be subject to binding contractual obligations to: (i) only process the Personal Information in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Information; together with any additional requirements under applicable law.
International transfer of Personal Information
Because of the international nature of our business, we transfer Personal Information within the Sydell family of companies, and to third parties as noted in Section V above, in connection with the purposes set out in this Policy. For this reason, we transfer Personal Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
When you provide your Personal Information to us from the country in which you are located, you are initiating a transfer of your Personal Information to the United States.
We take every reasonable step to ensure that your Personal Information is only processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Information are as follows:
we will retain Personal Information in a form that permits identification only for as long as:
we maintain an ongoing relationship with you (e.g., where you are a customer of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
your Personal Information is necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your Personal Information is included in a contract between us and you and we have a legitimate interest in fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Information);
plus the duration of:
any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Information, or to which your Personal Information is relevant); and
an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Information that is relevant to that claim);
and, in addition, if any relevant legal claims are brought, we continue to process Personal Information for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraphs 5(b)(i) and 5(b)(ii) above, we will restrict our processing of your Personal Information to storage of, and maintaining the security of, that Personal Information, except to the extent that that Personal Information needs to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs 5(a)-(c) above, as applicable, have concluded, we will either permanently delete or destroy the relevant Personal Information; or anonymize the relevant Personal Information.
Accuracy & Minimization
From time to time, we may ask you to confirm the accuracy of your Personal Information. We take every reasonable step to ensure that:
your Personal Information that we process is accurate and, where necessary, kept up to date;
any of your Personal Information that we process that is inaccurate (having regard to the purposes for which they are processed) is erased or rectified without delay; and
your Personal Information that we process is limited to the Personal Information reasonably necessary in connection with the purposes set out in this Policy.
Your Legal Rights
Subject to applicable law, you may have the following rights regarding the processing of your Personal Information:
the right not to provide your Personal Information to us (however, please note that we will be unable to provide you with the full benefit of our websites, products, or services, if you do not provide us with certain Personal Information – e.g., we might not be able to process your requests without the necessary details);
the right to request access to, or copies of, your Personal Information, together with information regarding the nature, processing and disclosure of that Personal Information;
the right to request rectification of any inaccuracies in your Personal Information;
the right to request, on legitimate grounds, (i) erasure of your Personal Information or (ii) restriction of processing of your Personal Information;
the right to have certain Personal Information transferred to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
where we process your Personal Information on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your Personal Information in reliance upon any other available legal bases); and
the right to lodge complaints regarding the processing of your Personal Information with a data protection authority (in particular, the data protection authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred, each if applicable).
Subject to applicable law, you may also have the following additional rights regarding the processing of your Personal Information:
the right to object, on grounds relating to your particular situation, to the processing of your Personal Information by us or on our behalf; and
the right to object to the processing of your Personal Information by us or on our behalf for direct marketing purposes.
This Policy does not affect your statutory rights. To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our processing of your Personal Information, please use the contact details provided in Section XII above. Please note that:
in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
where your request requires the establishment of additional facts (e.g., a determination of whether any processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Additional terms applicable to California residents
If you are a resident of California, the California Consumer Privacy Act (Cal. Civ. Code §§ 1798.100–1798.199) (“CCPA”) grants you the following specific rights regarding your personal information.
RIGHT OF ACCESS AND TRANSPARENCY
You have the right to submit a verifiable consumer request that we disclose the following to you in a readily useable format covering the 12-month period preceding your verified consumer request:
The categories of personal information we collected about you.
The purposes for which the categories of personal information will be used.
The categories of sources from which your personal information is collected.
The business or commercial purpose for collecting personal information.
The categories of third parties with whom we share personal information.
The specific pieces of personal information we collected about you.
The categories of personal information we have disclosed for a business purpose.
RIGHT TO REQUEST DELETION
You have the right to submit a verifiable consumer request that we delete any personal information that we have collected from you. However, we are not required to comply with a request to delete, if it is necessary for us to retain the personal information in order to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with legal obligations.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
RIGHT TO NON DISCRIMINATION
You have the right to be free from discrimination when you exercise your consumer rights under the CCPA, including by:
Denying you goods or services.
Charging you a different price or rate for goods or services, including through granting discounts or other benefits, or imposing penalties.
Providing you a different level of quality of goods or services.
Suggesting that you may receive a different rate for goods or services or a difference level or quality of goods or services.
We may offer you financial incentives for the collection, sale or deletion of personal information. We may also offer you a different price, rate, level or quality of goods or services if that difference is reasonably related to the value provided to us by your data.
METHODOLOGY FOR SUBMMITING CONSUMER REQUESTS
To exercise your rights regarding your personal information under the CCPA, please submit a verifiable consumer request for information through one of the following methods:
Call us toll free at 877-372-6113, or
Email us at firstname.lastname@example.org.
We will deliver a response to you in accordance with the requirements of the CCPA, currently within 45 days of receiving the verifiable consumer request.
California “Shine the Light” Law
Under California Civil Code (Cal. Civ. Code §§ 1798.83), if you are a customer who resides in the State of California, you have the right to request from Sydell a list of third parties with whom we have shared Personal Information about you for their own direct marketing purposes during the previous calendar year. Such requests may be made no more than once per calendar year. If you would like to request information about the parties that may have obtained Personal Information from us about you during the calendar year immediately preceding, please contact us by e-mail at email@example.com or by postal mail at:
We reserve our right not to respond to requests submitted to addresses other the address specified in this paragraph.