Last Updated: November 6, 2020
Standard International Management, LLC and its affiliates (“The Standard”, “we”, “our”, or “us”) recognize the importance of protecting the personal information we may collect from guests, visitors and any other individual or entity (“Users”, “you”, or “your”).
For residents of California, please see “PRIVACY NOTICE FOR RESIDENTS OF CALIFORNIA“ below.
IF YOU WISH TO EXERCISE YOUR RIGHTS UNDER APPLICABLE DATA PRIVACY LAWS, PLEASE EMAIL DPO@STANDARDHOTELS.COM AND READ BELOW FOR MORE INFORMATION.
We collect information, including Personal Information, to provide better Services to all our guests and visitors. We use the term “Personal Information” to refer to any information that identifies or can be used to identify you, such as your name, email address, payment data and the information described below.
The Personal Information which we collect includes, but is not limited to, the following circumstances and data elements:
· If you express an interest in obtaining additional information about our Services, request customer support, use the "Contact Us" or similar features on our Site or Services, register to use our Sites or Services, or download certain content, we may require that you provide to us your contact information, such as your name, organization, phone number, or email address, and in some instances, you may elect to provide us with location and address information;
· If you voluntarily submit certain information in connection with the use of the Sites or other Services, such as making a booking reservation, purchase or other transaction, using our WiFi, filling out a survey about your guest experience or entering a contest or promotion, we collect the information you have provided as part of such Services;
· If you report a problem or have a question about our Services, you may provide us with contact information, such as a phone number or email address;
· If you stay at one our properties, we may collect:
o Your name, contact details and demographic information (for example, gender or age);
o Your financial and billing information, such as credit card details;
o Information about your travel details, preferences and history, or relating to your reservation, for example your arrival and departure information, special requests, vehicles brought onto the property, concierge, health club, spa, room delivery and other services;
o Information collected through the use of a closed circuit television system, internet systems, smart or mobile device, card key and other security and technology systems, used in connection with, for example, responding to emergencies and incidents;
· If you or your organization plans an event or meeting at one our facilities, we may collect Personal Information related to the event or meeting such as the guest list and information about the guests at your event;
· If you use and interact with our Sites or Services (including email), we may automatically collect information about your device and your usage of our websites or emails through cookies, web beacons or similar technologies, such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Information under applicable law; and
· In some instances, you may provide to us Sensitive Personal Information. We use the term “Sensitive Personal Information” as defined by the privacy laws in some countries, which means personal information from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership or professional association, physical or mental health condition, medical treatment, genetic data, biometric information, and information about an individual’s sexual life or sexual orientation. We only process Sensitive Personal Information in your jurisdiction to the extent permitted by applicable law. You are not required to provide The Standard with any of your Sensitive Personal Information, and choosing not to do so will not prevent you from purchasing any Services from The Standard. We do not generally collect Sensitive Personal Information unless it is volunteered by you. For example, we may use health information provided by you to serve you better and meet your particular needs, such as for the provision of disability access.
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from our guests or their agents. For example, from information that our guests provide to us in order to reserve a room at a hotel.
- Indirectly from our guests or their agents. For example, through information we collect from our clients in the course of providing Services to them.
- From social media websites, such as Facebook, LinkedIn, and Instagram.
- From third parties that assist us in providing certain transactions and services, even though it appears that you may not have left our Site, for example reservations, online travel agencies, payment processing, and hosting.
We and our partners use various technologies to collect and store information when you visit one of our Sites or Services, and this may include using cookies or similar technologies to identify your browser or device. We may also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. Our third-party advertising and analytics partners include Google and similar partners.
The technologies we use for this automatic data collection may include:
· Web Beacons: Pages of our services or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count Users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
· Clickstream Data: Clickstream data is information collected by our computers when you request webpages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze, for example, how visitors arrive at the Sites, what type of content is popular, and what type of visitors in the aggregate are interested in particular kinds of content on the Sites.
· Location-Based Services: We may collect the location of the device used to access the Site or Services, for example by using WiFi signals or other technologies. This information will be collected only if you consent to enable location-based capabilities on your device. You can decide at any time not to share your location, or to limit when your location is collected, by choosing the applicable setting on your device.
· “Do Not Track” Signals: The Standard does not track its Users across third-party websites but may track your actions regarding our advertisements on third-party websites. Some third-party websites do keep track of your browsing activities when they serve you content, however, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies. We do not honor browser do-not-track signals at this time.
How We Use Personal Information We Collect
We use your Personal Information in ways that are compatible with the purposes for which it was collected or authorized by you, including for the following purposes:
- To present, operate or improve the Site and Services, including analysis of activity;
- To inform you about Services and products available from The Standard or that may otherwise be of interest to you;
- To fulfill the services, reservations, purchases and other transactions that you (or, if applicable, anyone involved in the process of making your travel arrangements) request from us, including facilitating your requests to plan and purchase hotel accommodations or other travel services such as transportation and to reserve dining, lounge and spa services;
- To authorize access to our Sites and Services;
- To validate your identity or verify communications from you;
- To offer and administer programs;
- To customize or tailor your experience of the Services;
- To manage, store and enhance guest data and preferences;
- To communicate about, and administer your participation in, special programs, surveys, contests, online campaigns, online programs, sweepstakes, prize draws and other offers or promotions, and to deliver pertinent emails;
- To send you confirmations, updates, security alerts, and support and administrative messages and otherwise facilitate your use of, and our administration and operation of, the Services;
- For marketing purposes, including but not limited to, facilitating interest-based advertising, creating traveler profiles, creating custom audiences to target online and mobile advertising, sending integrated marketing messages across channels and devices, personalizing email marketing that we send to you, sending you other promotional materials, and notifying you about special promotions, offers, events or opportunities that may be of interest to you;
- To facilitate social sharing functionality;
- To improve our customer service, conduct customer satisfaction, market research, and quality assurance reviews;
- To respond to and support Users regarding their use of the Sites and Services;
- To process applications for employment that you submit through the Sites (or third-party sites);
- For our legitimate business purposes, such as data analysis, audits, operating and expanding our business activities;
- To administer general recordkeeping;
- To comply with all applicable legal requirements;
- For any other purpose that is disclosed to you at the point of collection of the personal information, for any purpose for which you provide your prior consent, or for any other lawful purpose.
We may use your Personal Information in furtherance of our legitimate interest to provide you with the Services offered by us. We may also use your information to manage our contractual relationship with you or to comply with our legal obligations.
To the extent we rely on consent for the processing of your Personal Information, we will seek such consent at the time we collect your personal data. We may also use the Personal Information we obtain about you in other ways for which we provide specific notice at the time of collection.
Whenever we collect Personal Information from you, we may do so on the following legal bases:
- Your consent to such collection and use;
- Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Services;
- Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Information is necessary for:
- Intra-organization transfers for administrative purposes;
- Product development and enhancement, where the processing enables The Standard to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our visitors and guests, and to better understand how people interact with our Sites and Services;
- Fraud detection and prevention;
- Enhancement of our cybersecurity, including improving the security of our network and information systems; and
- General business operations and diligence.
Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.
We disclose your Personal Information for a business purpose to the following categories of third parties:
- Our affiliates;
- New owner and/or manager of a hotel or other property previously operated under our family of trademarks and brands following a change in management or ownership of the hotel or other property;
- Strategic business partners who provide goods, services and offers that enhance your experience at our properties, or that we believe will be of interest to you;
- Third parties and commercial providers to whom you or your agents authorize us to disclose your Personal Information in connection with the Services we provide to you. These third parties may include accommodation and food service providers, transportation services, health club, spa, concierge and other outlets and similar vendors in order to provide our Services and programs to you; and
- Service providers and other third parties we use to support our business, including without limitation those performing core services (such as reservations, billing, credit card processing, customer support services, customer relationship management, property management, accounting, auditing, processing insurance claims, administering sweepstakes, surveys, advertising and marketing, analytics, email and mailing services, data storage, and security) related to the operation of our business and/or the Services, the operation of our properties, the provision of services at those properties, the processing and fulfillment of your reservations and requests, participation in and the administration of sweepstakes, contests and other promotions, and making certain functionalities available to our Users.
We may disclose your Personal Information for legal reasons. Specifically, we will share Personal Information with companies, organizations or individuals outside of The Standard if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
· Fulfill any purpose for which you provide it;
· Meet any applicable law, regulation, legal process or enforceable governmental request;
· Detect, prevent, or otherwise address fraud, security or technical issues;
· Protect against harm to the rights, property, assets or safety of The Standard, our guests or the public, content found on the Services, or to protect the Services from unauthorized use or misuse, as required or permitted by law;
· For any other purpose disclosed when you provide the information; and
· When we obtain your consent to do so.
We attempt to notify visitors and guests about legal demands for their Personal Information when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we have no obligation to do so.
By submitting your Personal Information using the Sites or Services, you understand and agree to this transfer, storing or processing. As described below in “How We Protect Personal Information“, we have put in place commercially reasonable technical and organizational procedures to safeguard the treatment of information and Personal Information, in accordance with applicable law.
You may have certain rights relating to your Personal Information under local data privacy and protection laws. Subject to applicable law, you may make requests regarding your Personal Information, such as deleting your Personal Information, correcting your Personal Information, and obtaining a copy of your Personal Information.
To make such a request, please email DPO@standardhotels.com or by writing us at the address indicated in “How to Contact Us” below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.
For California residents, please see Privacy Rights Specific to California Residents below.
For residents of the European Union, United Kingdom and Switzerland, please see Privacy Rights Specific to Certain Residents of Europe below.
When permitted by law, we may charge an appropriate fee to cover the costs of responding to your request and refuse to comply with requests that are clearly unfounded, repetitive or excessive.
PRIVACY NOTICE FOR RESIDENTS OF CALIFORNIA
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing California residents with the following additional information regarding the categories of their Personal Information that we have collected or disclosed in the previous twelve months:
We collect the following categories of Personal Information:
Category of Personal Information
First and last name, postal address, unique personal identifier, online identifier.
B. Personal information categories defined in California safeguards law.
Name, address, telephone number, financial information.
C. Characteristics of protected classifications under federal and California law
Gender, age, citizenship, national origin, marital status, medical conditions, primary language.
D. Commercial information.
Records of products or services purchased, obtained, or considered, financial details, purchasing or consuming histories or tendencies.
From time-to-time we may also collect the following categories of Personal Information:
Category of Personal Information
E. Internet or other similar network activity.
Interaction with the Sites.
F. Geolocation Data
Device location, IP location.
G. Sensory data.
Audio, electronic, visual or similar information recorded in connection with our business activities.
H. Inferences drawn from other personal information.
Profile reflecting a person's preferences, behavior, and attitudes.
The Standard may use your Personal Information for the purposes described above in “How We Use Personal Information We Collect”, and may disclose your Personal Information to third-party commercial providers for a legitimate business purpose, which include, for example, verifying your identity when making a payment. When we disclose Personal Information for these reasons, the provider is generally required both to keep that Personal Information confidential and not use it for any purpose except for the purposes set forth in the contract with such provider.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for one or more business purposes:
- Identifiers, such first and last name, postal address, unique personal identifier, online identifier;
- Personal information categories defined in California safeguards law, such as name, address, telephone number, financial information;
- Characteristics of protected classifications under federal and California law, such as gender, age, citizenship, national origin, marital status, medical conditions, primary language;
- Commercial information, such as records of products or services purchased, obtained, or considered, financial details, purchasing or consuming histories or tendencies;
- Internet or other network activity information, such as interaction with the Sites;
- Geolocation data, such a device location, IP location;
- Sensory data, such as audio, electronic, visual or similar information recorded in connection with our business activities;
- Inferences drawn from other personal information, such as a profile reflecting a person's preferences, behavior, and attitudes.
As described above, we have disclosed your Personal Information to third parties in connection with providing you with certain Services and for other business purposes. Under the broad definition of what constitutes a “sale” under CCPA, such disclosure may constitute a “sale” of your Personal Information.
California residents are entitled to contact us to request information about whether we have disclosed Personal Information to third parties for the third parties’ direct marketing purposes and may choose to opt-out of the sharing of Personal Information with third parties for direct marketing purposes by sending (a) an email to DPO@standardhotels.com with the subject heading “California Privacy Rights,” or (b) a letter addressed to Standard International, Attention: DPO/Legal, 23 East 4th Street, 5th Floor, New York, NY 10003. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
Under the CCPA, California residents have specific rights regarding their personal information. This section describes Californians’ rights and explains how California residents can exercise those rights.
· Right to Delete Your Data. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
· Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection, use and disclosure of your Personal Information over the past twelve (12) months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
· Right to Data Portability. You have the right to a “portable” copy of your Personal Information that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Information stored on our servers or information technology environment to another service provider’s servers or information technology environment.
· Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.
If you are a California resident who chooses to exercise your rights, you can:
1. Submit a request via email to DPO@standardhotels.com, or
2. Call (212) 965-4309 to submit your request.
You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.
Upon receiving your request, we will confirm receipt of your request by sending you an email. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
The European Union’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the United Kingdom and Switzerland, provide residents of the EU, United Kingdom and Switzerland with certain rights in connection with Personal Information you have shared with us. If you are such a resident, you may have the following rights:
- The right of access. You have the right to request a copy of your Personal Information which we hold about you.
- The right of correction. You have the right to request correction or changes of your Personal Information if it is found to be inaccurate or out of date.
- The right to withdraw consent. You have the right to withdraw a previously given consent for processing your Personal Information for a specific purpose.
- The right to be forgotten. You have the right to request us, at any time, to delete your Personal Information from our servers and to erase your Personal Information when it is no longer necessary for us to retain such data. Note, however, that deletion of your Personal Information will likely impact your ability to use our services.
- The right to object (opt-out). You have the right to opt-out of certain uses of your Personal Information, such as direct marketing, at any time.
- The right to data portability. You have the right to a “portable” copy of your Personal Information that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your Personal Information stored on our servers or information technology environment to another service provider’s servers or information technology environment.
- The right to refuse to be subjected to automated decision making, including profiling. You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
- The right to lodge a complaint with a supervisory authority. You have the right to lodge complaints about our data processing activities by filing a complaint with us or with the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
You may exercise any of the rights described in this section by sending an email to DPO@standardhotels.com. Please note that we may ask you to verify your identity and request before taking further action on your request. We may respond to your request by letter, email, telephone or any other suitable method.
Your provision of Personal Information is required in order to use certain Services and programs. In some instances, if you fail to provide such Personal Information, you may not be able to access and use our Services, or parts of our Services.
We use and retain your Personal Information for as long as necessary to fulfill the purpose for which it is being processed, to carry out legitimate business interests, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.
The Standard maintains commercially reasonable technical and organizational safeguards designed to protect the User's Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. For example, we and/or our service providers use commercially reasonable security measures such as encryption, firewalls, Secure Socket Layer software (SSL) or hypertext transfer protocol secure (HTTPS) to protect Personal Information.
Although we take reasonable steps designed to protect your Personal Information, please be advised that no security system or means of transmitting data over the Internet can be guaranteed to be entirely secure (including without limitation with respect to computer viruses, malicious software and hacker attacks). We cannot and do not guarantee or warrant the security of your Personal Information or any other information you disclose or transmit to us. We are not responsible for the acts of those who gain unauthorized access, and we make no warranty, express, implied or otherwise, that we will prevent such access, and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of Personal Information that may affect you so that you can take the appropriate actions.
You may have certain choices when it comes to how we use your data and we want to provide you with information to make the choices that are right for you.
- Interest-Based Ads and Other Online Advertising. Visit www.networkadvertising.org or www.aboutads.info to learn more about your options for opting out of interest-based advertising. We do not guarantee that all of the third parties we work with will honor the elections you make using those options. Please also keep in mind that even if you opt-out of receiving ads tailored to your apparent interests, you will continue to see online ads, but the ads that you see therefore may be less relevant to your interests.
- Mobile Devices. Your mobile device may offer settings relating to cookies, pixel tags, Flash, cookies, and other similar technologies. We encourage to you to visit your device’s help menu to learn about your options to limit tracking when using your device. For some information on controlling your mobile choices, please visit https://www.networkadvertising.org/mobile-choices.
- Social Media Platforms and Networks. We encourage you to review your privacy options and settings with the social media platforms and networks you use to understand what choices you have about sharing information from those platforms and networks with us.
- Email Marketing. You can opt-out of receiving marketing emails from us by sending us an email stating your request to DPO@standardhotels.com. If we or one of our service providers acting on our behalf have sent you a promotional email, you may use the “unsubscribe” link. Please keep in mind that opting out of marketing emails may impact our ability to allow you access to certain offers, benefits and features. Please also note that even if you opt out of receiving certain marketing emails, that opt-out may not apply to other transactional or legal communications that you may continue to receive from us, such as customer service messages, messages about transactions with us, notices about our policies and terms, and emails responding to your communications with us or requests for information that we receive from you.
The Sites or Services may contain links to webpages operated by parties other than The Standard. We do not control such websites and are not responsible for their contents or the privacy policies or other practices of such websites. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. Further, you access linked sites at your own risk and, by accessing them, you are leaving the Sites, and you understand it is up to the User to take precautions to ensure that whatever links the User selects or software the User downloads (whether from this Site or other websites) is free of such items as viruses, worms, trojan horses, defects and other items of a destructive nature. These websites and services may have their own privacy policies, which the User will be subject to upon linking to the third party’s website. The Standard strongly recommends that each User review the third party’s terms and policies.
If you have any questions about the privacy practices of other websites, you should contact the relevant parties controlling these websites for more information.
The Sites and Services are not designed or intended to be used by anyone under the age of 18. If you are under the age of 18 (or a minor in the jurisdiction in which you are accessing our Sites or Services), please do not use the Sites or Services, make reservations or other purchases via the Services, use any interactive features of the Services, or post any Personal Information to our Sites or submit any Personal Information via the Services. We do not knowingly or intentionally gather Personal information about children. If a child has provided us with Personal Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child, please contact us DPO@standardhotels.com. If we learn that we have inadvertently collected the Personal Information of a child, we will take steps to delete the information as soon as possible and cease the use of that information in accordance with applicable law.
Via e-mail: DPO@standardhotels.com
By writing to us:
23 East 4th Street, 5th Floor
New York, NY 10003