Privacy Policy
Effective Date: June 14, 2023
The Crescent Fort Worth is committed to protecting the privacy of certain data that is collected about you. This Privacy Policy describes our policies and practices regarding the collection, use, and disclosure of personal data or personal information, as defined by applicable law (“personal data”), that we collect about you, including personal data you submit or we obtain when you access or use this website or websites, apps, or other online media under our operation and control, or through HTML-formatted email messages that we send to you that link to this Privacy Policy (collectively, the “Site”), as well as certain other personal data relating to you that we collect when you make a reservation, stay as a guest at a Company property, attend events at a Company property or events hosted by us, use on-property services, such as concierge and meeting services, or visit on-property outlets, such as restaurants and spas (collectively, the “Services”). This Privacy Policy applies to information collected by the Company, its subsidiaries and affiliated companies, and its third-party hotel management company (collectively referred to in this Privacy Policy as the “Company”, “we”, “us” or “our”).
Our Privacy Policy explains: (1) what information we collect; (2) why we collect it; (3) how we use that information; (4) how we may share it; and (5) the choices we offer, including how to access and update information. Specifically, our Privacy Policy covers the following topics:
- When This Privacy Policy Applies
- Terms of Use
- Information We Collect
- How We Use Information We Collect
- Information We Share
- Your Failure to Provide Personal Data
- Our Retention of Your Personal Data
- Your Choices and Accessing, Updating or Deleting Your Personal Data
- Third Party Links
- International Transfer
- How We Protect Personal Data
- Children
- “Do Not Track” Signals
- Changes to this Privacy Policy
- Applicable Law
- California Consumer Privacy Policy
- European Users’ Privacy Rights
- How to Contact Us
Please familiarize yourself with our privacy practices and let us know if you have any questions. By using the Sites and the Services, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Sites or Services.
Irrespective of which country you live in, you authorize us to transfer, store, and use your information in the United States, and any other country where we operate. In some of these countries, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those in the country where you live. Learn more about our data transfer operations in the “International Transfer” section below. If you do not agree to the transfer, storage and use of your information in the United States, and any other country where we operate, please do not use the Sites or Services.
If you provide personal data about other people (for example, you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Policy.
When This Privacy Policy Applies
Our Privacy Policy applies to the Sites under the Company’s operation and control and to the Services offered by the Company, but excludes websites, apps, other online media and services that have separate privacy policies that do not incorporate this Privacy Policy.
We are not responsible for data collection, data use practices, privacy policies or the use of cookies or tracking technologies on hotel brand websites or other non-Company websites that you may access from this Site or that have directed or connected you to this Site.
If you are a California consumer, as defined by the California Consumer Privacy Act (CCPA), please also see the section below regarding your California Privacy Rights. If you are located in the EU, please see the section below on EU specific rights.
Terms of Use
By accessing or using the Sites in any manner, you also agree to be bound by the Company’s Terms of Use (the “Agreement”). Please read the Agreement carefully. If you do not accept all of the terms and conditions contained in or incorporated by reference into the Agreement, please do not use the Sites.
Information We Collect
We collect information, including personal data, to provide better Services to all our users. We use the term “personal data” to refer to any information that identifies or can be used to identify you. Common examples of personal data include: full name, home address, email address, date of birth, digital identity, such as a login name or handle, information about your device, payment data, and certain metadata.
The Company may collect and use sensitive personal data relating to special accommodation requests, such as a request for an ADA accessible guest room. Otherwise, the Company does not intentionally collect or use sensitive personal data and asks that you do not provide sensitive personal data to us.
Types of Personal Information we May Collect
We may collect or you may provide the following personal data in connection with your use of the Sites or Services:
- personal or work contact information, including your name, your employer’s name, billing address, email address, and phone number
- personal characteristics, such as gender, date of birth, title, and nationality
- passport number and date and place of issue
- travel history, booking, stay or purchase history
- payment information, such as your payment card number, authentication information, expiration date, and card verification value (“CVV”) and other billing and account details associated with your payment card
- guest preferences
- marketing and communication preferences
- sensitive personal data relating to special accommodation requests
- reviews and opinions
- frequent flyer or similar membership program number and related information
- information provided on membership and account applications
- user name and/or password when you create or use a user account
- information about your use of the Sites and Services
- Statistical Data. To monitor utilization of the Site and continuously improve its quality, we may compile statistical information concerning the usage of the Site using analytics services, such as those provide by Google Analytics. Examples of this information would include: the number of visitors to the Site, or to sections or pages within the Site, patterns of traffic flowing through the Site, length of time spent on the Site, or in sections or pages of the Site, the other sites that refer visitors to the Site, the pages of the Site that visitors frequently use as entry and exit points, utilization of the browser and operating systems and versions used by visitors to the Site. The analytics services may transfer this information to third parties in case of a legal obligation or if a third party processes data on behalf of that service. To compile this information, we may collect and store:
- Your city and/or country which you are located
- Your operating system version
- Your browser version
- The pages you visit within the Site
- The length of time you spend on pages within the Site
- The site from which you linked to ours
- Search terms you used in search engines which resulted in you linking to the Site, etc.
While all of this information can be associated with the IP address your computer had while you visited the Site, it will not be associated with you as an individual, or associated with any other information you may submit through the Site, or that we may store about you for any other purposes.
How we may Collect Personal Information
We may collect and you may provide personal data in the following ways. We may collect and you may provide your personal data online via the Sites, and offline through channels other than the Sites, including via your use of the Services:
- Information Obtained from You
- When you submit or provide non-electronic registration information or documents, speak with us by phone, or send an email.
- When you make online reservations, participate in membership or loyalty programs, contests, sweepstakes, or marketing programs, subscribe to our newsletters, emails, special offers, request proposals or sign up for events.
- When you contact us with a question or concern, or to report a problem.
- When you use site-specific mobile applications or internet-connected devices available in our properties, such as a smart home assistant.
- Information You Give to Our Business Partners
- We may also collect your personal data from associated hotel brands, resorts and hospitality companies. For example, a hotel company may share with us your personal data and other data used for making a reservation at a hotel property owned or managed by us to fulfill and complete your reservation and/or provide Services.
- We may collect your personal data from companies with whom we partner to provide you with goods, services or offers related to your stays at properties owned or managed by us or that we believe might interest you (“Strategic Business Partners”). Examples of Strategic Business Partners include on-property outlets, travel booking platforms and tour companies.
- Information Obtained from Your Use of the Sites
- When you utilize Site interactive and social features to submit content and communicate with other users, you may provide personal data to us. Please note that your postings in these areas of the Sites may be publicly accessible or accessible to other users.
- When you upload documents or complete forms on the Site, we may collect the information contained in those documents/forms.
- Information Obtained from Cookies and Similar Technologies
- We and our partners use various technologies to collect and store information when you visit or use one of our Sites or Services, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. Our third party advertising and analytics partners include Google and similar partners. You can learn about Google’s practices and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- The technologies we use for this automatic data collection may include:
- Cookies. A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Sites or Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Sites. If you do not want information collected through the use of cookies, you may wish to refer to https://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept our cookies, you may experience some inconvenience in your use of the Sites and Services. Please read our Cookie Policy.
- Web Beacons. Pages of our Sites or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
- Clickstream Data. Clickstream data is information collected by our computers when you request Web pages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Sites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Sites.
- Embedded Content and Social Media Widgets. The Site contains embedded content (e.g., videos) and Social Media Widgets (e.g., Instagram, Twitter). Embedded content may place third party cookies on your device that track your online activity to enhance your experience or assess the success of their application. Social Media Widgets allow us to integrate social media functions into the Site. These widgets may place third party cookies on your device for tracking and advertising purposes. We have no direct control over the information these cookies collect and you should refer to their website privacy policy for additional information.
IMPORTANT: By using the Site, you consent to the processing of any personal data for the analytics purposes and functions described above.
How we use Information We Collect
We use your personal data in ways that are compatible with the purposes for which it was collected or authorized by you, including for the following business or commercial purposes:
- To inform you about Services you request, including:
- To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages
- To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service
- To respond to your inquiries and to fulfill your requests
- To support our electronic receipt program
- To manage our contractual relationship with you
- To contact you with respect to any billing inquires
- To personalize your experience on the Sites and with the Services by presenting products and offers tailored to you
- To facilitate social sharing functionality
- To authorize access to our Sites and Services;
- To provide you with Services and products, including to customize your experience according to your personal preferences and to present offers tailored to your personal preferences;
- To offer and administer customer loyalty and other programs;
- To administer content, promotions, sweepstakes, surveys, voting polls or other Site features;
- To communicate about, and administer your participation in, special programs and offers, as well as periodic customer satisfaction, market research and quality assurance surveys, and to deliver pertinent emails;
- For our business purposes such as payment processing and financial account management; product/service development; contract management; IT and website administration and security; fulfillment; analytics; fraud prevention; corporate governance; reporting and legal compliance; data analysis; audits; identifying usage trends; determining the effectiveness of our promotional campaigns; and operating and expanding our business activities;
- To improve our customer service;
- To respond to and support users regarding their use of the Sites and Services;
- To comply with all applicable legal requirements;
- To investigate possible fraud or other violations of our Terms of Use or this Privacy Policy and/or attempts to harm our users.
- For our research and development efforts. We may use data, including public feedback, to conduct research and for the development of the Site and the Services and products we provide to you.
- To provide you, or permit selected third parties to provide you, with information about events, products and services we offer.
- For advertising. We may show you ads on the Site using data from advertising technologies on the Site such as web beacons, pixels, ad tags, cookies, device identifiers; or information from advertising partners.
Information We Share
We do not share personal data with companies, organizations and individuals outside of our organization unless one of the following circumstances applies:
- Hotel, Resort and Hospitality Companies. We disclose personal data and other data to hotel, resort and hospitality companies for the purposes described in this Privacy Policy, including to facilitate your stay at properties owned or managed by us, to administer loyalty programs, and to accomplish our business purposes.
- Strategic Business Partners. We disclose personal data and other data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at properties owned or managed by us or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at properties owned or managed by us to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.
- For external processing. We provide personal information to our affiliates, trusted businesses or partners, or vendors to process it for us based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. For example, we may use or disclose this information with these third parties for external processing as follows:
- With your consent or as you direct;
- To manage the Site;
- To process payments and requests for products and services;
- To provide you with products, services, or offers;
- To coordinate your participation in our loyalty reward or similar programs;
- To engage in marketing activities, such as sharing personal information with our partners to deliver advertisements to our shared customers;
- To enhance our services by, among other methods, obtaining assistance with providing more personalized services to you through analytics and other technologies;
- To protect our interests and legal rights, such as through responding to subpoenas and defending litigation; and
- To protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities.
We do not share personal data with third parties for their own marketing purposes.
- For Legal Reasons. We will share personal data with companies, organizations or individuals outside of the Company if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- demonstrate our relationship with you.
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Use, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of the Company, our users or the public as required or permitted by law.
We attempt to notify users about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
- Business Transfers. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, personal data about our users is often a transferred business asset. In the event that the Company itself or substantially all of our assets are acquired, personal data about our users may be one of the transferred assets.
- Aggregate Site Use Information. We may share aggregate or anonymized/pseudonymized personal data with third parties in order to promote or describe use of the Sites, for research, marketing, advertising, or similar purposes.
Your Failure to Provide Personal Data
Your provision of personal data is required in order to use certain parts of our Services, Sites and our programs. If you fail to provide such personal data, you may not be able to access and use our Services, Sites and/or our programs, or parts of our Services, Sites and/or our programs.
Our Retention of your Personal Data
We may retain your personal data for a period of time consistent with the original purpose for collection. For example, we keep your personal data for no longer than reasonably necessary for your use of our programs and Services and for a reasonable period of time afterward. We also may retain your personal data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
If you choose to close your account, we generally delete closed account information within 30 days of account closure, except as noted below. We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), for other legitimate business purposes, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms of Use, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.
Your Choices and Accessing, Updating or Deleting Your Personal Data
Whenever you use our Sites and Services, we aim to provide you with choices about how we use your personal data. We also aim to provide you with access to your personal data. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information. In addition, if you believe that personal data we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the “How to Contact Us” section below.
Our Unsubscribe Policy
By providing an email address on the Sites or in connection with the Services, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any service related notices, or to provide you with information about events, invitations, or related information from the Company, our subsidiaries and affiliated companies, hotel, resort and hospitality companies with whom we do business, and our Strategic Business Partners. For purposes of this Privacy Policy, “opt-in” is generally defined as any affirmative action by a user to submit or receive information, as the case may be.
We currently provide the following unsubscribe opportunities:
- At any time, you can follow a link provided in offers, newsletters or other email messages (except for e-commerce confirmation or service notice emails) received from us to unsubscribe from the service.
- At any time, you can contact us in accordance with the “How To Contact Us” section provided below to unsubscribe from the service and opt-out of our right per your consent under the terms of this Privacy Policy to share your personal data.
Notwithstanding anything else in this Privacy Policy, please note that we always reserve the right to contact you in the event of a change in this Privacy Policy, or to provide you with any service related notices.
Third Party Links
The Sites may contain links to websites operated by parties other than the Company, including websites operated by hotel, resort and hospitality companies and our Strategic Business Partners. We do not control such websites and are not responsible for their contents, privacy policies or other practices. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. Further, it is up to you to take precautions to ensure that whatever links you select or software you download (whether from this Site or other websites) is free of such items as viruses, worms, trojan horses, defects and other items of a destructive nature. These websites and services may have their own privacy policies, which you will be subject to upon linking to the third party’s website. The Company strongly recommends that you review the third party’s terms and policies.
Links to Third Party Integrations. We may provide links to third party integrations. Third party integrations are websites or platforms that synchronize with our Sites or Services to provide you with additional functionality, tools, or services such as directions, collecting resumes, sharing documents or videos, or sending announcements.
You acknowledge and agree we are not responsible for the availability of such sites or resources and do not endorse and are not responsible or liable for any content, advertising, goods, services or other materials on, available through, or provided by such sites or resources.
We are not responsible for the privacy or other practices of such sites and cannot guarantee the security of any of your personal information that you provide or is collected by such sites. We encourage you to review the privacy policies and terms and conditions on those linked sites.
International Transfer
We are committed to complying with applicable laws, regulations and mandatory government standards regarding the protection of personal data.
Personal data and any additional information submitted may be used globally in connection with employment, business processes within the Company, or communicating with our clients. Therefore, personal data may be transferred to other Company entities worldwide, where it will be processed in accordance with this Privacy Policy and laws that are applicable in each country. Countries where we process data may have laws which are different, and potentially not as protective, as the laws of your own country.
How We Protect Personal Data
The Company maintains reasonable administrative, technical and physical safeguards designed to protect the user’s personal data and information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We implement appropriate technical and organizational measures that seek to ensure a level of security appropriate to the risk, taking into account technological reality, cost, the scope, context and purposes of processing weighted against the severity and likelihood that the processing could threaten individual rights and freedoms. For example, we use commercially reasonable security measures such as encryption, firewalls, and Secure Socket Layer software (SSL) or hypertext transfer protocol secure (HTTPS) to protect personal data.
If the Company collects account information for payment or credit, the Company will use the information only to complete the task for which the account information was offered.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that the security of your account has been compromised, please notify us immediately in accordance with the “How to Contact Us” section, below.
Children
The Sites are not intended for use by children. We do not intentionally gather personal data about visitors who are under the age of 18. If a child has provided us with personal data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 18, please contact us in accordance with the “How to Contact Us” section. If we learn that we have inadvertently collected the personal data of a child under 18, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.
“Do Not Track” Signals
The Company Sites do not respond to Do Not Track (DNT) signals. The Company does track its users in order to provide targeted advertising to users about our Services.
Changes to this Privacy Policy
By using the Sites and the Services, you signify your acceptance of the terms of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Sites or Services. We reserve the right to change this Privacy Policy at any time. Changes will be effective immediately upon posting to the Site and will apply to your use of the Site and the Services and the Company’s practices concerning personal information after the “Effective Date” listed above. Your use of the Services or Sites following these changes means that you accept the revised Privacy Policy.
Applicable Law
Our Privacy Policy is governed by the internal substantive laws of the State of Georgia USA without regard to its conflict of laws principles. Jurisdiction for any claims arising under or out of this Privacy Policy will lie exclusively with the state and federal courts within DeKalb County, Georgia USA. If any provision of this Privacy Policy is found to be invalid by a court having competent jurisdiction, the invalidity of such provision will not affect the validity of the remaining provisions of this Privacy Policy, which will remain in full force and effect.
California Consumer Privacy Policy
This California Consumer Privacy Policy section (“California Privacy Policy”) applies solely to individuals, visitors, users, and others who are residents of the State of California (“consumers” or “you”) and describes our policies and practices regarding the collection, use, and disclosure of personal information we collect about you, including personal information you submit or we obtain when you access or use the Site or the Services or through other channels. This section does not apply to personal information we collect about you as a job applicant to, an employee of, owner of, director of, officer of, or contractor of the Company. This section also does not apply to personal information we collect about you as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, non-profit, or government agency when your communications or transactions with the Company occur solely within the context of the Company conducting due diligence regarding, or providing or receiving a product or service to or from, such company, partnership, sole proprietorship, non-profit, or government agency.
This California Privacy Policy is adopted to comply with the California Consumer Privacy Act (“CCPA”). Any terms defined within the CCPA have the same meaning when utilizing within this California Privacy Policy. Please read this carefully.
Changes to this California Privacy Policy. By using the Sites and the Services, you signify your acceptance of the terms of this California Privacy Policy. If you do not agree to this California Privacy Policy, please do not use the Sites or Services. We reserve the right to change this California Privacy Policy at any time. Changes will be effective immediately upon posting to the Site and will apply to your use of the Site and the Services and the Company’s practices concerning personal information after the “Effective Date” listed above. Your use of the Services or Sites following these changes means that you accept the revised California Privacy Policy.
Personal Information That We Collect. This notice describes the categories of personal information (“PI”) we collect, have collected, or will collect through the Sites or in the course of our business, including providing Services, in the preceding 12 months and the purposes for which such PI may be used.
Categories of Personal Information Collected | Examples | Purposes Personal Information is Used |
Identifiers and Contact information. | A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers. |
|
Other elements. | Examples include name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, employment, bank account number, credit card number, debit card number, or any other financial information. |
|
Characteristics of protected classifications under California or federal law. | Age (40 years or older), color, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions, veteran or military status |
|
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies |
|
Internet or other electronic network activity. | Examples include browsing history, search history, a consumer’s interaction with an internet website, application, or advertisement. |
|
Geolocation data | Physical location or movements (geo-fencing) |
|
Audio, electronic, visual, thermal, olfactory, or similar information | Video surveillance |
|
Consumer profile or inferences drawn from other personal information. | Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes |
|
The Company may add to the categories of PI it collects and the purposes it uses PI. In that case, the Company will inform you by posting an updated version of this California Privacy Policy on the Site.
Exclusions from Personal Information. PI does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like certain health or medical information and other categories of information protected by different laws.
How We Collect Personal Information. The above categories of PI are or were collected from the following categories of sources. We may collect and you may provide PI online via the Sites, and offline through channels other than the Sites, including via your use of the Services.
- Information Obtained from You
- When you submit or provide non-electronic registration information or documents, speak with us by phone, or send an email.
- When you make online reservations, participate in membership or loyalty programs, contests, sweepstakes, or marketing programs, subscribe to our newsletters, emails, special offers, request proposals or sign up for events.
- When you contact us with a question or concern, or to report a problem.
- When you use site-specific mobile applications or internet-connected devices available in our properties, such as a smart home assistant.
- Information You Give to Our Business Partners
- We may also collect your PI from associated hotel brands, resorts and hospitality companies. For example, a hotel company may share with us your personal data and other data used for making a reservation at a hotel property owned or managed by us to fulfill and complete your reservation and/or provide Services.
- We may collect your PI from companies with whom we partner to provide you with goods, services or offers related to your stays at properties owned or managed by us or that we believe might interest you (“Strategic Business Partners”). Examples of Strategic Business Partners include on-property outlets, travel booking platforms and tour companies.
- Information Obtained from Your Use of the Sites
- When you utilize Site interactive and social features to submit content and communicate with other users, you may provide PI to us. Please note that your postings in these areas of the Sites may be publicly accessible or accessible to other users.
- When you upload documents or complete forms on the Site, we may collect the information contained in those documents/forms.
- Information Obtained from Cookies and Similar Technologies
- We and our partners use various technologies to collect and store information when you visit or use one of our Sites or Services, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. Our third party advertising and analytics partners include Google and similar partners. You can learn about Google’s practices and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- The technologies we use for this automatic data collection may include:
- Cookies. A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Sites or Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Sites. If you do not want information collected through the use of cookies, you may wish to refer to https://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept our cookies, you may experience some inconvenience in your use of the Sites and Services. Please read our Cookie Policy.
- Web Beacons. Pages of our Sites or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
- Clickstream Data. Clickstream data is information collected by our computers when you request Web pages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Sites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Sites.
- Embedded Content and Social Media Widgets. The Site contains embedded content (e.g., videos) and Social Media Widgets (e.g., Instagram, Twitter). Embedded content may place third party cookies on your device that track your online activity to enhance your experience or assess the success of their application. Social Media Widgets allow us to integrate social media functions into the Site. These widgets may place third party cookies on your device for tracking and advertising purposes. We have no direct control over the information these cookies collect and you should refer to their website privacy policy for additional information.
IMPORTANT: By using the Site, you consent to the processing of any PI for the analytics purposes and functions described above.
How We Share the Personal Information that We Collect.
Please see the above chart for the categories of PI collected and the business or commercial purposes for which they were collected.
The above categories of PI are shared with the following categories of third parties:
- Hotel, Resort and Hospitality Companies. We disclose PI and other data to hotel, resort and hospitality companies for the purposes described in this Privacy Policy, including to facilitate your stay at properties owned or managed by us, to administer loyalty programs, and to accomplish our business purposes.
- Strategic Business Partners. We disclose PI and other data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at properties owned or managed by us or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at properties owned or managed by us to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.
- For external processing. We provide PI to our affiliates, trusted businesses or partners, or vendors to process it for us based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. For example, we may use or disclose this information with these third parties for external processing as follows:
- With your consent or as you direct;
- To manage the Site;
- To process payments and requests for products and services;
- To provide you with products, services, or offers;
- To coordinate your participation in our loyalty reward or similar programs;
- To engage in marketing activities, such as sharing personal information with our partners to deliver advertisements to our shared customers;
- To enhance our services by, among other methods, obtaining assistance with providing more personalized services to you through analytics and other technologies;
- To protect our interests and legal rights, such as through responding to subpoenas and defending litigation; and
- To protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities.
We do not share PI with third parties for their own marketing purposes.
- For Legal Reasons. We will share PI with companies, organizations or individuals outside of the Company if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- demonstrate our relationship with you.
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Use, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of the Company, our users or the public as required or permitted by law.
We attempt to notify users about legal demands for their PI when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
- Business Transfers. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, PI about our users is often a transferred business asset. In the event that the Company itself or substantially all of our assets are acquired, PI about our users may be one of the transferred assets.
- Aggregate Site Use Information. We may share aggregate or anonymized/pseudonymized information with third parties in order to promote or describe use of the Sites, for research, marketing, advertising, or similar purposes.
We do not sell your PI as defined in the CCPA.
The Company has disclosed for a business purpose the following categories of PI in the preceding 12 months:
- Identifiers
- Other Elements
- Characteristics of protected classifications under California or federal law
- Commercial information
- Internet or other electronic network activity
- Geolocation data
- Audio, electronic, visual, thermal, olfactory, or similar information
- Consumer profile or inferences drawn from other personal information
California Consumer Rights. Pursuant to the CCPA, and as detailed below, consumers have various rights with respect to their PI.
- Right to Request Deletion. You have the right to request that the Company delete your PI from the Company’s records and direct any service providers to delete your PI from their records, subject to certain exceptions.
- Upon receipt of a verifiable consumer request, the Company will delete and direct any service providers to delete your PI from its records.
- The Company is not required to comply with your request to delete your PI if it is necessary for the Company (or its service provider) to maintain your PI in order to:
- Complete the transaction for which the PI was collected, provide a good or service requested by you, or reasonably anticipated within the context of the Company’s ongoing business relationship with you, or otherwise perform a contract between the Company and you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Company.
- Comply with a legal obligation.
- Otherwise use your PI, internally, in a lawful manner that is compatible with the context in which you provided the information.
- Right to Request Information. You have the right to request the Company disclose the following to you as it relates to the 12-month period preceding the Company’s receipt of your verifiable consumer request:
- The categories of PI the Company has collected about you.
- The categories of sources from which the PI is collected.
- The business or commercial purpose for collecting or selling PI.
- The categories of third parties with whom the Company shares PI.
- The specific pieces of PI the Company has collected about you.
Upon receipt of a verifiable consumer request, the Company will provide a response to your request for information.
- Right to Request Information as to Sale or Disclosure for Business Purpose. We do not sell your PI as defined in the CCPA. If in the future, we anticipate selling your PI as defined in the CCPA, we will provide you with the opt-out and opt-in rights as required by the CCPA. You have the right to request that the Company disclose the following to you as it relates to the 12-month period preceding the Company’s receipt of your verifiable consumer request:
- The categories of PI that the Company collected about you.
- The categories of PI that the Company sold about you and the categories of third parties to whom the PI was sold, by category or categories of PI for each category of third party parties to whom the PI was sold. Please note that we do not sell your PI.
- The categories of PI that the Company disclosed about you for a business purpose.
- Upon receipt of a verifiable consumer request, the Company will provide a response to your request for information as to sale or disclosure for business purpose.
- Nondiscrimination. We will not discriminate against you in violation of the CCPA for exercising any of your CCPA rights. For example, we generally will not provide you a different level or quality of goods or services if you exercise your rights under the CCPA. However, in certain instances we may be unable to provide the service requested (e.g., if you decline to provide your hotel rewards number, we will be unable to credit your stay to your rewards account.)
Submitting California Consumer Rights Requests. To submit any of the California Consumer Rights requests as outlined in this California Privacy Policy, please contact us at (000) 000-0000 or email@address.com. We reserve the right to only respond to verifiable consumer requests. A verifiable consumer request is one made by any individual who is:
- the consumer who is the subject of the request,
- a consumer on behalf of the consumer’s minor child, or
- by a natural person or person registered with the Secretary of State authorized to act on behalf of a consumer.
If the Company requests, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of a Consumer. Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond. PI collected from an individual to determine whether a request is a verifiable consumer request may not be used for any other purpose. We reserve the right to charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will attempt to notify you as to why we made that decision and provide a cost estimate before completing your request. We will attempt to respond to a verifiable consumer request within forty-five (45) days of receipt, but we may require up to ninety (90) days to respond, under which circumstances we will notify you of the need for an extension.
Other California Privacy Rights (California’s “Shine the Light” Law).
California residents are entitled to contact us to request information about whether we have disclosed personal information to third parties for the third parties’ direct marketing purposes. We do not disclose personal information to third parties for the third parties’ direct marketing purposes. California users may request further information about our compliance with this law by contacting us in accordance with the “Submitting California Consumer Rights Requests” section of this California Privacy Policy.
California residents under the age of 18. If you are a California resident under the age of 18 and a registered user of any Site where this policy is posted, California law permits you to request and obtain removal of certain content or information you have publicly posted. You may submit your request using the contact information in the “How to Contact Us” section below. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
European Users’ Privacy Rights
Some data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”), provide you with certain rights in connection with personal data we have collected or you have shared with us. We attempt to process your personal data in accordance with applicable law. In addition to the information provided above, residents of the European Economic Area should be aware of the following.
- Legal basis for processing your personal data. Whenever we collect personal data from you, we may do so on the following legal bases:
- We may collect and process your personal data where you have given us consent to do so. In addition, we will request your explicit consent before we process any special category personal data about you. You may withdraw your consent at any time by contacting us in accordance with the “How to Contact Us” section below;
- We may collect and process your personal data where it is necessary to perform a contract with you including supplying/providing products or services; and
- We may collect and process your personal data where it is necessary for us to pursue our legitimate interests as a business, or those of a third party, for the following purposes:
- Intra-organization transfers of client data for administrative purposes;
- Product development and enhancement, where the processing enables the Company to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our users, and to better understand how people interact with our Sites;
- Communications and marketing, including processing data for direct marketing purposes, and subject to your opt-in for these purposes, and to determine the effectiveness of our promotional campaigns and advertising;
- Fraud detection and prevention;
- Enhancement of our cybersecurity, including improving the security of our network and information systems; and
- General business operations and diligence.
Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.
- Additional Rights. If you are resident in the European Economic Area, you may have the following additional rights relating to your personal data, subject to certain limitations:
- The right to be informed. You are entitled to be informed of the use of your personal data. This Privacy Policy provides that information to you.
- The right of access. You have the right to request a copy of your personal data which we hold about you.
- The right of correction: You have the right to request correction or changes of your personal data if it is found to be inaccurate or out of date.
- The right to restrict processing. You have the right to restrict processing of your personal data where you believe it is unlawful for us to process it, you require us to keep it in connection with legal proceedings, or pending an investigation where you have objected to the processing of your personal data.
- The right to be forgotten: You have the right to request us, at any time, to delete your personal data from our servers and to erase your personal data when it is no longer necessary for us to retain such data. Note, however, that deletion of your personal data will likely impact your ability to use our Services.
- The right to object (opt-out): You have the right to opt-out of certain uses of your personal data, such as direct marketing, at any time.
- The right to data portability: You have the right to a “portable” copy of your personal data that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your personal data stored on our servers / IT environment to another service provider’s servers / IT environment.
- The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
- The right to lodge a complaint with a supervisory authority.
Please note that these rights may not apply to individuals residing outside the EEA. To make a request related to your rights, you may contact us using the contact information below.
The Transfer or Storage of Your Personal Data.
The personal data that we collect from you may be transferred to countries outside the European Economic Area (“EEA”). This may include where any of our servers or those of our third party service providers are located in a country outside of the EEA or it is processed by our staff or the staff of our third party service provider operating outside the EEA. These countries may not have similar data protection laws to the country in which you reside. If we transfer your personal data outside of the EEA we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected in accordance with this Policy. These steps may include imposing appropriate contractual obligations on the recipient of your personal data. If you are located in the EEA, you understand and consent to having your personal data processed outside of the EEA, including in the United States.
How to Contact Us
If you have any specific questions about this Privacy Policy, you can contact us at info@thecrescenthotelfw.com.