Effective Date: January 10, 2019 Last Updated: April 25, 2019
- Information We Collect
- How We Use Information We Collect
- Our Legal Basis for Collecting Personal Data
- Information We Share
- Your Failure to Provide Personal Data
- Our Retention of Your Personal Data
- Your Choices and Accessing, Updating or Deleting Your Personal Data
- Social Media Platforms and Websites
- Third Party Links
- International Transfer
- How We Protect Personal Data
- Direct Marketing and “Do Not Track” Signals
- How to Contact Us
Irrespective of which country you live in, you authorize us to transfer, store, and use your information in the United States, and any other country where we operate. In some of these countries, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those in the country where you live. Learn more about our data transfer operations in the “International Transfer” section below. If you do not agree to the transfer, storage and use of your information in the United States, and any other country where we operate, please do not use the Sites or Services.
If you provide Personal Data about other people (for example, you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.
INFORMATION WE COLLECT We collect information, including Personal Data, to provide better Services to all our users. We use the term “Personal Data” to refer to any information that identifies or can be used to identify you. Common examples of Personal Data include: full name, home address, email address, date of birth, digital identity, such as a login name or handle, information about your device, payment data, and certain metadata.
“Sensitive Personal Data” refers to a smaller subset of Personal Data which is considered more sensitive to the individual, such as race and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric information, physical or mental health information, medical insurance data, or sexual orientation. BEI Hotel does not collect or use Sensitive Personal Data and asks that you do not provide Sensitive Personal Data to us.
We collect Personal Data in the following ways:
1. Information You Give to Us and Our Partners You may choose to provide us with Personal Data about yourself, including your name, billing address, email address, phone number, zip or postal code, user name and password, location information and birthdate, and other information such as booking, stay and purchase history, by completing forms on our website. In order to complete a reservation, an online credit card transaction may be required. During this process, you may provide us with the first and last name of the payment card owner, credit card billing address, payment card number, payment card expiration date, card verification value (“CVV”), shipping address, phone number and email.
We collect your Personal Data from companies with whom we partner to provide you with goods, services or offers related to your stays at our properties or that we believe might interest you (“Strategic Business Partners”). Examples of Strategic Business Partners include on-property outlets, travel booking platforms and tour companies.
When using our Services, you may elect to provide us with location and address information. You may also provide us with Personal Data about yourself when you report a problem or have a question about our Services, or when you use site-specific mobile applications or internet-connected devices available in our properties, such as a smart home assistant.
The Sites offer interactive and social features that permit you to submit content and communicate with other users. You may provide Personal Data to us when you post information in these interactive and social features. Please note that your postings in these areas of the Sites may be publicly accessible or accessible to other users.
Please note that if you do not provide us with Personal Data, your ability to use certain aspects of our products and Services may be limited.
2. Information We Obtain from Your Use of Our Services We collect certain information automatically, such as your operating system version, browser type, and internet service provider. When you use our Site, we automatically collect and store this information in service logs. This includes: details of how you used our Site; Internet protocol address; and cookies that uniquely identify your browser. We may also collect and process information about your actual location. The information we collect automatically is statistical data and may or may not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.
3. Cookies and Similar Technologies We and our partners use various technologies to collect and store information when you visit or use one of our Services, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. Our third party advertising and analytics partners include Google and similar partners. You can learn about Google’s practices and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Web Beacons. Pages of our Services or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Clickstream Data. Clickstream data is information collected by our computers when you request Web pages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Sites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Sites.
HOW WE USE INFORMATION WE COLLECT We use your Personal Data in ways that are compatible with the purposes for which it was collected or authorized by you, including for the following purposes: 1. To inform you about services you request\, including:
- To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages
- To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service
- To respond to your inquiries and to fulfill your requests
- To support our electronic receipt program
- To manage our contractual relationship with you
- To contact you with respect to any billing inquires
- To personalize your experience on the Services by presenting products and offers tailored to you
- To facilitate social sharing functionality
We use the information we collect from our Sites to provide, maintain, and improve them, to develop new Services, and to protect our company and our users.
We use information collected from cookies and other technologies, to improve your user experience and the overall quality of our Services. We may use your Personal Data to see which web pages you visit at our Site, which web site you visited before coming to our Site, and where you go after you leave our Site. We can then develop statistics that help us understand how our visitors use our Site and how to improve it. We may also use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
OUR LEGAL BASIS FOR COLLECTING PERSONAL DATA Whenever we collect Personal Data from you, we may do so on the following legal bases: 1. Your consent to such collection and use; 2. Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for products; 3. Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Data is necessary for:
- Intra-organization transfers of client data for administrative purposes;
- Product development and enhancement, where the processing enables BEI Hotel to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our users, and to better understand how people interact with our Sites;
- Communications and marketing, including processing data for direct marketing purposes, and subject to your opt-in for these purposes, and to determine the effectiveness of our promotional campaigns and advertising;
- Fraud detection and prevention;
- Enhancement of our cybersecurity, including improving the security of our network and information systems; and
- General business operations and diligence;
Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.
INFORMATION WE SHAREWe do not share Personal Data with companies, organizations and individuals outside of our organization unless one of the following circumstances applies:
- Strategic Business Partners. We disclose Personal Data and other data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.
- For Legal Reasons. We will share Personal Data with companies, organizations or individuals outside of BEI Hotel if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of BEI Hotel, our users or the public as required or permitted by law.
We attempt to notify users about legal demands for their Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
- Business Transfers. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, Personal Data about our users is often a transferred business asset. In the event that BEI Hotel itself or substantially all of our assets are acquired, Personal Data about our users may be one of the transferred assets.
- Aggregate Site Use Information. We may share aggregate and anonymized/pseudonymized Personal Data to third parties in order to promote or describe use of the Sites, for research, marketing, advertising, or similar purposes.
YOUR FAILURE TO PROVIDE PERSONAL DATA Your provision of Personal Data is required in order to use certain parts of our Services and our programs. If you fail to provide such Personal Data, you may not be able to access and use our Services and/or our programs, or parts of our Services and/or our programs.
OUR RETENTION OF YOUR PERSONAL DATA We may retain your Personal Data for a period of time consistent with the original purpose for collection. For example, we keep your Personal Data for no longer than reasonably necessary for your use of our programs and Services and for a reasonable period of time afterward. We also may retain your Personal Data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
YOUR CHOICES AND ACCESSING, UPDATING OR DELETING YOUR PERSONAL DATA Whenever you use our Services, we aim to provide you with choices about how we use your Personal Data. We also aim to provide you with access to your Personal Data. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, you may obtain a copy of Personal Data we maintain about you or you may update or correct inaccuracies in that information by contacting us. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information. In addition, if you believe that Personal Data we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the How to Contact Us section below.
- European Users’ Rights With Respect to Personal DataSome data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”), provide you with certain rights in connection with Personal Data you have shared with us. If you are resident in the European Economic Area, you may have the following rights:
- The right of access. You have the right to request a copy of your Personal Data which we hold about you.
- The right of correction: You have the right to request correction or changes of your Personal Data if it is found to be inaccurate or out of date.
- The right to be forgotten: You have the right to request us, at any time, to delete your Personal Data from our servers and to erase your Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of your Personal Data will likely impact your ability to use our Services.
- The right to object (opt-out): You have the right to opt-out of certain uses of your Personal Data, such as direct marketing, at any time.
- The right to data portability: You have the right to a “portable” copy of your Personal Data that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your Personal Data stored on our servers / IT environment to another service provider’s servers / IT environment.
- The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
- The right to lodge a complaint with a supervisory authority.
To make a request related to your rights, you may contact us using the contact information below, and we will consider your request in accordance with applicable laws.
- Changing or Deleting Your Information
You may update or correct information about yourself by emailing us at firstname.lastname@example.org. If you completely delete all such information, then your account may become deactivated. We may retain an archived copy of your records as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements or for other legitimate business purposes.
We may contact you to request that you update your Personal Data on a regular basis to ensure its integrity for the purposes of ongoing data management.
- Our Opt-in/Opt-out Policy
SOCIAL MEDIA PLATFORMS AND WEBSITESAny information, communications or material of any type or nature that you submit to our Sites (including, but not limited to any BEI Hotel website contained on a social media platform or website such as Facebook or Twitter) by email, posting, messaging, uploading, downloading, or otherwise (collectively, a “Submission”), is done at your own risk and without any expectation of privacy.
Additionally, in the event that BEI Hotel offers a message board or any other interactive or social-type feature on a website administered directly by BEI Hotel, please be aware that these platforms may allow you to publicly post and share information with other users. Although BEI Hotel may take certain precautions to protect those who use these areas of a BEI Hotel website, you should not give out any Personal Data in such public forums as we cannot guarantee the privacy and safety of these areas, and we therefore cannot be responsible for any misused information you choose to post. Your use of these features is fully at your own risk.
THIRD PARTY LINKS The Sites may contain links to websites operated by parties other than BEI Hotel, including websites operated by our Strategic Business Partners. We do not control such websites and are not responsible for their contents, privacy policies or other practices. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. Further, it is up to you to take precautions to ensure that whatever links you select or software you download (whether from this Site or other websites) is free of such items as viruses, worms, trojan horses, defects and other items of a destructive nature. These websites and services may have their own privacy policies, which you will be subject to upon linking to the third party’s website. BEI Hotel strongly recommends that you review the third party’s terms and policies.
HOW WE PROTECT PERSONAL DATABEI Hotel maintains reasonable administrative, technical and physical safeguards designed to protect the user’s Personal Data and information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We implement appropriate technical and organizational measures that seek to ensure a level of security appropriate to the risk, taking into account technological reality, cost, the scope, context and purposes of processing weighted against the severity and likelihood that the processing could threaten individual rights and freedoms. For example, we use commercially reasonable security measures such as encryption, firewalls, and Secure Socket Layer software (SSL) or hypertext transfer protocol secure (HTTPS) to protect Personal Data.
If BEI Hotel collects account information for payment or credit, BEI Hotel will use the information only to complete the task for which the account information was offered.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that the security of your account has been compromised, please notify us immediately in accordance with the “How To Contact Us” section, below.
CHILDREN The Sites are not intended for use by children. We do not intentionally gather Personal Data about visitors who are under the age of 18. If a child has provided us with Personal Data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 18, please contact us at email@example.com. If we learn that we have inadvertently collected the Personal Data of a child under 18, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.
DIRECT MARKETING AND “DO NOT TRACK” SIGNALS The BEI Hotel Sites do not respond to Do Not Track (DNT) signals. BEI Hotel does track its users in order to provide targeted advertising to users about our Services.
California residents are entitled to contact us to request information about whether we have disclosed personal information to third parties for the third parties’ direct marketing purposes. We do not disclose personal information to third parties for the third parties’ direct marketing purposes. California users may request further information about our compliance with this law by e-mailing us at the address listed in the “How to Contact Us” section.
Send e-mail to: firstname.lastname@example.org