Privacy Notice
Effective: January 1, 2023
Last updated: January 6, 2023
Sonesta International Hotels Corporation (collectively with our subsidiaries, “Sonesta,” “we,” “us,” “our”) provides this Privacy Notice (“Privacy Notice”) describing important information about how we collect, use, and disclose your personal data in the following circumstances:
- \Through the websites or mobile applications we own and control that link to this Privacy Notice (the “Online Services”),
- Through the social media pages we control, emails that we send, and other direct marketing activities (“Marketing Activities”),
- Through our interaction with business contacts in the context of their relationship with us (“Business Contact Activities”),
- When you visit one of the properties we own, operate, franchise, or license and through other in-person interactions with you (“Offline Activities”).
When we use the term “Services” in this Privacy Notice, we collectively refer to the Online Services, Marketing Activities and Offline Activities.
When we use the term “Guests” in this Privacy Notice, we mean the users of and visitors to the Services. Employees, contractors, and job applicants who are California residents receive a supplemental privacy notice that applies to their relationship with Sonesta in the context of their employment, engagement, or job application. In the event of any conflict with this Privacy Notice, the terms of the supplementary employee notice will control.
When we use the term “personal data” we mean any information that identifies an individual person or reasonably relates to an identifiable individual.
What Personal Data We Collect
1. Personal data – We collect personal data about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers, including:
- Name
- Postal address
- Email addresses
- Telephone numbers
- IP Address and other online identifiers
- Credit card information and other payment data
- Financial information, in limited circumstances
- Account information, such as username and password
- Gender or gender expression
- Health information, from Guests with particular health concerns that they have shared with us
- Lifestyle information, such as room preferences and other information necessary to fulfill special requests (e.g., medical conditions that require room accommodations)
- Date of birth
- Nationality, passport, visa, or other government-issued identification information
- Visual information captured through CCTV cameras at our facilities
- Job title and employment affiliations
- Employer details
- Travel itinerary, tour group, or activity data
- Guest preferences and personalized data, such as your communications and language preferences, travel habits and preferences, food and beverage preferences, interests, activities, hobbies, prior stays or interactions, goods and services purchased, special service and amenity requests, and important dates (such as birthdays, anniversaries and special occasions)
- Social media account ID, profile photo, and other data publicly available, or data made available by linking your social media and loyalty accounts
- Information about family members and companions, such as names and ages of children
- Images, video, and audio data via security cameras and security personnel body cameras
- Geolocation information
2. Other Data – We collect other data about you, including:
- Information regarding your use of our Online Services, including browser and device data, and data collected through cookies, pixel tags, and other technologies (these practices are more fully described below in the “Cookie Notice” section)
- Demographic data and other data provided by you
- Aggregated data relating to your stays
How We Collect Personal Data
1. Online Services and Marketing Activities – We collect Personal Data through our Online Services and Marketing Activities when you:
- Research and book a reservation
- Purchase products or services
- Make a customer service request
- Respond to a survey
- Subscribe to our newsletters
- Register for our loyalty program
- Update your contact information
- Participate in a competition, promotional activity, or sweepstakes
- Provide a testimonial, story, review, or comment
- “Like,” “Follow,” or otherwise connect with or post to one of our social media pages
- Interact with an email we send
2. Offline Activities – We collect Personal Data during your visits to properties we own, operate, franchise, or license, and through other in-person interactions when you:
- Purchase or use on-site products and services, such as restaurants and bars, fitness centers, and concierge services
- Attend promotional events that we host or in which we participate, or when you provide your personal data to facilitate an event.
3. Business Partners – We collect Personal Data from companies with whom we partner to provide you with products, services, or offers based upon your experiences at our properties or that may be of interest to you. These business partners are independent from Sonesta. Examples of our business partners include:
- Owners, franchisees, and licensees
- On-property retail and food and beverage outlets
- Travel agents and tour operators
- Time share partners
- Rental car providers
- Travel booking platforms
4. Other Sources – We collect personal data from other sources, such as public databases, joint marketing partners, Guest devices that are connected to Wi-Fi we provide, and other third parties.
5. Internet-Connected Devices – We collect personal data from internet-connected devices available in our properties. For example, a smart home assistant may be available for your use at one of our properties that you visit.
6. Physical & Mobile Location-Based Services – We collect personal data if you download one of our mobile applications (for example, we may collect the precise physical location of your device). We collect this data if you opt in through the app, either during your initial login or later, to receive the special offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the app will continue to collect location data when you are in or near a participating property until you log off or close application, or if you use your device’s setting to disable location capabilities for the app.
Why We Collect Personal Data
We collect the personal data above about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers. More specifically, we use the information in connection with the following:
- Our business transactions with you, including, but not limited to:
- Fulfilling bookings
- Entering into a contract with you
- Responding to your inquiries and fulfilling your requests
- Sending administrative information to you (for example, information regarding the Services or an event you are attending)
- Completing and fulfilling any purchases or requests for services
- Our legitimate business interests, including, but not limited to:
- Providing any other specific products, services, and information you request from us (such as participation in our loyalty programs)
- Providing you our newsletter, surveys, and other marketing and informational materials regarding our properties, products, and services (subject to your opt out right described in the “Opt Out” section below)
- Personalizing your experience on the Services by presenting products and offers tailored to you
- Allowing you to participate in sweepstakes, contests, and similar promotions, and to administer these activities (each of which may have additional rules and could contain additional information about how we process your personal data)
- Facilitating social sharing functionalities of your social media accounts
- Carrying out data analysis, audits, fraud monitoring and prevention, internal quality assurance, developing new products, enhancing, improving or modifying our Services, identifying usage trends, auditing use and functionality of our Services, helping enforce compliance with our Terms of Use, helping protect our Services, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities
- Allowing you to send messages to a friend through the Services. By using this functionality, you are telling us that you are entitled to use and provide us with your friend’s name and email address
- Fulfilling any other purpose for which you provide your personal data or which we disclose to you at the time of disclosure
- Any consent you may have provided, including, but not limited to accommodating special requests due to health conditions.
- We will make it clear to you in advance that we are relying on your consent (for example, when you sign up to our mailing list), and you have the right to decline to provide your consent and, if consent is provided, to withdraw your consent at any time
- As necessary or appropriate for legal reasons, including, but not limited to:
- To comply with our legal obligations
- To comply with legal process
- To respond to requests from public and government authorities, including those outside your country of residence
- To enforce our terms and conditions
- To protect our operations or those of any of our affiliates and other third parties
- To protect our rights, privacy, safety, or property, or that of our affiliates, you, or other third parties, including to support and enhance our data security
- To allow us to pursue available remedies or limit damages we, our affiliates, or other third parties, may sustain
How We Share and Disclose Personal Data
1. To Whom We Disclose Personal Data for a Business Purpose
- In the course of processing your personal data in connection with fulfilling bookings and providing other products and services you obtain from us, it may be necessary to transfer your personal data to:
- Our affiliates (for example, we share loyalty program data)
- Our owners, franchisees, and licensees (for example, we share reservation data)
- Payment processors and/or third-party service providers located in the United States and throughout the world for the purposes outlined in this Privacy Notice
- Business partners, sponsors, and other third parties
- Unless otherwise precluded or governed by legal requirements, we do not grant permission to any of our affiliates, property owners, franchisees, licensees, or third-party service providers that may receive your information to use such information independent of use in connection with our products and services, consistent with this policy.
- Reservations made via our websites (but not our call centers) are processed by Sabre, Inc., a third party. Personal data disclosed during the reservation process via our websites will be subject to this Privacy Notice, and, with respect to Sabre’s holding, use, and retention of such information, shall be subject to Sabre’s privacy policy (as may be updated from time to time) displayed on Sabre’s website, which is accessible at http://www.sabre.com.
- Except for the disclosure noted above regarding affiliates, properties, franchises and licenses, payment processors and third-party service providers, and except as disclosed below, our practice is to not provide access to, sell, rent, or otherwise give physical possession of your personal data to other parties.
2. When We Disclose Your Personal Data – Situations in which we may disclose your personal data, any communications sent to or received from you, and other information that we may have relating to you, are:
- When we have received your consent to do so
- When a hotel or other property leaves the Sonesta system and access to your personal data is necessary to facilitate business operations or meet contractual obligations
- To comply with legal or regulatory requirements or obligations in accordance with applicable law, including pursuant to a court order, subpoena, discovery, investigation, or similar action
- In case of emergency, if we believe it helpful in order to safeguard the life, health, or property of an individual
- If reasonably necessary to protect or enforce our property and rights, including to prevent, investigate, identify persons or organizations potentially involved in, or take any action regarding suspected fraud, violations of our terms of service, or activity that appears to us to be illegal or may expose us to legal liability, and
- In the event we merge with, or sell, or have a change of control of all or part of our business to a third party, to the acquirer of such business.
3. If information is shared as mentioned above, we reasonably seek to limit the scope of information that is furnished to the amount necessary for the specific circumstances.
Cookie Notice
We collect other data using cookies and related data collection technologies (“Cookies”) to provide our Online Services engage in Marketing Activities, gather information when users navigate through our websites to enhance and personalize the experience, to understand usage patterns, and to improve our websites, products, and Services.
- Cookies on our websites are generally divided into the following categories:
- Essential Cookies: These cookies are strictly necessary to provide you with services available through our Online Services and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Online Services, you cannot refuse them without impacting how our Online Services function.
- Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Online Services but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
- Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Online Services are being used or how effective our marketing campaigns are, or to help us customize our Online Services for you in order to enhance your experience.
- Targeting Cookies: These cookies record your visit to our Online Services, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on our websites and other websites you visit. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our websites. You can delete these cookies via your browser settings. See below for further details on how you can control third-party targeting cookies.
- Pixels & Beacons: These technologies count how many people visit certain web pages. Information collected from invisible pixels is used and reported in the aggregate and does not contain personal data. We may use this information to improve marketing programs and content.
- We also allow third parties to use Cookies on our Online Services to collect information about your online activities over time and across different websites you visit. This information is used to provide advertising tailored to your interests on websites you visit, also known as interest-based advertising, and to analyze the effectiveness of such advertising.
- How to control Cookies:
- You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of the Online Services.
- To learn more about the use of Cookies by Google for analytics and to exercise choice regarding those Cookies, please visit the Google Analytics Opt-out Browser Add-on.
- We support the Self-Regulatory Principles for Online Behavioral Advertising of the Digital Advertising Alliance (“DAA”). To learn more about certain third-party Cookies used for interest-based advertising, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance [MB1] or your device settings if you have the DAA or other mobile app.
- The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.
Other Information
1. Links to Other Web Sites – In some cases, our Online Services contain links to websites operated and maintained by third parties over which we have no control. When you connect to such website, you leave our Online Services. You should always read the privacy policy on these sites prior to transmitting any personal data since we cannot verify or be responsible for information not maintained by us. You connect to these sites at your own risk.
2. Social Media Sites – We are not responsible for the collection, usage, and disclosure policies and practices (including data security) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including any personal data you disclose to other organizations through or in connection with our mobile applications or our Marketing Activities.
3. Protecting Minor Children – Except as noted below, we do not seek to obtain nor do we wish to receive personal data directly from minors; however, we cannot always determine the age of persons who access and use our Online Services. If a minor (as defined by applicable law) provides us with their data without parental or guardian consent, we encourage the parent or guardian to contact us to have this information removed and to unsubscribe the minor from our future marketing communications.
Exceptions to this are:
- The names and ages of minors staying in rooms under reservations booked by an adult, whose names are recorded
- Our properties have, from time-to-time, programs and services directed at children, such as our “Just for Kids” and similar supervised children's services, for which email, contact information, and age may be acquired from minors aged 13 and over (such minimum age subject to appropriate adjustment in each jurisdiction to comply with law)
4. Information Provided on Someone Else’s Behalf – If you provide us with information about someone else, please ensure you have the person’s permission to do so for the purposes detailed in this Privacy Notice.
Communications, Opt In, and Opt Out
1. Our intention is that you should only receive email communications that you request, or that you will find useful. We may periodically contact you to provide information on:
- Upcoming or past reservations
- Travel Pass account information
- General hotel or corporate informational updates
- To ask for your feedback on our service
2. This communication is typically via email, though it may be by phone or direct mail (particularly with respect to upcoming reservations). We may also send promotional emails with special offers that may be of interest to you (unless you have opted out).
3. Through various means, you may opt in or sign up to receive promotional emails from us. All of our promotional emails give you the option to opt out at any time by clicking on a link at the bottom of the email. You may also opt out of any future promotional emails by emailing your request to: emailoptout@sonesta.com. Please allow 10 business days for your email opt out request to take effect.
4. You may choose not to submit your personal data by submitting your request by calling our Compliance Hotline at 855.251.0649. However, doing so may cause certain transactions to become affected. For example, not providing a name will prevent the processing of reservations.
Security
We seek to take steps to protect the information you provide us from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have implemented physical, electronic, and managerial procedures to help safeguard and secure your information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. Unfortunately, no security system is 100% secure, thus we cannot guarantee the security of all information you provide to us via the Services.
Your Rights; Region-Specific Disclosures
Individuals in certain jurisdictions may have certain rights with respect to their personal data. These may include the right to access your personal data, to request corrections to your personal data if it is inaccurate, to ask us to erase your personal data, or to restrict or object to the processing of your personal data.
If you make a request related to personal data about you, we may need to verify your identity. You may submit a request using the means described under the “Contact Us” section below.
If you are a resident of the European Economic Area, the United Kingdom, or the state of California or Virginia, please follow the below links for additional information:
1. European Economic Area or United Kingdom – For individuals in the European Economic Area or the United Kingdom, please click here for additional detailed disclosures (“EEA and UK Disclosures”).
2. California and Virginia – For California and Virginia residents, please click here for additional detailed disclosures (“State Privacy Disclosures”).
Policy Changes
At times our Privacy Notice may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
Contact Us
If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, please contact us by any of the following means:
- by calling our Compliance Hotline at 855.251.0649
- by mailing a written description of your concern or complaint to:
Sonesta International Hotels Corporation
Chief Compliance Officer,
400 Centre Street
Newton, MA 02458
- by emailing to privacyinquiries@sonesta.com
APPENDIX A: ADDITIONAL INFORMATION FOR EEA AND UK RESIDENTS
These disclosures (the “EEA and UK Disclosures” or “Disclosures”) supplement the Sonesta Privacy Notice.
The Disclosures apply only to our processing of personal data within the scope of the General Data Protection Regulation and/or the UK GDPR and the UK Data Protection Act 2018 (together, the “GDPR”) from one or more of the European Union Member States plus Iceland, Lichtenstein, and Norway (together known as the “European Economic Area” or “EEA”) or the United Kingdom (“UK”), as applicable.
Data Retention
1. We will retain your personal data for the period necessary to fulfill the purposes outlined in the Sonesta Privacy Notice unless a longer retention period is required or permitted by law.
2. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation, or regulatory investigations)
International Transfers
We are an international company and we may, subject to applicable law, transfer your information to our affiliates or selected third parties outside the country where you are located and where information protection standards may differ (e.g., your information may be stored on servers located in other jurisdictions). We will utilize appropriate safeguards governing the transfer and usage of your personal data, such as an adequacy decision by the European Commission, Standard Contractual Clauses, or other applicable adequacy mechanisms. If you would like further detail on the safeguards we have in place, you can contact us directly as set forth in the “Contact Us” section below.
Data Subject Rights
Individuals whose personal data we process subject to the GDPR have certain rights, where applicable, as required by law, including the right of access, erasure, and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.
1. Access – Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.
2. Rectification – Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay.
3. Restriction – Individuals have the right to restrict or limit the ways in which we process personal data about them where the accuracy of the personal data is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see right of objection below) and we are considering whether to cease processing, or where we no longer need to process the personal data.
4. Objection – Individuals have the right to object to our processing of their personal data where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal data. Individuals also have the right to object to our processing of their personal data for direct marketing purposes.
5.Withdrawal of Consent – Where we rely on consent as the basis for processing personal data, individuals have the right to withdraw their consent.
6. Erasure – Individuals have the right to request deletion or erasure of their personal data in a number of circumstances where required by law. These include where we no longer require the personal data for the purposes for which it was collected, the individual has withdrawn consent, or where we are relying on legitimate interests as a legal basis and the individual’s rights override our legitimate interests.
7. Portability – Individuals have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.
8. Make a Complaint – Individuals also have the right to make a complaint about our personal data handling practices to their local Supervisory Authority. We would, however, appreciate the opportunity to address your concerns directly if possible, and ask you to please contact us in the first instance.
Changes to EEA and UK Disclosures
At times our EEA and UK Disclosures may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
Contact Us
To assert one of your legal rights described in these EEA and UK Disclosures, or if you have any questions about these EEA and UK Disclosures or our data handling practices, please contact us by any of the following means:
- by calling our Compliance Hotline at 855.251.0649
- by mailing a written description of your concern or complaint to:
Sonesta International Hotels Corporation
Chief Compliance Officer,
400 Centre Street
Newton, MA 02458
- by emailing to privacyinquiries@sonesta.com.
APPENDIX B: ADDITIONAL INFORMATION FOR CALIFORNIA AND VIRGINIA RESIDENTS
These disclosures (the “State Privacy Disclosures”) supplement the Sonesta Privacy Notice. If you are a California or Virginia resident, then this section of our Privacy Notice may apply to you. This section is intended to describe our practices under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (together, the “CCPA”) and the Virginia Consumer Data Protection Act (the “VCDPA”). It applies to personal information of California and Virginia residents, as applicable.
Categories of Personal Information Collected
California law requires us to provide additional information about the personal information we collect with reference to specific categories of information. For additional information about our sources of personal data, how we use personal data, and how we disclose personal data, refer to the Sonesta Privacy Notice. Within the last twelve months, we have collected the following categories of personal information from California residents:
Category | Examples
|
Identifiers | Name, postal address, Internet Protocol address, email address, account name, driver's license number, passport number, IP address, or other similar identifiers. |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, address, telephone number, passport number, driver's license or state identification card number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information |
Protected classification characteristics under California or federal law | Age (40 years or older), citizenship, marital status, sex (including gender, gender identity, or gender expression) |
Commercial information | Products or services purchased, obtained, or considered |
Internet or other similar network activity | Information on a consumer’s interaction with a website, application, or advertisement |
Geolocation data | Physical location, which may be identifiable based on IP address |
Audio, visual, or other sensory information | Visual or similar information, including information captured via CCTV cameras |
Professional or employment-related information | Job, title, employer details |
Sensitive Personal Information | Payment card and other financial information, account login information including username and password, information concerning health, gender, gender identity, or gender expression |
Inferences drawn from other personal information | Profile reflecting a person’s preferences and characteristics (e.g., transaction preferences) |
“Sales” and “Sharing” of Personal Information/Targeted Advertising
We do not sell your personal information for monetary consideration; however, we may disclose certain information for our Marketing Activities or in relation to our co-branded credit cards. Under the CCPA, some of these disclosures may be considered “sales.” In relation to these disclosures, we may share identifiers, commercial information, other financial information, and internet or other similar network activity. As disclosed above, we use cookies and other similar technologies, including for marketing purposes, and disclosures through such technologies could be deemed “sharing” for purposes of cross-context behavioral advertising under the CCPA. Information we “sell” or “share” may also be disclosed to marketing and co-branded credit card partners. Some of these activities may further constitute “targeted advertising” under the VCDPA. In order to opt-out of these disclosures or processing, you may use the contact information below or use this link: Do Not Sell or Share My Personal Information.
We do not knowingly “sell” or “share” personal data of children under 16 years of age.
Privacy Rights
1. Privacy Rights –California residents may have certain privacy rights, including the rights to: (i) request additional disclosures about the Personal Information we collect, use, and disclose, i.e., a “Request to Know (Categories of Information)”; (ii) obtain a copy of Personal Information, i.e., a “Request to Know (Specific Pieces of Information),” sometimes called the Right to Access; (iii) request deletion of Personal Information, i.e., a “Request to Delete Information,” sometimes called the Right to Be Forgotten; (iv) request the correction of Personal Information; and (v) opt out of the sale of Personal Information, sharing of Personal Information for purposes of cross-context behavioral advertising, and targeted advertising, i.e., a “Request to Opt Out.”
2. How to Exercise Privacy Rights – If you wish to exercise any of these rights please email privacyinquiries@sonesta.com or call us at 855.251.0649. The rights described herein are not absolute and we reserve all of our rights available to us at law in this regard. Additionally, if we retain your personal data only in de-identified form, we will not attempt to re-identify your data in response to a Data Subject Rights request.
We will not discriminate against you for exercising any of these rights, for example, by charging you a different price or offering a different level of service; however, we may be unable to provide certain Services, such as if you ask us to delete information required to deliver the Service.
If you make a request related to personal data about you, we will need to verify your identity. To do so, we will request that you match specific pieces of information you have provided us previously. If it is necessary to collect additional information from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying with the request. For requests related to particularly sensitive information, we may require additional proof of identification. If you make a request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf. We will process your request within the time provided by applicable law.
3. Additional Privacy Rights for California Residents (California Shine the Light)
If you are a California resident, California Civil Code Section 1798.83 permits you to request information about our practices related to the disclosure of your personal information to certain third parties for their direct marketing purposes. You may be able to opt-out of our sharing of your personal information with unaffiliated third parties for the third parties’ direct marketing purposes in certain circumstances. Please send your request (along with your full name, email address, postal address, and the subject line labeled “Your California Privacy Rights”) by email at privacyinquiries@sonesta.com.
4. California Notice at Collection for Online Sources
California law requires us to provide certain disclosures before our collection of personal information from California residents. The below Notice at Collection applies to our collection of personal information from California residents through our Online Services and Marketing Activities (described further above).
Category of Personal Information | Purpose for Collection and Use | Is the personal information sold or shared? | How long is the personal information retained? |
---|---|---|---|
A. Identifiers: a real name, alias, email address, postal physical address, telephone number, fax number, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers | To deliver the Services and provide the content and functionality of our Sites and social media accounts; To further develop, customize, and improve our Sites, social media accounts, other services, and your user experience; To contact and communicate with you, including for marketing purposes; To support and enhance our data security. | Yes, for Marketing Activities. | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): a name, address, telephone number, education, employment, employment history | To deliver the Services and provide the content and functionality of our Sites and social media accounts; To contact and communicate with you, including for marketing purposes; To support and enhance our data security; To otherwise operate our business. | In the past 12 months, we have not sold this information to any third parties, and we have disclosed this information only as set forth above under the heading “Disclosure of Information”. | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements |
D. Internet or other similar network activity: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement (e.g., visitor domain name, IP address, web browser, operating system, internet service provider, the pages visited, clickstream data, and time and date of visit) | To deliver the Services and provide the content and functionality of our Sites and social media accounts; To further develop, customize, and improve our Sites, social media accounts, other services, and your user experience; For advertising and marketing purposes; To support and enhance our data security; To otherwise operate our business. | Yes, for Marketing Activities | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements |
E. Geolocation data: Geographic location information about a particular individual or device, specifically IP address | IP address, which we collect, can reveal information about your location. We collect such information to: To deliver the Services and provide the content and functionality of our Sites and social media accounts; To further develop, customize, and improve our Sites; To support and enhance our data security; For advertising and marketing purposes; To otherwise operate our business | Yes (IP address), for Marketing Activities | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements |
F. Professional or employment-related information: Employer and job title | To deliver the Services, including our job application Site offered through our vendor; To contact and communicate with you including for marketing purposes; To support and enhance our data security; To support the Marketing Activities; To otherwise operate our business. | In the past 12 months, we have not sold this information to any third parties, and we have disclosed this information only as set forth above under the heading “Disclosure of Information”. | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements |
G. Education Information | To deliver the Services, including our job application Site offered through our vendor; To support and enhance our data security; To otherwise operate our business. | In the past 12 months, we have not sold this information to any third parties, and we have disclosed this information only as set forth above under the heading “Disclosure of Information”. | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements |
H. Inferences drawn from other personal information | To provide the content and functionality of our Sites, social media accounts, and other services; To further develop, customize, and improve our Sites, social media accounts, other services, and your user experience; To contact and communicate with you, including for marketing purposes; To support and enhance our data security. | In the past 12 months, we have not sold this information to any third parties, and we have disclosed this information only as set forth above under the heading “Disclosure of Information”. | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements |
I. Sensitive Information: Payment card and other financial information. | To process your transaction when you make a purchase on the Sites; To accommodate special requests due to health conditions; To comply with applicable laws and regulations; To otherwise operate our business. | Yes, in the case of our co-branded cards, card number, or other financial information may be disclosed to our partner in ways that could constitute “sales”. | No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements |
When we say we may use our Personal Information “to otherwise operate our business,” we mean uses that can include:
- To comply with our legal obligations
- To comply with legal process
- To respond to requests from public and government authorities, including those outside your country of residence
- To enforce our terms and conditions
- To protect our operations or those of any of our affiliates and other third parties
- To protect our rights, privacy, safety, or property, or that of our affiliates, you, or other third parties, including to support and enhance our data security
- To allow us to pursue available remedies or limit damages we, our affiliates, or other third parties, may sustain
Sensitive Personal Information
We may collect information that is considered “sensitive” under the CCPA, such as payment card or other financial information, account login information such as username and password, and data concerning health that we may collect from Guests with particular health concerns. When we do so, we use such information only for lawful purposes in compliance with the CCPA and other applicable privacy laws, such as to perform the services or provide the goods requested by you and to resist malicious, deceptive, fraudulent, or illegal actions. We do not use such information to infer characteristics about individuals.
Changes to State Privacy Disclosures
At times our CCPA Disclosures may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
Contact Us
To assert one of your legal rights described in these State Privacy Disclosures, or if you have any questions about these CCPA Disclosures or our data handling practices, please contact us by any of the following means:
- by calling our Compliance Hotline at 855.251.0649
- by mailing a written description of your concern or complaint to:
Sonesta International Hotels Corporation
Chief Compliance Officer,
400 Centre Street
Newton, MA 02458
- by emailing to privacyinquiries@sonesta.com.