Sonesta Privacy Notice

Last Revised:  June 2019

Sonesta International Hotels Corporation (collectively with our subsidiaries, “Sonesta,” “we,” “us,” “our”) provides this Privacy Notice (“Privacy Notice”) describing important information about how we collect, use and disclose your personal data in the following circumstances:

  • Through the websites or mobile applications we own and control that link to this Privacy Notice (the “Online Services”),
  • Through the social media pages we control, emails that we send and other direct marketing activities (“Marketing Activities”),
  • When you visit one of the properties we own, operate, franchise or license and through other in-person interactions with you (“Offline Activities”).

When we use the term “Services” in this Privacy Notice, we collectively refer to the Online Services, Marketing Activities and Offline Activities. 

When we use the term “Guests” in this Privacy Notice, we mean the users of and visitors to the “Services.”

When we use the term “personal data” we mean any information that identifies an individual person or reasonably relates to an identifiable individual. 

 

What Personal Data We Collect

1. Personal data – We collect personal data about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers, including:

  • Name
  • Postal address
  • Email addresses
  • Telephone numbers
  • Credit card information and other payment data
  • Financial information, in limited circumstances
  • Gender or gender expression
  • Lifestyle information, such as room preferences and other information necessary to fulfill special requests (e.g., medical conditions that require room accommodations)
  • Date of birth
  • Nationality, passport, visa or other government-issued identification information
  • Employer details
  • Travel itinerary, tour group, or activity data
  • Guest preferences and personalized data, such as your communications and language preferences, travel habits and preferences, food and beverage preferences, interests, activities, hobbies, prior stays or interactions, good and services purchased, special service and amenity requests, and important dates (such as birthdays, anniversaries and special occasions)
  • Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts
  • Information about family members and companions, such as names and ages of children
  • Images.  video, and audio data via security cameras and security personnel body cameras
  • Geolocation information

2. Other Data – We collect other data about you, including:

  • Information regarding your use of our Online Services, including browser and device data, data collected through cookies, pixel tags and other technologies (these practices are more fully described below in the “Cookie Notice” section)
  • Demographic data and other data provided by you
  • Aggregated data relating to your stays

 

How We Collect Personal Data

1. Online Services and Marketing Activities – We collect Personal Data through our Online Services and Marketing Activities when you:

  • Research and book a reservation
  • Purchase products or services
  • Make a customer service request
  • Respond to a survey
  • Subscribe to our newsletters
  • Register for our loyalty program
  • Update your contact information
  • Participate in a competition, promotional activity, or sweepstakes
  • Provide a testimonial, story, review or comment
  • “Like,” “Follow,” or otherwise connect with or post to one of our social media pages
  • Interact with an email we send

2. Offline Activities – We collect Personal Data during your visits to properties we own, operate, franchise or license, and through other in-person interactions when you:

  • Purchase or use on-site products and services, such as restaurants and bars, fitness centers and concierge services
  • Attend promotional events that we host or in which we participate, or when you provide your personal data to facilitate an event.

3. Business Partners – We collect Personal Data from companies with whom we partner to provide you with products, services, or offers based upon your experiences at our properties or that may be of interest to you.  These business partners are independent from Sonesta.  Examples of our business partners include:

  • Owners, franchisees, and licensees
  • On-property retail and food and beverage outlets
  • Travel agents and tour operators
  • Time share partners
  • Rental car providers
  • Travel booking platforms

4. Other Sources – We collect personal data from other sources, such as public databases, joint marketing partners, Guest devices that are connected to Wi-Fi we provide, and other third parties.

5. Internet-Connected Devices – We collect personal data from internet-connected devices available in our properties.  For example, a smart home assistant may be available for your use at one of our properties that you visit.

6. Physical & Mobile Location-Based Services – We collect personal data if you download one of our mobile applications (for example, we may collect the precise physical location of your device).  We collect this data if you opt in through the app, either during your initial login or later, to receive the special offers and to enable location-driven capabilities on your mobile device.  If you have opted-in, the app will continue to collect location data when you are in or near a participating property until you log off or close application, or if you use your device’s setting to disable location capabilities for the app.

 

Why We Collect Personal Data

We collect the personal data above about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers.  More specifically, we use the information in connection with the following:

  • Our business transactions with you, including, but not limited to:
    • Fulfilling bookings
    • Entering into a contract with you
    • Responding to your inquiries and fulfilling your requests
    • Sending administrative information to you (for example, information regarding the Services or an event you are attending)
    • Completing and fulfilling any purchases or requests for services
  • Our legitimate business interests, including, but not limited to:
    • Providing any other specific products, services, and information you request from us (such as participation in our loyalty programs)
    • Providing you our newsletter, surveys, and other marketing and informational materials regarding our properties, products, and services (subject to your opt out right described in the “Opt Out” section below)
    • Personalizing your experience on the Services by presenting products and offers tailored to you
    • Allowing you to participate in sweepstakes, contests, and similar promotions, and to administer these activities (each of which may have additional rules and could contain additional information about how we process your personal data)
    • Facilitating social sharing functionalities of your social media accounts
    • Carrying out data analysis, audits, fraud monitoring and prevention, internal quality assurance, developing new products, enhancing, improving or modifying our Services, identifying usage trends, auditing use and functionality of our Services, helping enforce compliance with our Terms of Use, helping protect our Services, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities
    • Allowing you to send messages to a friend through the Services. By using this functionality, you are telling us that you are entitled to use and provide us with your friend’s name and email address
    • Fulfilling any other purpose for which you provide your personal data or which we disclose to you at the time of disclosure
  • Any consent you may have provided, including, but not limited to:
    • Accommodating special requests due to health conditions
    • We will make it clear to you in advance that we are relying on your consent (for example, when you sign up to our mailing list), and you have the right to decline to provide your consent and, if consent is provided, to withdraw your consent at any time
  • As necessary or appropriate for legal reasons, including, but not limited to:
    • To comply with our legal obligations
    • To comply with legal process
    • To respond to requests from public and government authorities, including those outside your country of residence
    • To enforce our terms and conditions
    • To protect our operations or those of any of our affiliates and other third parties
    • To protect our rights, privacy, safety or property, or that of our affiliates, you, or other third parties
    • To allow us to pursue available remedies or limit damages we, our affiliates, or other third parties, may sustain

 

How We Share and Disclose Personal Data

1. To Whom We Disclose Personal Data

  • In the course of processing your personal data in connection with fulfilling bookings and providing other products and services you obtain from us, it may be necessary to transfer your personal data to:
    • Our affiliates (for example, we share loyalty program data)
    • Our owners, franchisees and licensees (for example, we share reservation data)
    • Payment processors and/or third-party service providers located in the United States and throughout the world for the purposes outlined in this Privacy Notice
    • Business partners, sponsors, and other third parties
  • Unless otherwise precluded or governed by legal requirements, we do not grant permission to any of our affiliates, property owners, franchisees, licensees or third-party service providers that may receive your information to use such information independent of use in connection with our products and services, consistent with this policy.
  • Reservations made via our websites (but not our call centers) are processed by Sabre, Inc., a third party.  Personal data disclosed during the reservation process via our websites will be subject to this Privacy Notice, and, with respect to Sabre’s holding, use and retention of such information, shall be subject to Sabre’s privacy policy (as may be updated from time to time) displayed on Sabre’s website, which is accessible at http://www.sabre.com.
  • Except for the disclosure noted above regarding affiliates, properties, franchises and licenses, payment processors and third-party service providers, and except as disclosed below, our practice is to not provide access to, sell, rent, or otherwise give physical possession of your personal data to other parties. 

2. When We Disclose Your Personal Data – Situations in which we may disclose your personal data, any communications sent to or received from you, and other information that we may have relating to you, are:

  • When we have received your consent to do so
  • When a hotel or other property leaves the Sonesta system and access to your personal data is necessary to facilitate business operations or meet contractual obligations
  • To comply with legal or regulatory requirements or obligations in accordance with applicable law, including pursuant to a court order, subpoena, discovery, investigation, or similar action
  • In case of emergency, if we believe it helpful in order to safeguard the life, health, or property of an individual
  • If reasonably necessary to protect or enforce our property and rights, including to prevent, investigate, identify persons or organizations potentially involved in, or take any action regarding suspected fraud, violations of our terms of service, or activity that appears to us to be illegal or may expose us to legal liability, and
  • In the event we merge with, or sell, or have a change of control of all or part of our business to a third party, to the acquirer of such business.

3. If information is shared as mentioned above, we reasonably seek to limit the scope of information that is furnished to the amount necessary for the specific circumstances.

 

Cookie Notice

We collect other data using cookies and related data collection technologies (“Cookies”) to provide our Online Services engage in Marketing Activities, gather information when users navigate through our websites to enhance and personalize the experience, to understand usage patterns, and to improve our websites, products, and Services.

  • Cookies on our websites are generally divided into the following categories:
    • Essential Cookies: These cookies are strictly necessary to provide you with services available through our Online Services and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Online Services, you cannot refuse them without impacting how our Online Services function.
    • Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Online Services but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
    • Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Online Services are being used or how effective our marketing campaigns are, or to help us customize our Online Services for you in order to enhance your experience.
    • Targeting Cookies: These cookies record your visit to our Online Services, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on our websites and other websites you visit.  These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our websites.  You can delete these cookies via your browser settings.  See below for further details on how you can control third-party targeting cookies.
    • Pixels & Beacons: These technologies count how many people visit certain web pages.  Information collected from invisible pixels is used and reported in the aggregate and does not contain personal data.  We may use this information to improve marketing programs and content.
  • We also allow third parties to use Cookies on our Online Services to collect information about your online activities over time and across different websites you visit.  This information is used to provide advertising tailored to your interests on websites you visit, also known as interest-based advertising, and to analyze the effectiveness of such advertising.
  • How to control Cookies:
    • You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies.  If you disable or delete certain Cookies in your settings, you may not be able to use features of the Online Services.
    • To learn more about the use of Cookies by Google for analytics and to exercise choice regarding those Cookies, please visit the Google Analytics Opt-out Browser Add-on.
    • We support the Self-Regulatory Principles for Online Behavioral Advertising of the Digital Advertising Alliance (“DAA”).  To learn more about certain third-party Cookies used for interest-based advertising, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance [MB1] or your device settings if you have the DAA or other mobile app.
    • The opt-outs described above are device- and browser-specific and may not work on all devices.  If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising.  Rather, the ads you see will just not be based on your interests.

 

Other Information

1. Links to Other Web Sites – In some cases, our Online Services contain links to websites operated and maintained by third parties over which we have no control. When you connect to such website, you leave our Online Services.  You should always read the privacy policy on these sites prior to transmitting any personal data since we cannot verify or be responsible for information not maintained by us.  You connect to these sites at your own risk.

2. Social Media Sites – We are not responsible for the collection, usage and disclosure policies and practices (including data security) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal data you disclose to other organizations through or in connection with our mobile applications or our Marketing Activities.

3. Protecting Minor Children – Except as noted below, we do not seek to obtain nor do we wish to receive personal data directly from minors; however, we cannot always determine the age of persons who access and use our Online Services.  If a minor (as defined by applicable law) provides us with his/her data without parental or guardian consent, we encourage the parent or guardian to contact us to have this information removed and to unsubscribe the minor from our future marketing communications.  Exceptions to this are:

  • The names and ages of minors staying in rooms under reservations booked by an adult, whose names are recorded
  • Our properties have from time to time programs and services directed at children, such as our “Just for Kids” and similar supervised children's services, for which email, contact information and age may be acquired from minors aged 13 and over (such minimum age subject to appropriate adjustment in each jurisdiction to comply with law)

4. Information Provided on Someone Else’s Behalf – If you provide us with information about someone else, please ensure you have the person’s permission to do so for the purposes detailed in this Privacy Notice.

 

Opt Out

1. Our intention is that you should only receive email communications that you request, or that you will find useful.  We may periodically contact you to provide information on:

  • Upcoming or past reservations
  • Travel Pass account information
  • General hotel or corporate informational updates
  • To ask for your feedback on our service

2. This communication is typically via email, though it may be by phone or direct mail (particularly with respect to upcoming reservations).  We may also send promotional emails with special offers that may be of interest to you (unless you have opted out).

3. All of our promotional emails give you the option to opt out at any time by clicking on a link at the bottom of the email.  You may also opt out of any future promotional emails by emailing your request to: emailoptout@sonesta.com.  Please allow 10 business days for your email opt out request to take effect.

4. You may choose not to submit your personal data by submitting your request by calling our Compliance Hotline at 855.251.0649.  However, doing so may cause certain transactions to become affected. For example, not providing a name will prevent the processing of reservations.

 

Region-Specific Disclosures

1. European Economic Area – For individuals in the European Economic Area, please click here for additional detailed disclosures (“Disclosures”).

2. Additional Information for California Residents – We do not provide your personal data to third parties for such third parties’ direct marketing purposes.  Please note that California Civil Code Section 1798.83 permits California residents to request certain information regarding disclosure of such individuals’ personal information to third parties for such third parties’ direct marketing purposes.  As noted in the “How We Share and Disclose Personal Data” section above, your personal data may be subject to certain third parties’ privacy policies.  

  • If you have any questions about our policy and practices, please contact us:
    • by electronic mail at privacyinquiries@sonesta.com
    • by telephone at 855.251.0649, or
    • by postal mail at: Sonesta International Hotels Corporation, Chief Compliance Officer, Two Newton Place, 255 Washington Street Suite 300, Newton, MA 02458 USA.
  • If you elect to contact us by email or postal mail, please include information in your email or letter that will help us identify you so that we can most expeditiously respond to you.

 

Policy Changes

At times our Privacy Notice may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days.  Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services.  We encourage you to check this policy periodically for updates.  

 

Contact Us

If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, please contact us by any of the following means:

  • by calling our Compliance Hotline at 855.251.0649
  • by mailing a written description of your concern or complaint to:

Sonesta International Hotels Corporation, Chief Compliance Officer, Two Newton Place, 255 Washington Street Suite 300, Newton, MA 02458

 

 

 

APPENDIX 1

 

Sonesta Privacy Notice EEA Disclosures

These disclosures (the “Disclosures”) supplement the Sonesta Privacy Notice.

The Disclosures apply only to our processing of personal data within the scope of the General Data Protection Regulation (“GDPR”) from one or more of the European Union Member States plus Iceland, Lichtenstein and Norway (together known as the “European Economic Area” or “EEA”) or the UK, in the event that the UK no longer forms part of the European Union or the EEA.

 

Data Retention

1. We will retain your personal data for the period necessary to fulfill the purposes outlined in the Sonesta Privacy Notice unless a longer retention period is required or permitted by law.

2. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
  • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

 

International Transfers

We are an international company and we may, subject to applicable law, transfer your information, to our affiliates or selected third parties outside the country where you are located and where information protection standards may differ (e.g., your information may be stored on servers located in other jurisdictions).  We will utilize appropriate safeguards governing the transfer and usage of your personal data, such as an adequacy decision by the European Commission, Model Clauses or other applicable adequacy mechanisms.  If you would like further detail on the safeguards we have in place you can contact us directly as set forth in the “Contact Us” section below.

 

Security

We seek to take reasonable steps to protect the information you provide us from loss, misuse and unauthorized access, disclosure, alteration and destruction.  We have implemented physical, electronic and managerial procedures to help safeguard and secure your information from loss, misuse, unauthorized access or disclosure, alteration or destruction.  Unfortunately, no security system is 100% secure, thus we cannot guarantee the security of all information you provide to us via the Services.

 

Data Subject Rights

Individuals whose personal data we process subject to the GDPR have certain rights, where applicable, as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.

1. Access – Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.

2. Rectification – Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay.

3. Restriction – Individuals have the right to restrict or limit the ways in which we process personal data about them where the accuracy of the personal data is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see right of objection below) and we are considering whether to cease processing, or where we no longer need to process the personal data.

4. Objection – Individuals have the right to object to our processing of their personal data where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal data.  Individuals also have the right to object to our processing of their personal data for direct marketing purposes.

5.Withdrawal of Consent – Where we rely on consent as the basis for processing personal data, individuals have the right to withdraw their consent.

6. Erasure – Individuals have the right to request deletion or erasure of their personal data in a number of circumstances where required by law.  These include where we no longer require the personal data for the purposes for which it was collected, the individual has withdrawn consent or, where we are relying on legitimate interests as a legal basis, and the individual’s rights override our legitimate interests.

7. Portability – Individuals have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller.  This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.

8. Make a Complaint – Individuals also have the right to make a complaint about our personal data handling practices to their local Supervisory Authority. We would, however, appreciate the opportunity to address your concerns directly if possible, and ask you to please contact us in the first instance.

 

Contact Us

To assert one of your legal rights described in these Disclosures, or if you have any questions about these Disclosures or our data handling practices, please contact us by any of the following means:

  • by calling our Compliance Hotline at 855.251.0649
  • by mailing a written description of your concern or complaint to:

Sonesta International Hotels Corporation
Chief Compliance Officer,
Two Newton Place,
255 Washington Street Suite 300,
Newton, MA 02458