Last Revised: January 2020
Sonesta International Hotels Corporation (collectively with our subsidiaries, “Sonesta,” “we,” “us,” “our”) provides this Privacy Notice (“Privacy Notice”) describing important information about how we collect, use and disclose your personal data in the following circumstances:
When we use the term “Services” in this Privacy Notice, we collectively refer to the Online Services, Marketing Activities and Offline Activities.
When we use the term “Guests” in this Privacy Notice, we mean the users of and visitors to the “Services.” This Privacy Notice does not apply to information we collect from our employees, contractors, applicants for employment, or business contacts.
When we use the term “personal data” we mean any information that identifies an individual person or reasonably relates to an identifiable individual.
1. Personal data – We collect personal data about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers, including:
2. Other Data – We collect other data about you, including:
1. Online Services and Marketing Activities – We collect Personal Data through our Online Services and Marketing Activities when you:
2. Offline Activities – We collect Personal Data during your visits to properties we own, operate, franchise or license, and through other in-person interactions when you:
3. Business Partners – We collect Personal Data from companies with whom we partner to provide you with products, services, or offers based upon your experiences at our properties or that may be of interest to you. These business partners are independent from Sonesta. Examples of our business partners include:
4. Other Sources – We collect personal data from other sources, such as public databases, joint marketing partners, Guest devices that are connected to Wi-Fi we provide, and other third parties.
5. Internet-Connected Devices – We collect personal data from internet-connected devices available in our properties. For example, a smart home assistant may be available for your use at one of our properties that you visit.
6. Physical & Mobile Location-Based Services – We collect personal data if you download one of our mobile applications (for example, we may collect the precise physical location of your device). We collect this data if you opt in through the app, either during your initial login or later, to receive the special offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the app will continue to collect location data when you are in or near a participating property until you log off or close application, or if you use your device’s setting to disable location capabilities for the app.
We collect the personal data above about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers. More specifically, we use the information in connection with the following:
1. To Whom We Disclose Personal Data for a Business Purpose
2. When We Disclose Your Personal Data – Situations in which we may disclose your personal data, any communications sent to or received from you, and other information that we may have relating to you, are:
3. If information is shared as mentioned above, we reasonably seek to limit the scope of information that is furnished to the amount necessary for the specific circumstances.
We collect other data using cookies and related data collection technologies (“Cookies”) to provide our Online Services engage in Marketing Activities, gather information when users navigate through our websites to enhance and personalize the experience, to understand usage patterns, and to improve our websites, products, and Services.
1. Links to Other Web Sites – In some cases, our Online Services contain links to websites operated and maintained by third parties over which we have no control. When you connect to such website, you leave our Online Services. You should always read the privacy policy on these sites prior to transmitting any personal data since we cannot verify or be responsible for information not maintained by us. You connect to these sites at your own risk.
2. Social Media Sites – We are not responsible for the collection, usage and disclosure policies and practices (including data security) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal data you disclose to other organizations through or in connection with our mobile applications or our Marketing Activities.
3. Protecting Minor Children – Except as noted below, we do not seek to obtain nor do we wish to receive personal data directly from minors; however, we cannot always determine the age of persons who access and use our Online Services. If a minor (as defined by applicable law) provides us with his/her data without parental or guardian consent, we encourage the parent or guardian to contact us to have this information removed and to unsubscribe the minor from our future marketing communications. Exceptions to this are:
4. Information Provided on Someone Else’s Behalf – If you provide us with information about someone else, please ensure you have the person’s permission to do so for the purposes detailed in this Privacy Notice.
1. Our intention is that you should only receive email communications that you request, or that you will find useful. We may periodically contact you to provide information on:
2. This communication is typically via email, though it may be by phone or direct mail (particularly with respect to upcoming reservations). We may also send promotional emails with special offers that may be of interest to you (unless you have opted out).
3. All of our promotional emails give you the option to opt out at any time by clicking on a link at the bottom of the email. You may also opt out of any future promotional emails by emailing your request to: emailoptout@sonesta.com. Please allow 10 business days for your email opt out request to take effect.
4. You may choose not to submit your personal data by submitting your request by calling our Compliance Hotline at 855.251.0649. However, doing so may cause certain transactions to become affected. For example, not providing a name will prevent the processing of reservations.
We seek to take steps to protect the information you provide us from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have implemented physical, electronic and managerial procedures to help safeguard and secure your information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Unfortunately, no security system is 100% secure, thus we cannot guarantee the security of all information you provide to us via the Services.
1. European Economic Area – For individuals in the European Economic Area, please click here for additional detailed disclosures (“EEA Disclosures”).
2. California – For California residents, please click here for additional detailed disclosures (“CCPA Disclosures”).
At times our Privacy Notice may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, please contact us by any of the following means:
Sonesta International Hotels Corporation
Chief Compliance Officer,
Two Newton Place,
255 Washington Street Suite 300,
Newton, MA 02458
APPENDIX A: ADDITIONAL INFORMATION FOR EEA RESIDENTS
These disclosures (the “EEA Disclosures”) supplement the Sonesta Privacy Notice.
The Disclosures apply only to our processing of personal data within the scope of the General Data Protection Regulation (“GDPR”) from one or more of the European Union Member States plus Iceland, Lichtenstein and Norway (together known as the “European Economic Area” or “EEA”) or the UK, in the event that the UK no longer forms part of the European Union or the EEA.
1. We will retain your personal data for the period necessary to fulfill the purposes outlined in the Sonesta Privacy Notice unless a longer retention period is required or permitted by law.
2. The criteria used to determine our retention periods include:
We are an international company and we may, subject to applicable law, transfer your information, to our affiliates or selected third parties outside the country where you are located and where information protection standards may differ (e.g., your information may be stored on servers located in other jurisdictions). We will utilize appropriate safeguards governing the transfer and usage of your personal data, such as an adequacy decision by the European Commission, Model Clauses or other applicable adequacy mechanisms. If you would like further detail on the safeguards we have in place you can contact us directly as set forth in the “Contact Us” section below.
Individuals whose personal data we process subject to the GDPR have certain rights, where applicable, as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.
1. Access – Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.
2. Rectification – Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay.
3. Restriction – Individuals have the right to restrict or limit the ways in which we process personal data about them where the accuracy of the personal data is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see right of objection below) and we are considering whether to cease processing, or where we no longer need to process the personal data.
4. Objection – Individuals have the right to object to our processing of their personal data where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal data. Individuals also have the right to object to our processing of their personal data for direct marketing purposes.
5.Withdrawal of Consent – Where we rely on consent as the basis for processing personal data, individuals have the right to withdraw their consent.
6. Erasure – Individuals have the right to request deletion or erasure of their personal data in a number of circumstances where required by law. These include where we no longer require the personal data for the purposes for which it was collected, the individual has withdrawn consent or, where we are relying on legitimate interests as a legal basis, and the individual’s rights override our legitimate interests.
7. Portability – Individuals have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.
8. Make a Complaint – Individuals also have the right to make a complaint about our personal data handling practices to their local Supervisory Authority. We would, however, appreciate the opportunity to address your concerns directly if possible, and ask you to please contact us in the first instance.
At times our EEA Disclosures may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
To assert one of your legal rights described in these EEA Disclosures, or if you have any questions about these EEA Disclosures or our data handling practices, please contact us by any of the following means:
Sonesta International Hotels Corporation
Chief Compliance Officer,
Two Newton Place,
255 Washington Street Suite 300,
Newton, MA 02458
APPENDIX B: ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
These disclosures (the “CCPA Disclosures”) supplement the Sonesta Privacy Notice. These CCPA disclosures apply to Guests who are California residents and only to our processing of personal data that is in scope for the California Consumer Privacy Act (“CCPA”).
The CCPA requires us to provide additional information about the personal information we collect with reference to specific categories of information. For additional information about our sources of personal data, how we use personal data, and how we disclose personal data, refer to the Sonesta Privacy Notice. Within the last twelve months, we have collected the following categories of personal information from California residents:
Category |
Examples |
Identifiers. |
Name, postal address, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers. |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, address, telephone number, passport number, driver's license or state identification card number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. . |
Protected classification characteristics under California or federal law. |
Age (40 years or older), citizenship, marital status, sex (including gender, gender identity, or gender expression).
|
Commercial information. |
Products or services purchased, obtained, or considered. |
Internet or other similar network activity. |
Information on a consumer's interaction with a website, application, or advertisement. |
Geolocation data. |
Physical location. |
Sensory data. |
Visual or similar information. |
Professional or employment-related information. |
Employer details. |
We do not sell your personal information for monetary consideration; however, we may disclose certain information for our Marketing Activities or in relation to our co-branded credit cards. Under the CCPA, some of these disclosures may be considered “sales.” In relation to these disclosures, we may share identifiers, commercial information, other financial information, and internet or other similar network activity. In order to opt-out of these disclosures, you may use the contact information below or use this link: Do Not Sell My Personal Information.
1. Privacy Rights – Under the CCPA, California residents may have certain privacy rights, including the rights to: (i) request additional disclosures about the Personal Information we collect, use, and disclose, i.e., a “Request to Know (Categories of Information)”; (ii) obtain a copy of Personal Information, i.e., a “Request to Know (Specific Pieces of Information),” sometimes called the Right to Access; (iii) request deletion of Personal Information, i.e., a “Request to Delete Information,” sometimes called the Right to Be Forgotten; and (iv) opt out of the sale of Personal Information, i.e., a “Request to Opt Out.”
2. How to Exercise Privacy Rights – If you wish to exercise any of these rights please email privacyinquiries@sonesta.com or call us at 855.251.0649. The rights described herein are not absolute and we reserve all of our rights available to us at law in this regard. Additionally, if we retain your personal data only in de-identified form, we will not attempt to re-identify your data in response to a Data Subject Rights request.
We do not discriminate against you, for example, by charging you a different price or offering a different level of service, for exercising any of these rights.
If you make a request related to personal data about you, we will need to verify your identity. To do so, we will request that you match specific pieces of information you have provided us previously, as well as, in some instances, provide a signed declaration under penalty of perjury that you are the individual whose personal information is the subject of the request. If it is necessary to collect additional information from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying with the request. For requests related to particularly sensitive information, we may require additional proof of identification. If you make a request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf. We will process your request within the time provided by applicable law.
3. Additional Privacy Rights for California Residents (California Shine the Light) –
If you are a California resident, California Civil Code Section 1798.83 permits you to request information about our practices related to the disclosure of your personal information to certain third parties for their direct marketing purposes. You may be able to opt-out of our sharing of your personal information with unaffiliated third parties for the third parties' direct marketing purposes in certain circumstances. Please send your request (along with your full name, email address, postal address, and the subject line labeled "Your California Privacy Rights") by email at privacyinquiries@sonesta.com.
At times our EEA Disclosures may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
To assert one of your legal rights described in these EEA Disclosures, or if you have any questions about these EEA Disclosures or our data handling practices, please contact us by any of the following means:
Sonesta International Hotels Corporation
Chief Compliance Officer,
Two Newton Place,
255 Washington Street Suite 300,
Newton, MA 02458