Effective Date: March 11, 2021
1. General information
This policy describes how Hotels AB LLC (“AB Properties”, “we”, “us”, “our”) collects, processes, uses and discloses your personal information when you contact us, use our services or interact with our websites, such as www.andrebalazsproperties.com, www.chilternfirehouse.com, www.chateaumarmont.com, www.mercerhotel.com, and www.sunsetbeach.fun (together the “websites”).
The term “personal information” as used in this policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you.
Hotels AB LLC is made up of different legal entities. This policy is issued on behalf of the group so when we mention “AB Properties”, “we”, “us” or “our” in this policy, we are referring to the relevant company in our group responsible for your information. For the purposes of the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the UK Data Protection Act 2018, the entity with which you enter a contract or otherwise share your personal information will be the controller. Hotels AB LLC with an address at 56 Blandford Street, London, W1U 7JD is the controller and responsible for this website.
2. How can you contact us
If you have any questions or concerns regarding this policy, or to exercise any of your data protection rights and choices, please go to our websites or contact us at:
• Email address: email@example.com
• Telephone number: +4420707377676
• Mailing address: AB Properties, 56 Blandford Street, London, W1U 7JD
• Email address: firstname.lastname@example.org
• Telephone number: +1 323 656 1010
• Mailing address: 8221 Sunset Blvd, Los Angeles, CA 90046
• Email address: email@example.com
• Telephone number: +1 212 966 6060
• Mailing address: AB Properties, 147 Mercer Street, NYC, 10012
• Email address: firstname.lastname@example.org
• Telephone number: +1631 749 2001
• Mailing address: AB Properties, 35 Shore Road, Shelter Island Heights, NY 11965
3. Data protection
Your privacy is important to us and we promise to respect your personal information. We will do our best to ensure that your details are accurate and up-to-date.
4. Information we collect about you
We may collect the following personal information that you choose to provide voluntarily when you access our websites, complete forms, make a call to us, correspond with us by e-mail or otherwise, and when you use our services:
- Identifiers, including name, title, alias, date of birth, marital status, postal address, email address, phone number, passport number, unique personal identifier;
- Sensitive information, such as medical and health information (including COVID-19 information, such as your temperature reading taken on entry to any of our properties and Information about your exposure to COVID-19, including information about positive/negative diagnoses for COVID-19, and the exhibiting of any recognised COVID-19 related symptoms);
- Commercial information, such as transaction history, reservation information, products/services purchased, obtained or considered, your interests, preference, feedback and survey responses; and
- Financial and transaction data, including bank account and payment card details and information about payments from you and other details of products and services you have purchased from us.
We also collected the following information indirectly from you when you access our websites or otherwise correspond with us:
- Identifiers, such as phone numbers or email addresses used to correspond with us; and
- Internet or other similar network activity, such as limited technical information including information on your IP address, browsing or search history, website interactions, advertisement interactions, browser type and version, time zone setting, operating system and platform, page interaction information.
If you apply for work with us, we may collect, store, and use the following categories of personal information that you have provided to us in your curriculum vitae, a covering letter, on an application form or during an interview, or that we have received from a recruitment agency or background check provider:
- Identifiers, including name, title, alias, date of birth, marital status, postal address, email address, phone number, passport number, unique personal identifier, Social Security Number;
- Professional or employment-related information, such as employment history and qualifications;
• Non-public education information, such as academic qualifications and education records; and
- Protected classification information, (or sensitive personal information) such as race, gender, ethnicity, religion and health information.
5. How we use your information
We will use your personal information so that we can provide services to you, and only where we have a legal ground for doing so under applicable data protection law. The legal ground will depend on the purpose for which we process your personal information. We use your identifiers, commercial information and financial and transaction data in the following ways as necessary to provide our services under the agreement between you and us:
- To complete and fulfil your reservation and stay, for example: to confirm your reservation, process your payment, send you emails that relate to your stay, provide related customer services and assist with special requests or celebrations;
- To respond to your customer service inquiries or requests, provide you with services, and contact you regarding your use of our services;
- To administer or otherwise carry out our obligations in relation to any agreement to which we are a party; and
- To prepare and process invoices.
We may use your sensitive information to provide you with specialised services, such as disabled access to our premises, under the agreement between you and us. We use your identifiers, commercial information, financial and transaction data, and internet or other similar network activity in the following ways as necessary for certain legitimate interests, or where you have given your consent to such processing as required by applicable law (such consent can be withdrawn at any time):
- To deal with any enquiries or complaints you or others make;
- To confirm, update and improve customer records;
- To contact you after your stay with us;
- To identify and inform you of services that may be of interest;
- To analyse and develop a relationship with you;
- To conduct other marketing and commercial activities;
- To offer our services to you in a personalised way;
- To administer our websites;
- For internal business/technical operations to keep our websites, network and information systems secure; and
- To (i) comply with legal obligations, (ii) respond to requests from competent authorities; (iii) protect our businesses interests; (iv) protect our rights, safety or property, and/or that of our partners, you or others; and (v) enforce or defend our legal rights.
If you have applied for work with us, we will use your identifiers, professional or employment-related information, non-public education information and protected classification information in the following ways as necessary in our legitimate interests, and to decide whether to enter into a contract of employment with you:
- To assess your skills, qualifications, and suitability for the role you have applied for;
- To carry out background and reference checks, where applicable;
- To communicate with you about the recruitment process;
- To keep records related to our hiring processes; and
- To comply with legal or regulatory requirements.
We may use your protected classification information in the following ways:
- To consider whether we need to provide appropriate adjustments during the recruitment process; and
- To use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
We may process your: (i) identifiers as is necessary in order to comply with our obligations under law; and (ii) COVID-19 information as is necessary for reasons of public interest in the area of public health:
- To minimize the risk of COVID-19 spreading amongst our guests and employees in our properties, and maintaining a safe environment;
- To take your temperature on entry to any of our properties;
- To make decisions regarding entry to our properties; and
- To maintain contact tracing records, and to share the same with public health authorities where so required (e.g. the UK NHS Test & Trace system).
We may also process your identifiers as is reasonably necessary in your legitimate interests where you have requested that we assist you with organizing a COVID-19 test with a private facility.
6. How we share information with others
We work closely with a number of trusted partners with whom we need to share personal information to help us provide our services. These include:
- Our group companies (the information shared includes identifiers, sensitive information, commercial information, financial and transaction data, internet or other similar network activity, professional or employment-related information, non-public education information and protected classification information);
- Banks and payment providers, to authorise and complete payments (the information shared includes commercial information and financial and transaction data);
- Service providers who work with us to help provide our services, including data storage, maintenance services, security, hospitality providers, and marketing agencies (the information shared includes identifiers, commercial information, financial and transaction data, and internet or other similar network activity); and
- Companies to whom we transfer or may transfer our rights and duties under our agreement with you.
We will only transfer your personal information to trusted third parties who provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures. We may also disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets;
- if AB Properties or substantially all of its assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets; or
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any request from law enforcement or governmental organisations or public health authorities, or in order to enforce or apply our terms and other agreements; or to protect the rights, property, or safety of AB Properties, our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
We may also share your personal information (including identifiers, professional or employment-related information, non-public education information) with the following third parties for the purposes of processing your application for employment: search consultancies, background screening providers and our group companies.
Personal information you supply us with and the information about your use of our services will only be used by us, to tell you by letter, telephone or email about services that may be of interest to you. We will generally ask for your consent to receive marketing communications in line with the applicable law when you first provide your personal information. Your personal information will not be disclosed to any third party for marketing purposes.
8. Transfers of your personal information
We may transfer your personal information referred to in this policy within our group and around the world to help operate our business efficiently. We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located, and adopt appropriate measures to secure an adequate level of privacy protection.
If you are based within the United Kingdom or the European Economic Area (“EEA”), your information may be transferred outside of the EEA and stored or processed in other countries (including the United States of America), as part of our business operations.
Where personal information is transferred from the UK or the EEA to a country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses to transfer your information.
If you want further information on the specific mechanism used by us when transferring your personal information out of the UK or the EEA, please contact us using the contact details set out above.
9. Retaining your personal information
We keep records for as long as required to manage hotel bookings and provide the other relevant services anticipated by this policy. Where your information is no longer required, we will ensure it is disposed of in a safe manner.
10. Your UK and European privacy rights
If you are based in the UK or the EEA, under certain circumstances you have the following rights:
- Request access to your personal information. You may have the right to request access to any personal information we hold about you as well as related information, including the purposes for processing the personal information, the recipients or categories of recipients with whom the personal information has been shared, where possible, the period for which the personal information will be stored, the source of the personal information, and the existence of any automated decision making;
- Request correction of your personal information. You may have the right to obtain without undue delay the rectification of any inaccurate personal information we hold about you;
- Request erasure of your personal information. You may have the right to request that personal information held about you be deleted;
- Request restriction of processing your personal information. You may have the right to prevent or restrict processing of your personal information; and
- Request transfer of your personal information. You may have the right to request transfer of your personal information directly to a third party where this is technically feasible.
Also, where you believe that we have not complied with our obligations under this policy or European data protection law, you have the right to make a complaint to a Data Protection Authority, such as the UK Information Commissioner’s Office.
You can exercise any of these rights by contacting us using the contact details set out above.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. Your Californian rights
The California Consumer Privacy Act of 2018 (“CCPA”) provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Your rights and choices
As of January 1, 2020, if you are a verified California resident, you have the right to obtain certain information about our collection and use of personal information over the past 12 months, including:
- The categories of personal information we collect;
- The categories of sources of personal information we collect;
- Our business purpose for collecting or sharing that personal information;
- The categories of third parties with whom we share that personal information; and
- The specific personal information we have collected about you over the past 12 months.
The CCPA gives consumers the right to prevent businesses from selling their personal information. We take your privacy seriously and do not sell your personal information to third parties.
Exercising your rights
You can exercise any of these rights by contacting us using the contact details set out above. You may make a request up to twice within a 12-month period.
We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.
Response timing and format
We will endeavour to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of the reason and extension period in writing.
Where you request a copy of your personal information, we will endeavour to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy. Any disclosures we provide will only cover the 12-month period preceding the receipt of you verified request.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you as a result of your exercise of any of these rights.
12. Cookie usage and do-not-track
13. Changes to this policy
Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified to you by email. We will post an updated effective date on the revised policy. Please check back frequently to see any updates of changes.
14. Information security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.