SH GROUP PRIVACY STATEMENT

Last updated: March 30, 2021

OUR COMMITMENT TO PRIVACY

Your privacy is important to SH Group Operations, L.L.C. and its affiliates ("SH Group," “us,” “we,” “our”), including 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel. To better protect your privacy, we are providing information explaining our information practices (in both an online and offline context).This Privacy Policy describes how we gather and use information for visitors of our websites and guests at our hotels.

For the purposes of applicable EU data protection laws, Sh Group, 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel will each be a data controller of any Personal Data (as defined below) collected about you. If you have any questions regarding our use of your Personal Data, or this Privacy Policy, please contact [email protected]  

You do not need to take any action as a result of this Privacy Policy, but you do have certain rights as described below in the section headed “Your legal rights”. It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

This website is not intended for children and we do not knowingly collect or solicit data relating to children.

This Privacy Policy is provided in a layered format, so you can click through to the specific areas set out below:

  1. Important information and who we are
  2. The Personal Data we collect about you
  3. How we obtain your Personal Data and Other Data
  4. How we use your Personal Data and Other Data
  5. Disclosure of Personal Data and Other Data
  6. How we keep your Personal Data secure
  7. How long we retain your Personal Data for
  8. International transfers of your Personal Data
  9. Your legal rights

 

1.      IMPORTANT INFORMATION AND WHO WE ARE

Who we are

SH Group, 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel are each “data controllers” of your personal data (referred to as “we”, “us”, “our” or collectively, as “SH Group”). In simple terms, this means that we: (i) “control” your personal data, including making sure that it is kept secure; and (ii) make certain decisions on how to use and protect your personal data, but only to the extent that we have informed you about the use or are otherwise permitted by law.

How to contact us or make complaints

If you have any questions regarding our use of your personal data (including any requests to exercise your legal rights), or this privacy policy, please contact [email protected]  

     Our full contact details are:

     GDPR Customer Service Team

     SH Group

     1140 Avenue of the Americas, 5th Floor

     New York, NY 10036.

You have the right to make a complaint at any time to the relevant supervisory authority in your country of residence for data protection issues. We always appreciate the chance to deal with your concerns before you approach the relevant supervisory authority, so please contact us in the first instance.

 

Changes to this Privacy Policy and your Personal Data

This Privacy Policy is regularly reviewed and was last updated on July 5th 2018.

It is important that the Personal Data we hold about you is accurate and up-to-date. Please keep us informed if your Personal Data changes during your relationship with us.

Third party sites and links

Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their processing of your Personal Data. When you leave our website, we encourage you to read the privacy notice of every website you visit.

 

2.      THE PERSONAL DATA WE COLLECT ABOUT YOU

“Personal Data” are data that identify you as an individual or relate to an identifiable individual.

SH Group, 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel collects the following types of Personal Data in both an online and offline context, when providing you with our products and services:

Name

Gender

Postal address

Telephone number

Email address

Credit and debit card number or other payment data

Financial Information in limited circumstances such as residential services

Language preference

Date and place of birth

Nationality, passport, visa or other government-issued identification data

Important dates, such as birthdays, anniversaries and special occasions

Travel itinerary, tour group or activity data

Prior guest stays, or interactions, goods and services purchased, special service and amenity requests

Geolocation information

Social media account ID, profile photo and other data publicly available

 

We will also collect the following types of personal data for the following purposes:

Images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our properties

Guest preferences and personalized data such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit

MERCHANDISE PURCHASES

To make purchases through our website, you submit your name, payment card information, and billing address. All payment card information is provided directly to our third-party service provider, Shopify. We may keep a record of your purchases. 

3.   HOW WE OBTAIN YOUR PERSONAL DATA AND OTHER DATA

Personal Data collection is obtained in a variety of ways:

Online Services. Personal Data is collected through online services either directly or through an affiliate booking website.

     Reservation Process

     Check out process for electronic folio receipts

     Purchase goods or services through the website or ecommerce website hosted by Shopify

     Communication via email

     Connect or post to social media related to the properties

     Participate in a survey, contest or promotional offer

Property Visits. Personal Data is collected when guests visit our properties or use on-property services and outlets.

     Restaurants

     Concierge services

     Health clubs

     Spas

Offline Interactions Personal Data is collected when individuals attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.

Reservations and Customer Service Centers. Personal Data is collected when you make a reservation over the phone, communicate with us by email, fax or contact customer service. These communications may be recorded for purposes of quality assurance and training.

Other Sources. Personal Data is also collected from other sources, such as public databases, joint marketing partners and other third parties.

Internet-Connected Devices. Personal Data is collected from internet-connected devices available in our properties. For example, a smart assistant device may be available for your use and to tailor your accommodations and experience.

“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data.

Other Data include:

     Browser and device data

     App usage data

     Data collected through cookies, pixel tags and other technologies

     Demographic data and other data provided by you

     Aggregated data

We collect Other Data in a variety of ways:

Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly.

Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data.  We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.[1]

Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.

Analytics. We collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/‌partners/   and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout   . You can learn more about Adobe and opt out by visiting https://www.adobe.com/privacy/opt-out.html   .

Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP).  An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.

Aggregated Data. We may aggregate data that we have collected, and this aggregated data will not personally identify you or any other user.

 

4.   HOW WE USE YOUR PERSONAL DATA AND OTHER DATA

We use Personal Data and Other Data to provide you with Services, to develop new offerings and to protect SH Group, 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services. We will let you know if this is ever the case.

 

We use Personal Data and Other Data for the following purposes, and on the following legal bases:

Purpose/activity: To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit

  Legal basis: Contractual necessity

Purpose/activity: To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person's bill will be emailed to you, as well.

  Legal basis: Contractual necessity

Purpose/activity: To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person's bill will be emailed to you, as well.

  Legal basis:Contractual necessity

Purpose/activity: Personalize the Services according to your Personal Preferences.We use Personal Data and Other Data to personalize the Services and improve your experiences, including when you contact our reservations center, visit one of our properties or use the Online Services, to:

  Customize your experience according to your Personal Preferences

  Present offers tailored to your Personal Preferences

  Legal basis: Consent, Legitimate interests

Purpose/activity: Communicate with you about goods and services according to your Personal Preferences. We use Personal Data and Other Data to:

  Send you marketing communications and promotional offers, as well as periodic customer satisfaction,  market research or quality assurance surveys

  Legal basis: Consent, Legitimate interest

Purpose/activity: Sweepstakes, activities, events and promotions. We use Personal Data and Other Data to allow you to participate in sweepstakes, contests and other promotions and to administer these activities.  Some of these activities have additional rules and may contain additional information about how we use and disclose your Personal Data. We suggest that you read any such rules carefully.

  Legal basis: Consent

Purpose/activity: Business Purposes. We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed circuit television, card keys, and other security systems)

  Legal basis: Legal obligation

Purpose/activity: Business Purposes. We use Personal Data and Other Data for developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

  Legal basis: Legitimate interest, Consent

Purpose/activity: We use credit card data or other payment data for invoicing purposes

  Legal basis: Contractual necessity

 

5.     DISCLOSURE OF PERSONAL DATA AND OTHER DATA (PDF)

Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data and Other Data with the following:

Owners and Franchisees. We disclose Personal Data and Other Data to Owners of SH Group, 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel branded properties for the purposes described in this Privacy Statement, such as providing and personalizing the Services.

Strategic Business Partners. We disclose Personal Data and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.

Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services.

Corporate Reorganization. We may disclose or transfer your Personal Data and Other Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the SH Group, 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel business, assets or stock (including any bankruptcy or similar proceedings).

 

OTHER USES AND DISCLOSURES

We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with  applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of the SH Group, 1 Hotels, Baccarat Hotels & Resorts , Princeville Resort and The Jeremy Hotel, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data for so long as it is combined.

 

6.     HOW WE KEEP YOUR PERSONAL DATA SECURE

We use appropriate organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section on the website.

 

7.      HOW LONG WE RETAIN YOUR PERSONAL DATA FOR

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

[In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

For further information on how long we retain your Personal Data for, please contact [email protected]

 

8.   INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

SH Group is an international organization and we may transfer your personal information outside of the European Economic Area to the United States for the purpose of processing transactions and requests related to our services. Where any such country does not offer the same level of data protection as your country of residence, we take measures to ensure an appropriate level of protection for your Personal Data. Please contact [email protected] for further information on the measures we take to ensure an appropriate level of protection for your Personal Data outside the European Economic Area.

 

9.      YOUR LEGAL RIGHTS

You have the right to access the Personal Data we hold about you, and there are a number of ways you can control the way in which and what information we store and process about you.

We have explained these individual rights and controls below. To exercise these rights and controls, please contact us at [email protected]

Access:  You have the right to ask for a copy of the Personal Data that we hold about you free of charge, however we may charge a ‘reasonable fee’ if we think that your request is excessive, to help us cover the costs of locating the information you have requested. We will respond to your request as soon as possible and (save for in certain circumstances) within one month.

Correction:  If there are any inaccuracies in the information we hold about you, please contact us and we will correct them.

Deletion:  If you think that we shouldn’t be holding or processing your Personal Data any more, you may request that we delete it. Please note that this may not always be possible due to legal obligations.

Restrictions on use:  You may request that we stop processing your Personal Data (other than storing it), if: (i) you contest the accuracy of it (unless the accuracy is verified); (ii) you believe the processing is against the law; (iii) you believe that we no longer need your Personal Data for the purposes for which it was collected, but you still need your data to establish or defend a legal claim; or (iv) you object to the processing and we are verifying whether our legitimate grounds to process your Personal Data, override your own rights.

Object:  You have the right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request the transfer:  If you wish to transfer your Personal Data to another organization (and certain conditions are satisfied), you may ask us to do so, and we will send it directly if we have the technical means. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdrawal of consent:  If you previously gave us your consent to allow us to process your Personal Data for a particular purpose, but you no longer wish to consent to us doing so, you can contact us to let us know that you withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

CHANGES TO THIS PRIVACY POLICY AND YOUR PERSONAL DATA

CHANGES TO THIS PRIVACY POLICY AND YOUR PERSONAL DATA

If we make material changes to how we treat our users' and guests’ personal information, we will notify you by e-mail to the primary e-mail address specified in your account and/or possibly through a notice on our websites’ home pages. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our websites and this Privacy Policy to check for any changes.

Occasionally, at our discretion, we may include or offer third-party products or services on our websites. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We urge you to read the privacy policies of other websites before submitting any information to those websites.  

THE PERSONAL DATA WE COLLECT ABOUT YOU

THE PERSONAL DATA WE COLLECT ABOUT YOU

“Personal Data” are data that identify you as an individual or relate to an identifiable individual. SH Group, 1 Hotels, Baccarat Hotels & Resorts, Treehouse Hotels, The Jeremy Hotel and Princeville Resort collects the following types of Personal Data in both an online and offline context, when providing you with our products and services:

  • Name
  • Gender
  • Postal address
  • Telephone number
  • Email address
  • Credit and debit card number or other payment data
  • Financial Information in limited circumstances such as residential services
  • Language preference
  • Date and place of birth
  • Nationality, passport, visa or other government-issued identification data
  • Important dates, such as birthdays, anniversaries and special occasions 
  • Travel itinerary, tour group or activity data
  • Prior guest stays, or interactions, goods and services purchased, special service and amenity requests
  • Geolocation information
  • Social media account ID, profile photo and other data publicly available    

We will also collect the following types of personal data for the following purposes:

  • Biometric references, such as facial references and thermal images, digital images and video and audio data via security or surveillance cameras located in public areas, such     as hallways and lobbies, in our properties
  • Guest preferences and personalized data such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit.

 

COLLECTION OF PERSONAL DATA FROM CHILDREN

COLLECTION OF PERSONAL DATA FROM CHILDREN

Our websites are not intended for children under 18 years of age. No one under age 18 may provide any information to or on our websites. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on our websites or on or through any of its features, use any of the interactive or public comment features of the websites or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected]

HOW WE OBTAIN YOUR PERSONAL DATA AND OTHER DATA

HOW WE OBTAIN YOUR PERSONAL DATA AND OTHER DATA

Personal Data collection is obtained in a variety of ways:

  • Online Services. Personal Data is collected through online services either directly or through an affiliate booking website.
  • Reservation Process
  • Check out process for electronic folio receipts
  • Purchase goods or services through the website or ecommerce website
  • Communication via email
  • Digital and thermal image capture 
  • Connect or post to social media related to the properties
  • Participate in a survey, contest or promotional offer
  • Property Visits. Personal Data is collected when guests visit our properties or use on-property services and outlets
  • Restaurants
  • Concierge services
  • Health clubs
  • Spas
  • Offline Interactions. Personal Data is collected when individuals attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.
  • Reservations and Customer Service Centers. Personal Data is collected when you make a     reservation over the phone, communicate with us by email, fax or contact customer service. These communications may be recorded for purposes of quality assurance and training.
  • Other Sources. Personal Data is also collected from other sources, such as public databases, joint marketing partners and other third parties.
  • Internet-Connected Devices. Personal Details collected from internet-connected devices     available in our properties. For example, a smart assistant device may be available for your use and to tailor your accommodations and experience.

“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data includes:

  • Browser and device data
  • App usage data
  • Data collected through cookies, pixel tags and other technologies
  • Demographic data and other data provided by you
  • Aggregated data

WE COLLECT OTHER DATA IN A VARIETY OF WAYS

Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly

Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data.  We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.

Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services. Analytics. We collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://policies.google.com/technologies/partner-sites and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout.You can learn more about Adobe and opt out by visiting http://www.adobe.com/privacy/opt-out.html. Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP).  An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address. 

Aggregated Data. We may aggregate data that we have collected, and this aggregated data will not personally identify you or any other user.

HOW WE USE YOUR PERSONAL DATA AND OTHER DATA

HOW WE USE YOUR PERSONAL DATA AND OTHER DATA

We use Personal Data and Other Data to provide you with goods and Services, to develop new offerings and to protect SH Group, 1 Hotels, Baccarat Hotels & Resorts, Treehouse Hotels, The Jeremy Hotel and Princeville Resort and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services. We will let you know if this is ever the case. We use Personal Data and Other Data for the following purposes:

  • To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit.
  • To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person's bill will be emailed to you, as well.
  • Personalize the Services according to your Personal Preferences. We use Personal Data and Other Data to personalize the Services and improve your experiences, including when you contact our reservations center, visit one of our properties or use the Online Services, to customize your experience according to your Personal Preferences and present offers tailored to your Personal Preferences.
  • To enroll you in and facilitate our loyalty program.
  • To fulfill orders you place on our website.
  • Communicate with you about goods and services according to your Personal Preferences. We use Personal Data and Other Data to send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research or quality assurance surveys.
  • Sweepstakes, activities, events and promotions. We use Personal Data and Other Data to allow you to participate in sweepstakes, contests and other promotions and to administer these activities.  Some of these activities have additional rules and may contain additional information about how we use and disclose your Personal Data. We suggest that you read any such rules carefully.
  • For data analysis, audits, public health and societal wellbeing security and fraud monitoring and prevention (including with the use of closed-circuit television, card keys, and other security systems).
  • For developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
  • We use credit card data or other payment data for invoicing purposes.

MARKETING

We use Google Ads and Facebook remarketing services to advertise SH’s hotels on third-party websites to previous visitors of our website.  This could be in the form of an advertisement on the Google search results page, a site in the Google Display Network, or somewhere on Facebook. Google and Facebook will display advertisements to you based on what parts of the SH website you have viewed by placing a cookie on your web browser.  These remarketing services allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

If you do not wish to see ads from SH, you can opt out in by visiting the links below:
For Google: https://support.google.com/ads/answer/2662922?hl=en
For Facebook:  https://www.facebook.com/ads/website_custom_audiences/

DISCLOSURE OF PERSONAL DATA AND OTHER DATA

DISCLOSURE OF PERSONAL DATA AND OTHER DATA

Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data and Other Data with the following:

Owners and Franchisees. We may disclose Personal Data and Other Data to Owners of SH Group, 1 Hotels, Baccarat Hotels & Resorts, Treehouse Hotels, The Jeremy Hotel and Princeville Resort branded properties for the purposes described in this Privacy Policy and upon termination of our management agreements with such Owners. In such cases, we will transfer a limited amount of guests’ personal information, namely, contact information, to the Owners in order to transition the continued operations of the hotels.
 
Strategic Business Partners. We disclose Personal Data and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.

Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services.

Legal Requirements and Business Transfers. We may disclose your Personal Data and Other Data (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other government official requests including for matters related to public health and societal wellbeing, (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iii) in connection with an investigation of a complaint, security threat, or suspected or actual illegal activity; (iv) in connection with an internal audit; or (v) in the event that SH is subject to mergers, acquisitions, joint ventures, sales of assets, reorganizations, divestitures, dissolutions, bankruptcies, liquidations, or other types of business transactions. In these types of transactions, Personal Data may be shared, sold, or transferred, and it may be used subsequently by a third party. 

HOW WE KEEP YOUR PERSONAL DATA SECURE

HOW WE KEEP YOUR PERSONAL DATA SECURE

SH has implemented reasonable physical, technical, and administrative security standards to protect Personal Data from loss, misuse, alteration, or destruction. We strive to protect your Personal Data against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your Personal Data, and they receive training about the importance of protecting your Personal Data. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section on the website.

HOW LONG WE RETAIN YOUR PERSONAL DATA FOR

HOW LONG WE RETAIN YOUR PERSONAL DATA FOR

We will keep your Personal Data for the period necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is permitted or required by law. 

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

SH Group is an international organization based in the United States.

If you are staying in one of our hotels located in European Economic Area, we may transfer your personal information outside of the European Economic Area to the United States for the purpose of processing transactions and requests related to our services. In such cases, your personal data will be transferred to the United States or to other countries or jurisdictions in which we or our third-party associates may process personal data through the use of Standard Contract Clauses.

If you are browsing or otherwise accessing our websites from the European Economic Area, please be aware that any personal data you provide, and any personal information we automatically collect through your browsing, such as browser data and IP address, will be transferred to the United States. You should be aware that the laws that apply to the use and protection of personal data in the United States or other countries or jurisdictions to which we transfer, or in which we process, personal data may differ from those of your country of residence. If you access our website from jurisdictions outside of the United States, you do so at your own choice and risk and are solely responsible for compliance with local law. While we take steps to safeguard your personal data, the United States has NOT been deemed by the European Commission to ensure an adequate level of protection for personal data. Accordingly, the level of protection provided in the United States or other non-EU countries and jurisdictions from which you may access our websites may not be as stringent as that under EU data protection standards or the data protection laws of some other countries, possibly including your home jurisdiction.

SH CALIFORNIA PRIVACY NOTICE

Pursuant to applicable California law, including the California Consumer Privacy Act (“CCPA”), SH makes the following disclosures regarding the personal information SH has collected within the last 12 months:

Category of Personal Information Category of Source from Which Data is Collected  Purpose of Collection Category of Third Parties to Whom Data is Disclosed
Contact information such as name, e-mail address, phone number, mailing address Directly from guests To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit; To support our electronic receipt program; To enroll you in our loyalty program. Service Providers
Payment information such as credit card information Directly from guests To facilitate reservations and payment Service Providers
Gender Directly from guests To personalize the Services according to your Personal Preferences Service Providers
Date and place of birth Directly from guests   Service Providers
Passport information, including nationality Directly from guests To facilitate reservations Service Providers
Important dates such as birthday, anniversary, special occasions Directly from guests To personalize the Services according to your Personal Preferences. Service Providers
Travel itinerary, tour group or activity data Directly from guests To personalize the Services according to your Personal Preferences. Service Providers
Prior stays, goods and services purchases, special service and amenity requests Directly from guests To personalize the Services according to your Personal Preferences. Service Providers
Geolocation information Directly from guests Sweepstakes, activities, events and promotions Service Providers
 
Social media credentials and photographs Directly from guests Sweepstakes, activities, events and promotions Service Providers
 
Guest preferences such as interests, hobbies, activities, food and beverage choices Directly from guests To personalize the Services according to your Personal Preferences; for developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities. Service Providers
 
Images, video, and audio data Security cameras in public areas such as hallways and lobbies To maintain security in SH’s hotels. Service Providers
 
Automatically collected information on websites such as IP address, device type, browser type Cookies and other tracking technologies For data analysis, audits, security and fraud monitoring and prevention (including with the use of closed-circuit television, card keys, and other security systems); sweepstakes, activities, events and promotions; for developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities. Service Providers

SH has not sold consumers’ personal information in the twelve (12) months preceding the Effective Date of this Privacy Policy.

If you are a California resident, pursuant to the CCPA, you have the right to request:
• the categories of personal information SH has collected about you;
• the categories of sources from which your personal information is collected;
• the business or commercial purpose of collecting or selling your personal information;
• the categories of third parties with whom SH shares your personal information;
• the specific pieces of personal information SH has collected about you; 
• the categories of personal information that SH has sold about you and the categories of third parties to whom the personal information was sold, if applicable;
• deletion of your personal information; and 
• an opt out of having your personal information disclosed or sold to third parties.

To submit a request, or designate an authorized agent to make a request under the CCPA on your behalf, please complete this form or call us toll-free at 833.623.0111. To verify your identity when you submit a request, we will match the identifying information you provide us to the personal information we have about you. If you have an account with us, we will also verify your identity through our existing authentication practices for your account. Request will be honored within 45 days or less, however, based on the results of verification, SH may take up to 90 days to honor your request.

However, SH will not be required to comply with your request to delete your personal information if it is necessary for SH to maintain your personal information in order to:
• complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of SH’s ongoing business relationship with you, or otherwise perform a contract between you and SH;
• detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
• debug to identify and repair errors that impair existing intended functionality;
• exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
• comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
• engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when SH’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
• to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with SH;
• comply with a legal obligation; or
• otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

SH will not discriminate against you in the event you exercise any of the aforementioned rights under CCPA, including, but not limited to, by:
• denying goods or services to you;
• charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• providing a different level or quality of goods or services to you; or
• suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

 

This Policy is available to consumers with disabilities. To access this Policy in an alternative downloadable format, please click here.

Notice of Financial Incentive

If you sign up for SH’s loyalty program, you will be eligible for various rewards and incentives. When you sign up for SH’s rewards program, we will ask you to submit the following personal information:
• First name
• Last name
• E-mail address

When you register, you will have a profile that includes additional personal information such as your:
• Mailing address
• Date of birth
• Contact preferences
• Subscription options (e.g. e-mail lists for our SH, 1, Treehouse, and/or Baccarat hotels)

You can sign up for our loyalty programs by visiting our websites at https://www.shhotelsandresorts.com/account/register. Please be aware that you may withdraw from our loyalty program at any time through this form.

Nevada Consumer Rights

The Right to Opt-Out of the Sale of Personal Information

If you are a Nevada resident, you may request that we stop selling certain categories of personal information that we collect. To submit a request please click here. You also may call our toll-free telephone number at 833.623.0111, send a letter to the SH Group Operations, LLC, Data Privacy Officer, 1640 S. Sepulveda Blvd, Suite 460, Los Angeles, CA 90025, or complete a paper form available from the front desk at any of our hotels. When the PO receives your request, the PO will first verify your identity. The PO will verify your identify by asking you to provide your name, the email address and phone number associated with your reservation history or account. Once the PO has verified your identity, the PO will promptly fulfill your request, but not later than 60 days.

SH GDPR PRIVACY NOTICE

Controllers of Personal Data

SH Group Operations, LLC
Data Privacy Officer
1640 S. Sepulveda Blvd, Suite 460
Los Angeles, CA 90025

is the data controller of the personal data we collect.

Legal Bases for Processing Personal Data

If you are an individual located in the European Union (EU), we collect and process personal data about you where we have a legal basis for doing so under applicable EU laws. This means we collect and process your data only when:
• it is necessary for a legitimate interest (which is not overridden by your individual privacy interests), such as preventing fraud, improving our website, and increasing the security of the website and network infrastructure;
• you have consented to this collection and processing for a specific purpose;
• it is necessary to fulfil our contractual obligations; or
• it is necessary to comply with a legal obligation.

Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. Some examples of where we rely on your consent to process your personal data include sending you marketing emails. If you wish to withdraw your consent, please submit this form

Some examples of our legitimate interests for processing personal data include:

• website and network security; 
• customer support;
• fraud prevention; or
• improving our websites.

Where we rely on our legitimate interests to process your personal data, you may have the right to object. More information on exercising this right can be found in the Individual Rights section below.

If you have any questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us at [email protected]

Individual Rights

If you are located in the EU, you have certain rights under EU data protection law with respect to your personal data, including the right to request access to, correct, and delete your personal data. You may also have the right to receive a copy of your personal data in a commonly used and machine-readable format, and to transmit such data to another controller. You also may object to processing of your personal data, or ask that we restrict the processing of your personal data in certain instances. 

To request deletion of, access to, or to make changes to your personal data, or to otherwise any of the rights in this section, please submit this form. Please note that not all requests can be honored. 

Transfers, Storage, and Processing 

Our websites are operated from and hosted on servers located in the United States. If you access and use our websites from a location outside of the United States, any personal data you provide to us or that is otherwise collected may be transferred to and processed in the United States or any other jurisdiction in our sole discretion. Users of our websites should be aware that the laws that apply to the use and protection of personal data in the United States or other countries or jurisdictions to which we transfer, or in which we process, personal data may differ from those of your country of residence. Users who access or use our websites from jurisdictions outside of the United States do so at their own choice and risk and are solely responsible for compliance with local law. While we take steps to safeguard your personal data, the United States has NOT been deemed by the European Commission to ensure an adequate level of protection for personal data. Accordingly, the level of protection provided in the United States or other non-EU countries and jurisdictions from which you may access our websites may not be as stringent as that under EU data protection standards or the data protection laws of some other countries, possibly including your home jurisdiction.

If we are processing your personal data on behalf of another party, your personal data is transferred across borders to the United States or to other countries or jurisdictions in which we or our third-party associates may process personal data through the use of Standard Contract Clauses. 

Unresolved Complaints

If you are a resident of the EU and your inquiry with us has not been satisfactorily addressed, or if you believe we are processing your personal data not in accordance with the law or this Privacy Policy, you may file a complaint with the supervisory authority in your country of residence.