We collect Personal Information you provide to us and when you use the Sites and/or our Services. We collect Personal Information in order improve our services, to deliver services and perform obligations under contracts we have with you, to comply with our own legal obligations, and for other purposes as described below.
Information You Give Us: We receive and store any Personal Information you post to the Sites or provide to us when you set up a User Account, sign up for our newsletters or promotions, purchase Services, plan meetings or events, apply for employment, or make a reservation at one the Properties. For example, if you make a reservation at one of the Properties, we will ask you for information such as name, address, telephone number, email address, credit card number, and room preference to process your reservation. We may use your email address to send a confirmation and, if necessary, may use the other information to contact you for help to process the reservation. As indicated below, we may also use your email address to notify you about special offers and promotions, including from Columbia Hospitality, the Properties and our partners. You can choose not to provide such Personal Information, in which case you will not be able to access or use portions of the Sites or some of their features.
Automated Collection: We automatically receive and store certain types of information when you visit the Sites, such as the name of the domain and host from which you access the Internet; the IP address of the computer you are using and the browser and operating system you are using; the date and time you access the Sites; the Internet address of the website from which you linked to the Sites; any search terms you used to find the Sites; the device identifiers and mobile and network information, and your actions on the Sites. This information will be treated as Personal Information if we combine or link it to any of the identifying information above. Otherwise, this information constitutes aggregate information.
Credit Card Information: We will require your credit card information in order to process purchases and reservations. Credit card data is transferred over a Secured Sockets Layer (SSL) line if you are using a SSL enabled browser such as Microsoft Internet Explorer, Firefox, Safari, or Google Chrome. We also use SSL on other select pages where you enter Personal Information. This ensures that your Personal Information is encrypted as it travels over the Internet. This secure mode is enabled before any such information is transmitted from your computer. You will know you are in secure mode when the padlock or key icon in the lower right-hand or left-hand corner of the computer screen appears in the locked position. In addition, when accessing a secure server, the first characters of the site address will change from http to https. After information reaches us it is stored on a secure server that resides behind firewalls designed to block unauthorized access from outside Columbia.
Log Data: Our web servers may collect “log data.” Log data provides aggregate information about the number of visits to different pages on the Sites. We use log data for troubleshooting purposes and to track which pages people visit in order to improve the Sites. We do not link log data collected to Personal Information. Third-party vendors may also collect aggregate log data independently from us.
Web Beacons: Some of the pages on the Sites may contain electronic images known as web beacons that allow use to count the number of users who have visited those pages. These collect only limited information such as a cookie number, time and date of a page view, and a description of the page on which the web beacon resides. These web beacons do not carry any personal Information and you cannot opt-out or refuse them. However, where they operate with cookies, you can render them ineffective by opting out of cookies or changing the cookie setting in your browser.
Marketing emails: We use third party service providers to send our marketing emails. There are no cookies in the email. However, they may contain e-tags, which permits you to share the mail via social sites to which you subscribe. In addition, when you click on a link to the Sites included in the email, a persistent cookie is placed on your computer. This cookie is used to measure the effectiveness of our email marketing efforts, better understand how our users navigate through the Sites, and enhance user experience. To that end, we collect a variety of information about how you interact with our marketing efforts, including how many times the email is opened and/or clicked, the browser type used, operating system, user email program, etc. The cookie set by our service providers will remain on your hard drive 30 days after the last time you clicked on the coded link in the email, or until you delete it.
In addition, the third parties that assist with our marketing emails may use pixel tags that help us send the email in a format you can read, to allow us to know which emails you act upon and to better target the content of future emails. We also use these tags to track the aggregate number of emails read and whether any of the links in the email were accessed.
Advertisements: We use third party service providers to serve and host our advertisements. You may receive our ads on these third party sites. These third parties use persistent cookies to track the number of times our site is accessed and whether the site was accessed from the advertisement. The cookies generated from the advertisements do not contain Personal Information and may remain on your hard drive three or more years unless you delete them. If you do not want Personal Information about you used for this purpose, you may opt-out by following the procedure described below. Note, however, that where we use a third party to provide advertising, email marketing or similar services, each such third party will have its own opt-out process, which it will manage and control. You will need to follow those procedures to opt-out of the services they provide.
Personal Profiles: We collect and maintain Personal Information about you to create a personal profile containing your preferences and other information that you voluntarily provide to us when you create an account with us. This profile may also include information we have obtained from other sources. Examples of the types of information we may collect for this purpose include (i) high vs. low floor, smoking vs. non- smoking room, beverage and pillow type preferences; (ii) whether you participate in travel rewards programs; (iii) email communications with you; and (iv) responses to customer service surveys. Creating and completing a member profile allows you to make reservations more easily and also allows us to enhance your experiences. We will share your preference profile with the Property when you book with the Property. You don’t need to create a profile, but if you do, you must consent to our collection and use of any Personal Information you provide to us, the terms of this Policy, and our Terms https://www.columbiahospitality.com/terms.php. You can later withdraw your consent, but by creating a profile, you affirmatively consent to our collection and use of the information you provide as described herein.
We may use the Personal Information provided or obtained through the Sites to:
General: We do not share the Personal Information provided or obtained through the Sites with third parties, except as described below and as otherwise specified in this Policy. We may share Personal Information as follows:
Service Providers: We use third party service providers to provide specific business support services to us which may involve limited access to Personal Information. We require these companies to use the information only to provide the contracted services and prohibit them from transferring the information to another party except as needed to provide the contracted services. Examples of such services include sending emails, conducting and administering promotions, executing surveys, providing customer service, performing business analysis, and processing payments. When we employ another company to perform a function for us, we only provide them with the information that they need to perform their specific function. We are not responsible for the actions of service providers or other third parties, nor are we responsible for any additional information you provide directly to any third parties.
Business Transactions: We may disclose your Personal Information as part of any merger, sale of company assets or acquisition, as well as in the event of an insolvency, bankruptcy or receivership. The recipient of Personal Information following such actions may have privacy policies that differ from those in this Policy. You will be notified via email and/or a prominent notice on the website, and you may opt- out of the use of your existing information in a new manner.
Special Events: If you choose to participate in a special event (for example, a promotion, contest, or sweepstakes), we may share your Personal Information with those organizations participating in the applicable event.
Other purposes: We may use and share Personal Information for other purposes with your consent.
Disclosure: Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. To request this information please contact us at firstname.lastname@example.org.
Other Privacy Policies: Any third parties to whom we may disclose Personal Information may have their own privacy policies that describe how they use and disclose Personal Information. Those policies will govern use, handling, and disclosure of Personal Information once we have shared it with those third parties as described in this Policy. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.
The Sites are not directed at children, and we do not knowingly collect Personal Information directly from users under the age of 13 or from other web sites or services directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), we will not knowingly request or collect Personal Information from any child under age 13 without obtaining the required parental consent.
If you want to view your Personal Information, or delete or modify such information that is inaccurate, you may do so by sending an email to email@example.com. In making modifications you must provide only truthful, complete, and accurate information. We may limit your right to make changes to Personal Information where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the legitimate interests of other persons may be violated.
Please note that notwithstanding your request to change or delete Personal Information, we may be required to keep this information and not modify or delete it, or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements. When we delete any information, it will be deleted from the active database, but may remain in our archives. In some instances, however, Personal Information that you requested to be removed may be retained in certain files for a period of time in order to troubleshoot problems. In addition, some types of Personal Information may be stored indefinitely on back-up systems or within log files due to technical constraints or financial or legal requirements. Therefore, you should not always expect that all of your Personal Information will be completely removed from our databases in response to your request.
In addition to deleting Personal Information, you may choose to opt-out of receiving future newsletters, promotions or any other email communications from us by following the unsubscribe instructions included in the communications, or by contacting us via email as provided above. All promotional emails from us include an opt-out link which can be processed within 24-hours. You may also opt-out of promotions by sending us an email in response with “unsubscribe” or “opt-out” in the subject line of the email. Opting out of promotional communications does not affect our communications with you via telephone or email related to any business we may have with you or other transactional emails.
We reserve the right to verify the identity of any person making a request to opt-out or to delete or modify incorrect Personal Information, to charge you a fee before providing access and to deny such requests, except as prohibited by law; provided, however, that we will have no liability of any kind resulting from false or erroneous requests or any change or deletion we make for any reason.
We will retain the Personal Information you give us or we collect for as long as you maintain your User Account or subscription to our newsletters or other content, participate in any of the social features on the Sites, enter any promotions or use any of our other Services, and for a reasonable time thereafter. We will retain and use Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Otherwise we will retain Personal Information for up to twenty- four (24) months and thereafter may store it in aggregate. If you would like us to delete the Personal Information you have provided to us, please contact us at firstname.lastname@example.org and we will respond in a reasonable time. Please note that some or all of this information may be required in order for you to make use of services and features available via the Sites. If you remove this information, you may no longer be able to use these features.
We have employed the following security measures in place to protect against loss, misuse and alteration of Personal Information under our control. When you enter Personal Information to book a reservation or set up an account, we encrypt that information using secure socket layer technology (SSL). In addition, electronically stored Personal Information is stored on a secure network with firewall protection and access to our electronic information systems requires user authentication via password or similar means. We also employ access restrictions, limiting the scope of employees who have access to Personal Information.
By providing your email address to us through the Sites or entering into a business transaction with one the Properties, you affirmatively and expressly consent to receiving commercial emails from Columbia, the Properties, and those parties that process email communications on our behalf. Columbia and these third parties may send you commercial emails in order to deliver the Newsletter, to provide you with more information about available services you have purchased, and to provide you with updates, special offers, and other information, including but not limited to Site updates and offers or promotions from Columbia and/or the Properties.
Effective January 1, 2005, under California Civil Code Section 1798.83, if an individual who is a California resident has provided Personal Information to a business in connection with a business relationship that is primarily for personal, family, or household purposes, and if that business has within the immediately preceding calendar year disclosed such an individual’s Personal Information to a third party and knows or should have known that such third party used the information for its own direct marketing purposes, then that business is obligated to disclose in writing to such individual upon request, what Personal Information was shared and with whom it was shared.
Any request for a disclosure required under this California law should be sent to us via email at email@example.com or via regular mail at:
Columbia Hospitality, Inc.
ATTN: Legal Department
2200 Alaskan Way, Suite 200
Seattle, WA 98121
Please note that under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any request that is not sent to the email or mailing address designated above.
The Sites are hosted in and provided from the United States and are intended for those visiting the United States. If you use the Sites from the European Union (E.U.), Canada, or other countries or regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your Personal Information to the United States for storage and processing. The United States does not have the same data protection laws as the E.U., Canada, and other countries or regions.
The Sites are directed at consumers in the United States and the Properties we own or operate are located in the United States. In most cases, the Personal Information we collect is stored and used in the United States.
While we do not direct our Services to residents of the E.U., it is possible that E.U. residents may access and use the Sites. If we collect Personal Information from E.U. residents in a manner subject to the General Data Protection Regulation then, in addition to the above, the following terms shall also apply to our collection, use and retention of that information:
Compliance with Privacy Shield Principles: We support the E.U.-U.S. Privacy Shield Framework principles (Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability) regarding the collection, use and retention of Personal Information from EU Member Countries. Although we are not registered under the Privacy Shield, we make every effort to comply with these principles when handling Personal Information from residents of the EU Member Countries. However, our compliance with these principles may be limited (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements; or (b) by statute, governmental regulation, or case law. If there is a conflict between the policies set forth below and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
Basis for Collection: As set out above, we collect and process Personal Information for which you have given your express consent at the time of collection. For example, we collect Personal Information when you elect to participate in one of our promotions. We also collect and process Personal Information in order to improve our Services, to deliver Services and perform obligations under contracts we have with you, and to comply with our own legal obligations.
Sensitive Data: We do not collect sensitive data, (as defined in General Data Protection Regulation 2016/679) for example, biometric data, health data, or data revealing racial or ethnic origin, from visitors to the Sites.
Authorized Transfer: We also may disclose Personal Information for other purposes or to other third parties when you have consented to or requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We are not liable for appropriate onward transfers of Personal Information to third parties.
Data Processors: We may retain third parties to process or analyze Personal Information we collect from the Sites. For example, a Site may be maintained or hosted by a third party service provider, a promotion may be administered by a sales promotion agency, and/or products may be fulfilled by a wholesaler. These suppliers and other third parties who provide services for us are contractually obligated not to use Personal Information about you except as we authorize.
Profiling: We may analyze Personal Information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may
make use of additional information about you when it is available from external sources to help us do this effectively. We may also use Personal Information about you to detect and reduce fraud and credit risk.
Your Rights: Your rights include: (a) a right to withdraw your consent to the processing of Personal Information about you to which you have previously given consent; (b) a right to object to processing of Personal Information about you for the purpose of direct marketing; and (c) a right to have any incorrect part of the Personal Information about you corrected or removed. If you wish to exercise any of these rights, send an email to us at firstname.lastname@example.org.
If you request to have incorrect Personal Information removed, we may retain some of your Personal Information as necessary for the purposes of our legitimate business interests or in furtherance of public interests in accordance with the Privacy Shield Principles. Any Personal Information you have shared publicly with others may continue to be publicly visible on the Sites.
You also have the right to obtain a copy of the Personal Information we have about you, although we reserve the right to charge a reasonable fee for this depending on the nature and frequency of your request(s) and our cost to provide the information.
Enforcement and Disputes: In compliance with the E.U.-U.S. and U.S. Swiss Privacy Shield, we commit to resolve complaints about your privacy and our collection or use of your Personal Information in a timely and reasonable manner. If you do not receive timely acknowledgement of your request or have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at email@example.com.
In addition to the above, you may lodge a complaint with your home data protection authority and can invoke binding arbitration for residual claims not resolved by other redress mechanisms. Contact details for the E.U. data protection authorities can be found at http://ec.europa.eu/justice/data- protection/bodies/authorities/index_en.htm.
U.S. Privacy Shield Framework. As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission.
Effective September 27, 2018.