SH GROUP'S COMMITMENT TO PRIVACY
Effective Date/Last Updated: March 1, 2023
1. The Personal Data we collect about you
2. Collection of Personal Information From Children
3. How we obtain your Personal Data and Other Data
4. How we use your Personal Data and Other Data
5. Disclosure of Personal Data and Other Data
6. How we keep your Personal Data secure
7. How long we retain your Personal Data for
8. International transfers of your Personal Data
Occasionally, at our discretion, we may include or offer third-party products or services on our websites. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We urge you to read the privacy policies of other websites before submitting any information to those websites.
THE PERSONAL DATA WE COLLECT ABOUT YOU
SH Group, 1 Hotels, Baccarat Hotels & Resorts, Treehouse Hotels, The Jeremy Hotel and Princeville Resort collects the following types of Personal Information in both an online and offline context, when providing you with our products and services and when you apply for a job with us:
- Postal address
- Telephone number
- Email address
- Credit and debit card number or other payment data
- Financial Information in limited circumstances such as residential services
- Language preference
- Date and place of birth
- Nationality, passport, visa or other government-issued identification data
- Important dates, such as birthdays, anniversaries and special occasions
- Travel itinerary, tour group or activity data
- Prior guest stays, or interactions, goods and services purchased, special service and amenity requests
- Geolocation information
- Social media account ID, profile photo and other data publicly available
- Surveillance information, such as facial references and thermal images, digital images and video and audio data via security or surveillance cameras located in public areas, such as hallways and lobbies, in our properties
- Guest preferences and personalized data such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit.
When you apply for a job with us, we also collect Personal Information including:
- Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other information you provide to us in support of an application and/or the application and recruitment process;
- Information from interviews you may have, if any;
- Details of the type of employment you are looking for, current and/or desired salary and other terms relating to compensation and benefits packages, and job preferences;
- Details of how you heard about the position you are applying for;
- Any sensitive and/or demographic information obtained during the hiring process such as Social Security number, gender, information about your citizenship and/or nationality, medical or health information, and/or your racial or ethnic origin;
- Reference information and/or information received from background checks (as applicable), including information provided by third parties;
- Information relating to any previous applications you may have submitted to SH Group and/or any previous employment history with SH Group;
- Information about your educational and professional background from publicly available sources that we believe is relevant to your application or a potential future application (e.g., your LinkedIn profile);
To make purchases through our website, you submit your name, payment card information, and billing address. All payment card information is provided directly to our third-party service provider, Shopify. We may keep a record of your purchases.
COLLECTION OF PERSONAL DATA FROM CHILDREN
Our websites are not intended for children under 18 years of age. No one under age 18 may provide any information to or on our websites. We do not knowingly collect Personal Information from children under 18. If you are under 18, do not use or provide any information on our websites or on or through any of its features, use any of the interactive or public comment features of the websites or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any user name you may use. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].
HOW WE OBTAIN YOUR PERSONAL INFORMATION AND OTHER DATA
We collect your Personal Information in a variety of ways:
- Online Services. Personal Information is collected through online services either directly or through an affiliate booking website.
- Reservation Process
- Check out process for electronic folio receipts
- Purchase goods or services through the website or ecommerce website hosted by Shopify
- Communication via email
- Digital and thermal image capture
- Connect or post to social media related to the properties
- Participate in a survey, contest or promotional offer
- Property Visits. Personal Information is collected when guests visit our properties or use on property services and outlets
- Concierge services
- Health clubs
- When you apply for a job with us
- Offline Interactions. Personal Information is collected when individuals attend promotional events that we host or in which we participate, or when you provide your Personal Information to facilitate an event.
- Reservations and Customer Service Centers. Personal Information is collected when you make a reservation over the phone, communicate with us by email, fax or contact customer service. These communications may be recorded for purposes of quality assurance and training.
- Other Sources. Personal Information is also collected from other sources, such as public databases, joint marketing partners and other third parties.
- Internet-Connected Devices. Personal Details collected from internet-connected devices available in our properties. For example, a smart assistant device may be available for your use and to tailor your accommodations and experience.
“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Information. Other Data includes:
- Browser and device data
- App usage data
- Data collected through cookies, pixel tags and other technologies
- Demographic data and other data provided by you
- Aggregated data
WE COLLECT OTHER DATA IN A VARIETY OF WAYS
Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly
Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
Aggregated Data. We may aggregate data that we have collected, and this aggregated data will not personally identify you or any other user.
HOW WE USE YOUR PERSONAL Information AND OTHER DATA
We use Personal Information and Other Data to provide you with goods and Services, to develop new offerings and to protect SH Group, 1 Hotels, Baccarat Hotels & Resorts, Treehouse Hotels, The Jeremy Hotel and Princeville Resort and our guests as detailed below. In some instances, we will request that you provide Personal Information or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services. We will let you know if this is ever the case. We use Personal Information and Other Data for the following purposes:
- To facilitate reservations, payment, send administrative information, confirmations or prearrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit.
- To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person's bill will be emailed to you, as well.
- Personalize the Services according to your Personal Preferences. We use Personal Information and Other Data to personalize the Services and improve your experiences, including when you contact our reservations center, visit one of our properties or use the Online Services, to customize your experience according to your Personal Preferences and present offers tailored to your Personal Preferences.
- To enroll you in and facilitate our loyalty program.
- To fulfill orders you place on our website.
- Communicate with you about goods and services according to your Personal Preferences. We use Personal Information and Other Data to send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research or quality assurance surveys.
- Sweepstakes, activities, events and promotions. We use Personal Information and Other Data to allow you to participate in sweepstakes, contests and other promotions and to administer these activities. Some of these activities have additional rules and may contain additional information about how we use and disclose your Personal Information. We suggest that you read any such rules carefully.
- For data analysis, audits, public health and societal wellbeing security and fraud monitoring and prevention (including with the use of closed-circuit television, card keys, and other security systems).
- For developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- We use credit card data or other payment data for invoicing purposes.
If you apply for a job with us, we will also use Personal Information for the following purposes:
- To process your job application, to verify the information you have provided in your application, to communicate with you regarding your application, to answer your questions regarding the application process and to confirm your eligibility for a position. We may also save your information for future job openings within SH Group.
- To conduct interviews.
- To perform background and reference checks, with your consent, if you are offered a position.
- To evaluate and improve our recruiting process.
We use Google Ads and Facebook remarketing services to advertise SH’s hotels on third-party websites to previous visitors of our website. This could be in the form of an advertisement on the Google search results page, a site in the Google Display Network, or somewhere on Facebook. Google and Facebook will display advertisements to you based on what parts of the SH website you have viewed by placing a cookie on your web browser. These remarketing services allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
If you do not wish to see ads from SH, you can opt out in by visiting the links below:
For Google: https://support.google.com/ads/answer/2662922?hl=en
For Facebook: https://www.facebook.com/ads/website_custom_audiences/
DISCLOSURE OF PERSONAL DATA AND OTHER DATA
Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Information and Other Data with the following:
Strategic Business Partners. We disclose Personal Information and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.
Legal Requirements and Business Transfers. We may disclose your Personal Information and Other Data (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other government official requests including for matters related to public health and societal wellbeing, (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iii) in connection with an investigation of a complaint, security threat, or suspected or actual illegal activity; (iv) in connection with an internal audit; or (v) in the event that SH is subject to mergers, acquisitions, joint ventures, sales of assets, reorganizations, divestitures, dissolutions, bankruptcies, liquidations, or other types of business transactions. In these types of transactions, Personal Information may be shared, sold, or transferred, and it may be used subsequently by a third party.
HOW WE KEEP YOUR PERSONAL Information SECURE
SH has implemented reasonable physical, technical, and administrative security standards to protect Personal Information from loss, misuse, alteration, or destruction. We strive to protect your Personal Information against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your Personal Information, and they receive training about the importance of protecting your Personal Information. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section on the website.
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION FOR
INTERNATIONAL TRANSFERS OF YOUR PERSONAL information
SH Group is an international organization based in the United States.
If you are staying in one of our hotels located in the European Union, European Economic Area, or United Kingdom, we may transfer your Personal Information to the United States for the purpose of processing transactions and requests related to our services. In such cases, your Personal Information will be transferred to the United States or to other countries or jurisdictions in which we or our third party associates may process Personal Information through the use of Standard Contractual Clauses. If you are located in the European Union, Economic Area, or United Kingdom, please see the section titled “EU, EEA, and UK Privacy Notice” below for more information.
SH CALIFORNIA PRIVACY NOTICE
This Section applies to our collection and use of Personal Information if you are a resident of California, as required by the California Consumer Privacy Act of 2018 and its implementing regulations, as amended by the California Privacy Rights Act (“CCPA”), where “Personal Information” has the definition set forth in the CCPA. This Section describes (1) the categories of Personal Information collected and disclosed by us, (2) your privacy rights under the CCPA, and (3) how to exercise your rights.
|Category of Personal Information||Collected||Category of Source from which Personal Information is Collected||Purpose of Collection||Third Parties to whom Personal Information is Disclosed for a Business Purpose||Third Parties to whom Personal Information is Sold or Shared||Retention Period|
|Identifiers||Yes||Directly from you||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||We do not sell this category of personal information. However, we share your IP address with advertisers and social networks for purposes of crosscontext behavioral advertising||6 years from the date of your last activity or interaction with SH|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||Yes||Directly from you||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||We do not sell or share this category of Personal Information||6 years from the date of your last activity or interaction with SH|
|Protected classification characteristics under California or federal law||Yes||Directly from you||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||We do not sell or share this category of Personal Information||6 years from the date of your last activity or interaction with SH|
|Commercial Information||Yes||Directly from you||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||s We do not sell or share this category of Personal Information||6 years from the date of your last activity or interaction with SH|
|Internet or other similar network activity||Yes||Cookies and other tracking technologies||See section above titled “How We Use Your Personal Information and Other Data”||Our Service Providers||We do not sell this category of personal information. However, we share your IP address with advertisers and social networks for purposes of cross-context behavioral advertising||Varies depending on the type of cookie collecting this Personal Information, but no more than 2 years|
|Geolocation data||Yes||Cookies and other tracking technologies||See section above titled “How We Use Your Personal Information and Other Data”||Our Service Providers||We do not sell or share this category of Personal Information||6 years from the date of your last activity or interaction with SH|
|Sensory data||Yes||Surveillance cameras on SH hotel properties||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||We do not sell or share this category of Personal Information||Up to 6 months but varies from property to property|
|Professional or employmentrelated information||Yes||Directly from you; third-party sources||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||We do not sell or share this category of Personal Information||6 years from the date of your last activity or interaction with SH|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))||No||N/A||N/A||N/A||N/A||N/A|
|Inferences drawn from other Personal Information||Yes||Directly from you||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||s We do not sell or share this category of Personal Information.||6 years from the date of your last activity or interaction with SH|
|Sensitive Personal Information||Yes||Directly from you||See section above titled “How We Use Your Personal Information and Other Data”||Service Providers||We do not sell or share this category of Personal Information||6 years from the date of your last activity or interaction with SH|
If you are a resident of California, you have the following rights:
|Notice||The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.|
|Access||The right to request the categories of Personal Information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such Personal Information is collected and shared. You may also have the right to request the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your Personal Information.|
|Erasure||The right to have your Personal Information deleted. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation, or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information internally, in a lawful manner that is compatible with the context in which you provided it.|
|Correction||You have the right to request that we correct any incorrect personal information that we collect or retain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will correct (and direct any of our service providers that hold your data on our behalf to correct) your personal information from our records, unless an exception applies. We may deny your correction request if (a) we believe the personal information we maintain about you is accurate; (b) correcting the information would be impossible or involve disproportionate; or (c) if the request conflicts with our legal obligations.|
|Automated Decision Making||You have the right to request information about the logic involved in automated decision making and a description of the likely outcome of processes, and the right to opt out. SH does not currently engage in any automated decision making practices.|
|To Opt Out of Sales or Sharing of Personal Information||We do not sell Personal Information. However, if we did, you would have the right to opt out. You do have the right to opt out of us sharing your Personal Information with our advertising vendors for purposes of cross-context behavioral advertising|
|Limit Use of Sensitive Personal Information||SH does not use or disclose Sensitive Personal Information other than to provide our service and facilitate recruitment operations that are reasonably expected by the average consumer. However, if we used or disclosed Sensitive Personal Information for other purposes, you would have the right to opt out.|
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child.
You may only make a request for access twice within a 12-month period. The request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it
We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. If you are an authorized agent making a request on behalf of a California consumer, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney.
We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us.
We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes.
To exercise your California rights described in this section, please contact us at [email protected] or complete the web form located here.
SH will not discriminate against you in the event you exercise any of the aforementioned rights under CCPA, including, but not limited to, by:
- denying goods or services to you;
- charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- providing a different level or quality of goods or services to you; or
- suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Notice of Financial Incentive
As a member of SH’s loyalty program MISSION by SH, you will be eligible to receive benefits such as complimentary upgrades, access to exclusive offers, customer experiences and more based on certain qualifying charges as shown here.
For more information about the MISSION by SH program, please see our MISSION by SH Loyalty Program Terms and Conditions available at https://www.shhotelsandresorts.com/mission/terms-conditions.
When you sign up to join MISSION by SH, you will be required to provide your first name, last name, email address, and create a password. You may also choose to provide your mobile phone number.
- As a member, you will have access to an online account that will enable you to add additional personal information to your membership profile at your option, including your phone number, mailing address, birthday, country/region, contact preferences, and preferences including ideal guestroom location, extra accommodations or amenities, diet preferences, and wellness preferences. You will also be able to sign up for our email subscription lists from our hotel brands, including 1 Hotels, Baccarat, Treehouse, and SH Collection.
- The estimated value of Personal Information that we collect in connection with guests’ registration in MISSION by SH is approximately USD $150, which is based on the difference between the estimated average annual spend of enrolled versus non-enrolled guests. SH does not receive any direct value from the Personal Information it collects in connection with MISSION by SH.
You can sign up for MISSION by SH by visiting our website at https://www.shhotelsandresorts.com/account/register. You can close your MISSION by SH account with us at any time by submitting this form or by e-mailing us at [email protected].
Shine the Light
Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of Personal Information to third parties for the third parties’ direct marketing purposes, if any. To make such a request, send an email with the subject heading “California Privacy Rights” to privacy [email protected] or write to us at:
SH Group Operations, LLC
Data Privacy Officer
3225 Aviation Avenue, Ste 500
Coconut Grove, FL 33133
In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by these California privacy rights requirements and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year.
Nevada Consumer Rights
The Right to Opt-Out of the Sale of Personal Information
If you are a Nevada resident, you may request that we stop selling certain categories of Personal Information that we collect. To submit a request please click here. You also may call our toll-free telephone number at 833.623.0111, send a letter to the SH Group Operations, LLC, Data Privacy Officer, 3225 Aviation Avenue, Ste 500, Coconut Grove, FL 33133, or complete a paper form available from the front desk at any of our hotels. When the PO receives your request, the PO will first verify your identity. The PO will verify your identify by asking you to provide your name, the email address and phone number associated with your reservation history or account. Once the PO has verified your identity, the PO will promptly fulfill your request, but not later than 60 days.
EU, EEA, and UK Privacy Notice
Legal Bases for Processing Personal Data
If you are an individual located in the European Union (EU), European Economic Area (EEA), or United Kingdom (UK), we collect and process Personal Data about you where we have a legal basis for doing so under the GDPR and UK GDPR, where “Personal Data” has the definition set forth in the GDPR and UK GDPR. This means we collect and process your Personal Data only when:
- it is necessary for a legitimate interest (which is not overridden by your individual privacy interests), such as preventing fraud, improving our website, and increasing the security of the website and network infrastructure;
- you have consented to this collection and processing for a specific purpose;
- it is necessary to fulfil our contractual obligations; or
- it is necessary to comply with a legal obligation.
Where we rely on your consent to process your Personal Data, you have the right to withdraw or decline consent at any time. Some examples of where we rely on your consent to process your Personal Data include sending you marketing emails. If you wish to withdraw your consent, please submit this form.
Some examples of our legitimate interests for processing personal data include:
- website and network security;
- customer support;
- fraud prevention; or
- improving our websites.
Where we rely on our legitimate interests to process your Personal Data, you may have the right to object. More information on exercising this right can be found in the Individual Rights section below.
If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us at [email protected].
If you are located in the EU, EEA, or UK, you have certain rights with respect to your Personal Data, including the right to request access to, correct, and delete your Personal Data. You may also have the right to receive a copy of your Personal Data in a commonly used and machine-readable format, and to transmit such data to another controller. You also may object to processing of your Personal Data, or ask that we restrict the processing of your Personal Data in certain instances.
To request deletion of, access to, or to make changes to your Personal Data, or to otherwise any of the rights in this section, please submit this form. Please note that not all requests can be honored.
Transfers, Storage, and Processing
Our websites are operated from and hosted on servers located in the United States. If you access and use our websites from a location outside of the United States, any Personal Data you provide to us or that is otherwise collected may be transferred to and processed in the United States or any other jurisdiction in our sole discretion. Users of our websites should be aware that the laws that apply to the use and protection of Personal Data in the United States or other countries or jurisdictions to which we transfer, or in which we process, Personal Data may differ from those of your country of residence. Users who access or use our websites from jurisdictions outside of the United States do so at their own choice and risk and are solely responsible for compliance with local law. While we take steps to safeguard your Personal Data, the United States has NOT been deemed by the European Commission to ensure an adequate level of protection for Personal Data. Accordingly, the level of protection provided in the United States or other non-EU countries and jurisdictions from which you may access our websites may not be as stringent as that under EU data protection standards or the data protection laws of some other countries, possibly including your home jurisdiction.
If we are processing your Personal Data on behalf of another party, your Personal Data is transferred across borders to the United States or to other countries or jurisdictions in which we or our third-party associates may process Personal Data through the use of Standard Contract Clauses.