Last updated: January 2, 2020
OUR COLLECTION AND USE OF PII
“PII” is generally defined as information that may be able to identify you such as, but not limited to, your name, address, telephone number, email address, credit or debit card number, social security number, bank account number or code, photograph, or age, among other things. We only collect PII that you voluntarily provide to us.
You can generally visit and browse the Site without revealing any PII to us, but some features or areas of the Site will ask or require you to provide PII to use those features or areas. For example, PII may be requested when you reserve a room through the Site, request information from the Hotel, create a user account, or enter certain contests or other promotional activities. You will be required to provide certain PII during check-in, to verify your identity and comply with our policies and applicable laws.
We may use your PII to:
OUR COLLECTION AND USE OF ANONYMOUS DATA
“Anonymous Data” refers to general information that does not identify you personally (unlike PII), including clicks, pages views and durations, IP address, referral links, use of particular services, and interest in services, information or features of the Site or other parties made available through or found at the Site. Anonymous Data is automatically collected by our servers when you visit the Site, including through the use of technology such as cookies and web beacons. We may use and share Anonymous Data as we deem useful in our sole discretion, including to operate, maintain, develop, market and improve the Site, our Hotel, and our services.
We use both session cookies (temporary files that are deleted when you close your browser) and persistent cookies (files that stay on your computer until you delete them or they expire).
We also use third party advertising technology to serve Hotel advertisements to you on other sites. The technology gathers anonymous data about your Site visits and visits to other sites where Hotel advertisements appear in order to serve you with Hotel advertisements on third party sites. When these advertisements are served to you, third party persistent cookies may be put on your computer.
For example, we may use AdRoll (www.adroll.com, https://www.adroll.com/about/privacy) to serve you customized advertisements on third party sites based on your interaction with the Site. As you browse the Site, advertising cookies will be placed on your computer so that we can understand what you are interested in. Our display advertising partner, AdRoll, then enables us to present you with retargeting advertising on other sites based on your previous interaction with the Site. The techniques our partners employ do not collect PII. You can visit https://www.networkadvertising.org/choices/ to opt out of AdRoll and its partners’ targeted advertising.
The Hotel, through its third party advertising/marketing vendors, may also use pixel tags to collect Anonymous Data. The pixel tags are computer coding usually fixed to Site pages or emails that allows our vendors to anonymously collect certain pieces of information. The Hotel, in conjunction with our advertising/marketing and email vendors, may use pixel tags to:
You may set or configure your browser to block or disable cookies. Please review your browser instructions for details on that. Please note that by disabling cookies, this could affect your use of the Site and/or restrict your interaction with the Site. Please note that our advertising/marketing vendors may handle “do not track” requests differently from the Hotel.
SHARING OF PII
Except as noted in this Policy, we do not sell or share your PII with any person or entity outside of the Hotel and its management company (Highgate Hotels). We do not share PII with any other parties for direct marketing purposes.
We may provide your PII or other information to other vendors and service agencies that we use to assist us in running the Site and our business. For example, we may share certain portions of your PII with:
We share PII with these and other vendors only for the purposes specified by us.
The Site may integrate with social media sites/apps or tools which let you share content, information and/or actions you create or take on the Site with such social media sites/apps, and vice versa. What you choose to share can become public depending on your privacy settings for those social media sites/apps. Please review the privacy policies of those social media sites/apps for details about how each site/app handles content, information, and/or actions you share through them.
We may disclose your PII and other information if we believe in good faith: (1) it is required by law or as part of a legal process; (2) it allows us to protect and enforce our legal rights, including but not limited to, to limit harm or damages to the Hotel, Hotel property, and/or Hotel personnel; (3) it is needed to respond to a governmental or law enforcement investigation or request; (4) it is needed to protect the safety, property, and/or other legal rights of the Hotel and its employees, guests, and Site visitors, and/or other members of the public; and/or (5) it is needed to prevent physical harm or damage to any person or Hotel property, and/or to respond to any other situation deemed an emergency by us.
We may share your PII with a third party if our ownership status changes, such as in the event such third party acquires our Hotel.
REVIEW OF COLLECTED PII
If you would like to review or edit any room reservation made through the Site, or revise the PII collected from you that makes up our customer database, please contact us as set forth at the end of this Policy.
Please note that we reserve the right to maintain proper business and transactional records required by law, even if such records contain your PII.
If you would like to opt out of receiving further promotional emails from us, please follow the opt out instructions at the bottom of the email or send us a detailed email at the address set forth at the end of this Policy.
Please note that any removal of content by us does not ensure or guarantee complete or comprehensive removal of the content in all places. The content may have been shared or reposted by other parties, or federal or state law may require maintenance of the content or information.
RESPONSE TO “DO NOT TRACK” REQUESTS/SIGNALS
At the present time, we do not respond to nor process “do not track” or similar technical requests not to be tracked.
DATA SECURITY AND RETENTION
We use, implement, and maintain industry standard technological security measures that are reasonably designed to help protect your PII from loss, unauthorized access, or disclosure both in storage/rest and in transmission.
While we take the issue of protecting your PII seriously, you should exercise discretion in what information you transmit to the Site. No transmission sent over the Internet can be guaranteed to be fully secure, and therefore the transmitted information may be intercepted by others before it reaches us. If you are concerned about sending information to us over the Internet, please send the information by mail or call us to make other arrangements. We do not control and are not responsible for the security of information while in transit to us via the Internet.
We generally retain your personal data only as long as may be reasonably necessary to carry out the purposes set forth in this Policy. We retain collected information to: (1) process room reservations and other services and actions performed through the Site; (2) maintain a customer database; and (3) otherwise fulfill the stated purpose for why the information was collected. We will also retain collected information connected to business records for periods of time required by law. Our collection times will be consistent with applicable law.
The Site is intended for individuals 18 years of age and older located in the United States. The Site is not directed at, marketed to, nor intended for, users younger than 18 years of age. If we learn that any PII was provided through the Site by a person younger than 18 years of age, we will make commercially reasonable efforts to delete such PII promptly.
LOCAL COUNTRY PRIVACY RIGHTS
Depending on your country and state of residency, you are entitled to request: (a) information regarding your personal information we have collected (including the categories of personal information we have collected, the categories of sources of such information, and the purposes for which we have collected or sold such information); (b) notice of whether we have disclosed your personal information to third parties (and if so, what categories of information we have disclosed, and what categories of third parties we have disclosed it to); (c) a copy of your personal information collected by us in the past 12 months; (d) that your personal information be deleted; and (e) that your personal information not be sold to third parties. We will not discriminate against you if you choose to exercise any of these rights. If you are a California resident, you may also opt-out of the sale of your personal information. To unsubscribe from any newsletters or marketing communications, please follow the unsubscribe or opt-out instructions in any such email. To request such notice, please submit a written request to us (see Contact Information, below). We may require verification of your identity before further processing your request. In certain instances, we may be permitted by law to decline some or all of such request. If we deny your request, we will provide you with a written explanation of the reasons for our determination.
If we need to transfer personal data from the EU to a country outside the EU, we take reasonable steps to ensure such personal data is appropriately protected. For jurisdictions that are not the subject of a data privacy adequacy decision by the European Commission, we use binding corporate rules, EU model clauses, or other permitted mechanisms to ensure an appropriate level of data privacy and security. For example, we may transfer personal data to Highgate Hotels, our management company. Highgate Hotels is in the United States, and complies with the EU-U.S. Privacy Shield Framework with regards to the transfer of personal data from the EU. We may remain liable for any onward transfer of personal data that we export from the EU.
Where we are processing your personal data based on your consent, you have the right at any time to withdraw such consent by contacting us as set forth below. Please note that we may continue to process such personal data only if supported by another lawful basis (such as to fulfill our obligations to you, in connection with our legitimate business interest, or as required by law).
We are typically the data controller, as that term is used in applicable privacy laws, for any personal data that we collect from you. However, when we collect personal data about you from a third party (e.g., travel agencies), the third party may be the data collector for such data and we may be the data processor. If we are acting as the data processor, we will only process the relevant personal data as requested by the data controller, and may need to refer any inquiries from you to the applicable data controller.
INQUIRIES OR COMPLAINTS
If you have any questions or complaints about our data processing practices, please first contact us at as set forth below. If we are unable to resolve your complaint, you also have the right to raise your inquiry or complaint with the applicable data protection authority in your home country.
EXTERNAL LINKS AND THIRD PARTY SITES
The Site may contain links to external websites not controlled by us. We are not responsible for the privacy practices and data collection policies for third party sites. You should consult the privacy policies of those sites for details.
We may allow interaction between the Site and other sites or other social media providers. This may include the “Like” button or other plugins available through the Site that allow you to share information with persons outside of the Site. Please consult the privacy policies of those third party providers before using them to make sure you are comfortable with the level of sharing.
If you have any questions about this Policy or our data practices, please contact us at:
Boston Park Plaza
50 Park Plaza at Arlington Street, Boston, MA 02116-3912
1-866-I-OPT-OUT – Service Code: 341#