MCR Privacy Statement
Last Updated May 24, 2018
MCR values you, our customers, guests and friends, and recognizes that privacy is important to you. We want you to be familiar with how we collect, use and disclose data.
This Privacy Statement describes the privacy practices of MCR Investors LLC, together with its subsidiaries and affiliates (collectively, “MCR”), for data that we collect:
- through any websites operated by us from which you are accessing this Privacy Statement (collectively, “Websites”);
- through any software applications made available by us for use on or through computers and mobile devices (collectively, “Apps”);
- through any social media services via handles that we control (collectively, “Social Media Feeds”);
- through email messages that we send you that link to this Privacy Statement and through your communications with us;
- when you visit or stay as a guest at one of our hotels; or
- through other offline interactions.
Collectively, we refer to the Websites, the Apps and our Social Media Feeds, as the “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Statement.
- Collection of Personal Data
- How We Collect Personal Data
- Collection of Other Data
- How We Collect Other Data
- Use of Personal Data and Other Data
- Disclosure of Personal Data and Other Data
- Other Uses and Disclosures
- Non-MCR Entities
- Choices, Access and Retention
- How You Can Access, Change or Suppress Your Personal Data
- Sensitive Data
- Use of Services by Minors
- Updates to This Privacy Statement
- Contacting Us
Collection of Personal Data
“Personal Data” are data that identify you as an individual or relate to an identifiable individual.
We may collect Personal Data in accordance with law, such as:
- Postal address
- Telephone number
- Email address
- Credit and debit card number or other payment data
- Financial information in limited circumstances
- Language preference
- Date and place of birth
- Nationality, passport, visa or other government-issued identification data
- Employer details
- Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts
- Images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our properties
If you submit any Personal Data about other people to us or our Service Providers, you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.
How We Collect Personal Data
We collect Personal Data in a variety of ways:
- Online Services. We may collect Personal Data when you make a reservation, purchase goods and services from our Websites or Apps, communicate with us, or otherwise connect with us or post to Social Media Feeds, or sign up for a newsletter or participate in a survey, contest or promotional offer.
- Property Visits and Offline Interactions. We may collect Personal Data when you visit our properties or use on-property services and outlets. We may also collect Personal Data when you attend promotional events that we host or in which we participate and from other business or personal contacts.
- Customer Contacts. We may collect Personal Data when you communicate with us by email, fax, telephone or via online chat services. These communications may be recorded for purposes of quality assurance and training.
- Owners. We may collect Personal Data from owners of properties that we manage (“Owners”).
- Franchisors. We may collect Personal Data from Hilton, Marriott and their affiliates and other franchisors of properties that we own and/or manage (“Franchisors”).
- Other Sources. We may collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties.
- Internet-Connected Devices. We may collect Personal Data from internet-connected devices available in our properties.
- Physical & Mobile Location-Based Services. We may collect Personal Data if you download an App or choose to participate in certain programs. For example, we may collect the precise physical location of your device by using satellite, cell phone tower, WiFi signals, or other technologies if you opt in through the App or other program (either during your initial login or later) to enable location-driven capabilities on your mobile device. If you have opted-in, the App or other program may continue to collect location data until you log off or close application (i.e., the App or other program will collect this data if it is running in the background) or if you use your phone’s or other device’s setting to disable location capabilities for the App or other program.
Collection of Other Data
“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data include:
- Browser and device data
- App usage data
- Data collected through cookies, pixel tags and other technologies
- Demographic data and other data provided by you
- Aggregated data
How We Collect Other Data
We collect Other Data in a variety of ways:
- Your browser or device. We may collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We may use this data to ensure that the Online Services function properly.
- Your use of the Apps. We may collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers and what data and files have been downloaded to the App based on your device number.
We may collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies permit the collection of data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We may use this data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We may also gather statistical data about use of the Online Services to improve design and functionality, understand how they are used and assist us with resolving questions.
Cookies may further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing emails.
- Pixel Tags and other similar technologies. We may collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.
- Your IP Address. We may collect your IP address, a number that is assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We may use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
- Aggregated Data. We may aggregate data that we collected and this aggregated data will not personally identify you or any other user.
Use of Personal Data and Other Data
We use Personal Data and Other Data to provide you with Services, to develop new offerings and to protect MCR and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.
We will use Personal Data and Other Data to communicate with you with your consent, to manage our contractual relationship with you, to comply with legal obligations, and/or because we have a legitimate interest to do so. Without limiting the foregoing, we may use Personal Data and Other Data for our legitimate business interests, including the following:
- Provide the Services you request. We use Personal Data and Other Data to provide Services you request, which may include:
- To facilitate reservations, payment, send administrative information, confirmations or messages;
- To complete your reservation and stay and to provide you with related customer service; and
- To provide electronic receipts.
- Communicate with you about goods and services. We may use Personal Data and Other Data to send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research or quality assurance surveys
- Activities, events and promotions. We may use Personal Data and Other Data to allow you to participate in promotions and to administer these activities.
- Business Purposes. We may use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed circuit television, card keys, and other security systems), developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
Disclosure of Personal Data and Other Data
We may share Personal Data and Other Data with the following:
- MCR. We may disclose Personal Data and Other Data among corporate affiliates and subsidiaries of MCR and among properties owned or managed by MCR for the purposes described in this Privacy Statement, such as providing and personalizing the Services, communicating with you, providing news and marketing information, and to accomplish our business purposes. MCR Investors LLC is the party responsible for the management of the jointly-used Personal Data.
- Owners. We may disclose Personal Data and Other Data to Owners of MCR managed properties for the purposes described in this Privacy Statement, such as providing and personalizing the Services and facilitating loyalty programs.
- Franchisors. We may disclose Personal Data and Other Data to Franchisors for the purposes described in this Privacy Statement, such as providing and personalizing the Services and facilitating loyalty programs.
- Service Providers. We may disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services, as well as franchisors of our hotels.
- Corporate Reorganization. We may disclose or transfer your Personal Data and Other Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of MCR’s business, assets or stock (including any bankruptcy or similar proceedings).
Other Uses and Disclosures
We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of the MCR, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.
This Privacy Statement does not address, and we are not responsible for the privacy, data or other practices of any entities outside of MCR, including Owners, Franchisors, or any third party operating any site or service to which the Services link, payment service, loyalty program, or website that is the landing page of the high-speed Internet providers at our properties. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us. We have no control over, and are not responsible for, any third party’s collection, use and disclosure of your Personal Data.
In addition, we are not responsible for the data collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, Amazon, any Franchisor, any Owner or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or the Apps or our Social Media Feeds.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below.
Links to Other Web Sites
In order to anticipate your needs, our Websites may provide links to other web sites and third parties for your convenience and information. We are not responsible for the collection, use, maintenance, sharing or disclosure of data (including Personal Data) by such third parties. We encourage you to contact these third parties to ask questions about their privacy practices, policies and security measures before disclosing any personal data. We recommend that you review the privacy statements and policies of linked web sites to understand how those web sites collect, use and store information.
Access and Retention
You have choices when it comes to how we use your data and we want to ensure you have the information to make the choices that are right for you.
If you no longer want to receive marketing-related emails, you may opt out by following the instructions in any such email you receive from us or contacting us as described below.
We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.
Special Notice for California Residents: Customers who reside in California and have provided their Personal Data to us can request, once per calendar year, information about our sharing of certain categories of Personal Data to third parties and within MCR, for their direct marketing purposes. Such requests should be submitted to us at firstname.lastname@example.org or:
1503 LBJ Freeway, Suite 300
Dallas, Texas 75234
We will provide a list of the categories of Personal Data disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
How You Can Access, Change or Suppress Your Personal Data
If you would like to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at email@example.com or by mail:
1503 LBJ Freeway, Suite 300
Dallas, Texas 75234
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database, or other limitations you would like to put on our use of your Personal Data. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you;
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); and
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations).
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).
Use of Services by Minors
The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.
Updates to This Privacy Statement
The “LAST UPDATED” legend at the top of this page indicates when this Privacy Statement was last revised. Any changes will become effective when we post the revised Privacy Statement on the Online Services. Your use of the Services following these changes means that you accept the revised Privacy Statement.
If you have any questions about this Privacy Statement, please contact us at firstname.lastname@example.org, or by mail:
1503 LBJ Freeway, Suite 300
Dallas, Texas 75234
Because your email communications to us may not always be secure, please do not include credit card or Sensitive Data in your emails to us.