Last updated: April 15, 2022
1. The Personal Data we collect about you2. Collection of Personal Information From Children3. How we obtain your Personal Data and Other Data4. How we use your Personal Data and Other Data5. Disclosure of Personal Data and Other Data6. How we keep your Personal Data secure7. How long we retain your Personal Data for8. International transfers of your Personal Data
Occasionally, at our discretion, we may include or offer third-party products or services on our websites. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We urge you to read the privacy policies of other websites before submitting any information to those websites.
“Personal Data” are data that identify you as an individual or relate to an identifiable individual. SH Group, 1 Hotels, Baccarat Hotels & Resorts, Treehouse Hotels, The Jeremy Hotel and Princeville Resort collects the following types of Personal Data in both an online and offline context, when providing you with our products and services:
We will also collect the following types of personal data for the following purposes:
To make purchases through our website, you submit your name, payment card information, and billing address. All payment card information is provided directly to our third-party service provider, Shopify. We may keep a record of your purchases.
Our websites are not intended for children under 18 years of age. No one under age 18 may provide any information to or on our websites. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on our websites or on or through any of its features, use any of the interactive or public comment features of the websites or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].
Personal Data collection is obtained in a variety of ways:
“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data includes:
Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly
Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
Aggregated Data. We may aggregate data that we have collected, and this aggregated data will not personally identify you or any other user.
We use Personal Data and Other Data to provide you with goods and Services, to develop new offerings and to protect SH Group, 1 Hotels, Baccarat Hotels & Resorts, Treehouse Hotels, The Jeremy Hotel and Princeville Resort and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services. We will let you know if this is ever the case. We use Personal Data and Other Data for the following purposes:
We use Google Ads and Facebook remarketing services to advertise SH’s hotels on third-party websites to previous visitors of our website. This could be in the form of an advertisement on the Google search results page, a site in the Google Display Network, or somewhere on Facebook. Google and Facebook will display advertisements to you based on what parts of the SH website you have viewed by placing a cookie on your web browser. These remarketing services allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
If you do not wish to see ads from SH, you can opt out in by visiting the links below:
For Google: https://support.google.com/ads/answer/2662922?hl=en
For Facebook: https://www.facebook.com/ads/website_custom_audiences/
Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data and Other Data with the following:
Strategic Business Partners. We disclose Personal Data and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.
Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services.
Legal Requirements and Business Transfers. We may disclose your Personal Data and Other Data (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other government official requests including for matters related to public health and societal wellbeing, (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iii) in connection with an investigation of a complaint, security threat, or suspected or actual illegal activity; (iv) in connection with an internal audit; or (v) in the event that SH is subject to mergers, acquisitions, joint ventures, sales of assets, reorganizations, divestitures, dissolutions, bankruptcies, liquidations, or other types of business transactions. In these types of transactions, Personal Data may be shared, sold, or transferred, and it may be used subsequently by a third party.
SH has implemented reasonable physical, technical, and administrative security standards to protect Personal Data from loss, misuse, alteration, or destruction. We strive to protect your Personal Data against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your Personal Data, and they receive training about the importance of protecting your Personal Data. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section on the website.
SH Group is an international organization based in the United States.
If you are staying in one of our hotels located in European Economic Area, we may transfer your personal information outside of the European Economic Area to the United States for the purpose of processing transactions and requests related to our services. In such cases, your personal data will be transferred to the United States or to other countries or jurisdictions in which we or our third-party associates may process personal data through the use of Standard Contract Clauses.
If you are browsing or otherwise accessing our websites from the European Economic Area, please be aware that any personal data you provide, and any personal information we automatically collect through your browsing, such as browser data and IP address, will be transferred to the United States. You should be aware that the laws that apply to the use and protection of personal data in the United States or other countries or jurisdictions to which we transfer, or in which we process, personal data may differ from those of your country of residence. If you access our website from jurisdictions outside of the United States, you do so at your own choice and risk and are solely responsible for compliance with local law. While we take steps to safeguard your personal data, the United States has NOT been deemed by the European Commission to ensure an adequate level of protection for personal data. Accordingly, the level of protection provided in the United States or other non-EU countries and jurisdictions from which you may access our websites may not be as stringent as that under EU data protection standards or the data protection laws of some other countries, possibly including your home jurisdiction.
Pursuant to applicable California law, including the California Consumer Privacy Act (“CCPA”), SH makes the following disclosures regarding the personal information SH has collected within the last 12 months:
If you are a California resident, pursuant to the CCPA, you have the right to request:
To submit a request, or designate an authorized agent to make a request under the CCPA on your behalf, please complete this form or call us toll-free at 833.623.0111. To verify your identity when you submit a request, we will match the identifying information you provide us to the personal information we have about you. If you have an account with us, we will also verify your identity through our existing authentication practices for your account. Request will be honored within 45 days or less, however, based on the results of verification, SH may take up to 90 days to honor your request.
However, SH will not be required to comply with your request to delete your personal information if it is necessary for SH to maintain your personal information in order to:
SH will not discriminate against you in the event you exercise any of the aforementioned rights under CCPA, including, but not limited to, by:
This Policy is available to consumers with disabilities. To access this Policy in an alternative downloadable format, please click here.
As a member of SH’s loyalty program MISSION by SH, you will be eligible to receive benefits such as complimentary upgrades, access to exclusive offers, customer experiences and more based on certain qualifying charges as shown here.
For more information about the MISSION by SH program, please see our MISSION by SH Loyalty Program Terms and Conditions available at https://www.shhotelsandresorts.com/mission/terms-conditions.
When you sign up to join MISSION by SH, you will be required to provide your first name, last name, e-mail address, and create a password. You may also choose to provide your mobile phone number.
You can sign up for MISSION by SH by visiting our website at https://www.shhotelsandresorts.com/account/register. You can close your MISSION by SH account with us at any time by submitting this form or by e-mailing us at [email protected].
The Right to Opt-Out of the Sale of Personal Information
If you are a Nevada resident, you may request that we stop selling certain categories of personal information that we collect. To submit a request please click here. You also may call our toll-free telephone number at 833.623.0111, send a letter to the SH Group Operations, LLC, Data Privacy Officer, 750 N. San Vicente Blvd., Ste. 800 West, West Hollywood, CA 90069 or complete a paper form available from the front desk at any of our hotels. When the PO receives your request, the PO will first verify your identity. The PO will verify your identify by asking you to provide your name, the email address and phone number associated with your reservation history or account. Once the PO has verified your identity, the PO will promptly fulfill your request, but not later than 60 days.
Controllers of Personal Data
SH Group Operations, LLC
Data Privacy Officer
750 N. San Vicente Blvd., Ste. 800 West
West Hollywood, CA 90069
is the data controller of the personal data we collect.
Legal Bases for Processing Personal Data
If you are an individual located in the European Union (EU), we collect and process personal data about you where we have a legal basis for doing so under applicable EU laws. This means we collect and process your data only when:
Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. Some examples of where we rely on your consent to process your personal data include sending you marketing emails. If you wish to withdraw your consent, please submit this form.
Some examples of our legitimate interests for processing personal data include:
Where we rely on our legitimate interests to process your personal data, you may have the right to object. More information on exercising this right can be found in the Individual Rights section below.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us at [email protected].
If you are located in the EU, you have certain rights under EU data protection law with respect to your personal data, including the right to request access to, correct, and delete your personal data. You may also have the right to receive a copy of your personal data in a commonly used and machine-readable format, and to transmit such data to another controller. You also may object to processing of your personal data, or ask that we restrict the processing of your personal data in certain instances.
To request deletion of, access to, or to make changes to your personal data, or to otherwise any of the rights in this section, please submit this form. Please note that not all requests can be honored.
Transfers, Storage, and Processing
Our websites are operated from and hosted on servers located in the United States. If you access and use our websites from a location outside of the United States, any personal data you provide to us or that is otherwise collected may be transferred to and processed in the United States or any other jurisdiction in our sole discretion. Users of our websites should be aware that the laws that apply to the use and protection of personal data in the United States or other countries or jurisdictions to which we transfer, or in which we process, personal data may differ from those of your country of residence. Users who access or use our websites from jurisdictions outside of the United States do so at their own choice and risk and are solely responsible for compliance with local law. While we take steps to safeguard your personal data, the United States has NOT been deemed by the European Commission to ensure an adequate level of protection for personal data. Accordingly, the level of protection provided in the United States or other non-EU countries and jurisdictions from which you may access our websites may not be as stringent as that under EU data protection standards or the data protection laws of some other countries, possibly including your home jurisdiction.
If we are processing your personal data on behalf of another party, your personal data is transferred across borders to the United States or to other countries or jurisdictions in which we or our third-party associates may process personal data through the use of Standard Contract Clauses.