Privacy Policy
Looks like you’re interested in finding out more about our Privacy Notice, or maybe you accidentally clicked the link and found yourself here, the lonely place where legal jargon hangs out. Whatever the reason, we care about your privacy concerns and are happy you’re here. Long document short, we capture some data about you — sessions, the regular analytics stuff, and we’ll take your email and other information when you give it to us — but we don’t sell your data, only share it with service providers for limited purposes, and mostly use it to help your reservation process go smoothly and for internal marketing purposes. Read on for the full Privacy Notice nitty-gritty.
Ace Group International, LLC (“AGI”), Ace Hotel & Swim Club Athens and their affiliates believes in protecting the privacy of personal data and wants you to be familiar with how we collect, use and disclose information collected from individuals who visit our website at Ace Hotel, Shop Ace Hotel and Ace Hotel Reader (the “Websites”). This Notice covers AGI’s practices and procedures as they relate specifically to information we collect at our Websites, but excludes services that state that they are offered under a different privacy policy.
Our Privacy Policy explains: (1) what information we collect; (2) why we collect it; (3) how we use that information; (4) how we may share it; and (5) the choices we offer, including how to access and update information. Specifically, our Privacy Policy covers the following topics:
- When This Privacy Policy Applies
- Personal Data We May Collect at the Websites
- Information We Obtain From Your Use of Our Services
- Cookies and Similar Technologies
- How We Use Information We Collect
- Our Legal Basis for Collecting Personal Data
- Information We Share
- Other Uses and Disclosures
- Your Failure to Provide Personal Data
- Our Retention of Your Personal Data
- Your Choices and Accessing, Updating or Deleting Your Personal Data
- Social Media Platforms and Websites
- Third Party Links
- International Transfer
- Confidentiality and Security
- Children
- Direct Marketing and “Do Not Track” Signals
- Changes to Our Website Privacy Notice
- How to Contact Us
Please familiarize yourself with our privacy practices and let us know if you have any questions. By using the Websites, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Websites.
Irrespective of which country you live in, you authorize us to transfer, store, and use your information in the United States, and any other country where we operate. In some of these countries, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those in the country where you live. Learn more about our data transfer operations in the “International Transfer” section below. If you do not agree to the transfer, storage and use of your information in the United States, and any other country where we operate, please do not use the Websites or Services.
When This Privacy Policy Applies
Our Privacy Policy applies to all of the services offered by Ace Hotels and its affiliates, and services offered on other sites, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.
Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.
Personal Data We May Collect and Use at the Website
“Personal Data” is defined as information provided by you that identifies you as someone using our Websites. We may collect Personal Data that you provide to us voluntarily, and that as well as automatically from your use of and access to the Websites. This personal data may include:
- Name
- Postal Address (billing and shipping)
- Telephone number
- Email address
- Credit and debit card numbers
- Financial information
- Birthdate
- Booking, stay, and purchase history
- Social media nickname
- Communication preferences
- IP Addresses
- Device information
- Location information
- Region
The Sites offer interactive and social features that permit you to submit content and communicate with other users. You may provide personal data to us when you post information in these interactive and social features. Please note that your postings in these areas of the Sites may be publicly accessible or accessible to other users.
Unless specifically requested, we ask that you do not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to race and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric information, physical or mental health information, medical insurance data, sexual orientation, criminal background, or administrative proceedings and sanctions).
Please note that if you do not provide us with Personal Data, your ability to use certain aspects of our products and services may be limited.
Information We Obtain From Your Use of Our Services
We collect certain information automatically, such as your operating system version, browser type, and internet service provider. When you use our Website, we automatically collect and store this information in service logs. This includes: details of how you used our Website; Internet protocol address; and cookies that uniquely identify your browser. We may also collect and process information about your actual location. The information we collect automatically is statistical data and may or may not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.
Cookies and Similar Technologies
We and our partners use various technologies to collect and store information when you visit one of our services, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. Our third party advertising and analytics partners include Google, Facebook, Instagram, Cybba, Duetto and other remarketing services.
The technologies we use for this automatic data collection may include:
Cookies
A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our services.
We may use cookies for the following purposes:
- to maintain continuity during a user session
- to gather data about the usage of the Websites for research and other purposes
- to store your preferences for certain kinds of information and marketing offers
- Our cookies will track only your activity relating to your online activity on the Websites, and will not track your other Internet activity. Our cookies do not gather personal data. You can decide if and how your computer will accept a cookie by configuring your preferences or options in your browser. However, if you choose to reject cookies, you may not be able to use certain of our online products and services or web site features.
- We may occasionally permit other companies to set cookies on our Websites and gather cookie information for us. In some cases, we may also use another company to operate web servers or process credit card purchases for our Websites. We use the cookie information gathered by these companies in the same manner as stated above.
Web Beacons
Pages of our services or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Clickstream Data
Clickstream data is information collected by our computers when you request Web pages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Sites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Sites.
How We Use Information We Collect
If you do provide us with Personal Data, we use it in ways that are compatible with the purposes for which it was collected or authorized by you, including for the following purposes:
- Provide the services you request, including:
- To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages.
- To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service.
- To support our electronic receipt program.
- To manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.
- Personalize the Services according to your personal preferences, including:
- To customize your experience according to your personal preferences
- Present offers tailored to your personal preferences
- Communicate with you about goods and services according to your personal preferences, including:
- To send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research and quality assurance surveys.
- Business Purposes
- To comply with all applicable legal requirements.
- To investigate possible fraud or other violations of our Privacy Policy and/or attempts to harm our Users.
Our Legal Basis For Collecting Personal Data
Whenever we collect Personal Data from you, we may do so on the following legal bases:
- Your consent to such collection and use;
- Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Products;
- Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Data is necessary for:
- Intra-organization transfers for client data for administrative purposes;
- Product development and enhancement, where the processing enables AGI to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our users, and to better understand how people interact with our Sites;
- Communications and marketing, including processing data for direct marketing purposes, and subject to your opt-in for these purposes, and to determine the effectiveness of our promotional campaigns and advertising;
- Fraud detection and prevention;
- Enhancement of our cybersecurity, including improving the security of our network and information systems; and
- General business operations and diligence;
Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.
Information We Share
We do not share personal data with companies, organizations and individuals outside of the Organization unless one of the following circumstances applies:
With your consent. We will share personal data with companies, organizations or individuals outside of AGI when we have your consent to do so.
Owners and Franchisees. We disclose Personal Data and Other Data to Owners and Franchisees of AGI branded properties for the purposes described in this Privacy Notice, such as providing and personalizing the Services and facilitating the loyalty programs.
Authorized Licensees. We disclose Personal Data and Other Data to our Authorized Licensees for the purposes described in this Privacy Statement, such as providing and personalizing the Services and fulfilling your requests. For example, this sharing enables you to purchase AGI branded goods and services, including time share properties.
Strategic Business Partners. We disclose Personal Data and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services.
For external processing. We provide personal data to our affiliates or other trusted businesses or partners to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. These third parties include payment processors, such as financial institutions and their vendors and contractors that process transactions, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. It is our policy to only share Personal Data with contractors, service providers and other third parties who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. Under certain circumstances, you may avoid having us share your information with our business partners and vendors by not granting us permission to share your information. Not granting us permission to share your information with our business partners or vendors may limit your access to their services through the Sites. We do not share personal data with third parties for their own marketing purposes.
For Legal Reasons. We will share Personal Data with companies, organizations or individuals outside of AGI if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Use, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of AGI, our Users or the public as required or permitted by law.
We attempt to notify Users about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
Business Transfers. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, Personal Data about our users is often a transferred business asset. In the event that AGI itself or substantially all of our assets are acquired, Personal Data about our users may be one of the transferred assets.
Aggregate Site Use Information. We may share aggregate and anonymized/pseudonymized Personal Data to third parties in order to promote or describe use of the Sites, for research, marketing, advertising, or similar purposes.
Other Uses and Disclosures
We will not sell, license, transmit or disclose this information outside of AGI unless except:
- If you expressly authorize us to do so
- If it is necessary to allow our trusted service providers, affiliates, vendors, or agents to provide services for us
- In order to provide our responses, products, or services to you
- It is disclosed to entities that perform marketing services on our behalf or to other entities with whom we have joint marketing agreements
- It is necessary for our legitimate business purposes, including fraud prevention and monitoring, product and service development and improvement, internal marketing purposes, and operations
- In connection with a sale of all or substantially all of the assets of AGI or the merger of AGI into another entity or any consolidation, share exchange, combination, reorganization, or like transaction in which AGI is not the survivor
- Protect the rights, property, safety, operations, and privacy of our customers, ourselves, our affiliates, or others
- Required or permitted by applicable law, such as to comply with legal requirements and respond to requests from government authorities (including laws and authorities outside your state or country); and.
- An IP address is a unique identifier that certain electronic devices use to identify and communicate with each other on the Internet. In addition, devices used to access the Internet often carry unique device identifiers, information about browser types, and operating systems. When you visit our Websites, we may collect the IP address, unique device identifier, and other information relating to the device you use to connect to the Internet. We use this information to determine the general physical location of the device and understand from what regions of the world the visitors to the Websites come. We also may use this information to enhance the Websites.
Your Failure to Provide Personal Data
Your provision of Personal Data is required in order to use certain parts of our services and our programs. If you fail to provide such Personal Data, you may not be able to access and use our Services and/or our programs, or parts of our Services and/or our programs.
Our Retention of Your Personal Data
We may retain your Personal Data for a period of time consistent with the original purpose for collection. For example, we keep your Personal Data for no longer than reasonably necessary for your use of our programs and Services and for a reasonable period of time afterward. We also may retain your Personal Data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
Your Choices and Accessing, Updating or Deleting Your Personal Data
Whenever you use our services, we aim to provide you with choices about how we use your personal data. We also aim to provide you with access to your Personal Data. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, you may obtain a copy of personal data we maintain about you or you may update or correct inaccuracies in that information by contacting us. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information. In addition, if you believe that personal data we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the How to Contact Us section below.
European Users’ Rights with Respect to Personal Data
Some data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”), provide you with certain rights in connection with Personal Data you have shared with us. If you are resident in the European Economic Area, you may have the following rights:
- The right to be informed. You are entitled to be informed of the use of your Personal Data. This Privacy Policy provides such information to you.
- The right of access. You have the right to request a copy of your Personal Data which we hold about you.
- The right of correction: You have the right to request correction or changes of your Personal Data if it is found to be inaccurate or out of date.
- The right to be forgotten: You have the right to request us, at any time, to delete your Personal Data from our servers and to erase your Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of your Personal Data will likely impact your ability to use our services.
- The right to object (opt-out): You have the right to opt-out of certain uses of your Personal Data, such as direct marketing, at any time.
- The right to data portability: You have the right to a “portable” copy of your Personal Data that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your Personal Data stored on our servers / IT environment to another service provider’s servers / IT environment.
- The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
- The right to lodge a complaint with a supervisory authority.
To make such a request you may Contact us using the contact information below, and we will consider your request in accordance with applicable laws.
Changing or Deleting Your Information
You may update or correct information about yourself by submitting a request through the form at the bottom of this page. If you completely delete all such information, then your account may become deactivated. We may retain an archived copy of your records as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements or for other legitimate business purposes.
We may contact you to request that you update your Personal Data on a regular basis to ensure its integrity for the purposes of ongoing data management.
Our Opt-In / Opt-Out Policy
By providing an email address on the AGI Sites, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any service related notices, or to provide you with information about our events, invitations, or related educational information.
For purposes of this Privacy Policy, “opt-in” is generally defined as any affirmative action by a user to submit or receive information, as the case may be.
We currently provide the following opt-out opportunities:
- At any time, you can follow a link provided in offers, newsletters or other email messages (except for e-commerce confirmation or service notice emails) received from us to unsubscribe from the service.
- At any time, you can contact us through privacy@acehotel.com or the address or telephone number provided below to unsubscribe from the service and opt-out of our right per your consent under the terms of this Privacy Policy to share your Personal Data.
- You may update or correct information about yourself by submitting a request through the form at the bottom of this page.
Notwithstanding anything else in this Privacy Policy, please note that we always reserve the right to contact you in the event of a change in this Privacy Policy, or to provide you with any service related notices.
Social Media Platforms and Websites
Any information, communications or material of any type or nature that you submit to our Websites (including, but not limited to any AGI website contained on a social media platform or website such as Facebook or Twitter) by email, posting, messaging, uploading, downloading, or otherwise (collectively, a “Submission”), is done at your own risk and without any expectation of privacy.
AGI is not responsible for any content or Submissions contained on such sites and platforms. By visiting any AGI website that is contained on a social media platform or website, you are representing and warranting to AGI that you have reviewed the applicable privacy policy and terms of use of that platform or website and that you will abide by all such provisions contained therein.
Additionally, in the event that AGI offers a message board or any other interactive or social-type feature on a website administered directly by AGI, please be aware that these platforms may allow you to publicly post and share information with other users. Although AGI may take certain precautions to protect those who use these areas of an AGI website, we warn against giving you should not give out any personal data in such public forums as we cannot guarantee the privacy that information will not be private and safety of these areas and may not be monitored and is not guaranteed, and we therefore cannot be responsible for any misused information you choose to post. Your use of these features is fully at your own risk.
Third Party Links
The Websites may contain links to webpages operated by parties other than AGI. We do not control such websites and are not responsible for their contents or the privacy policies or other practices of such websites. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators.
Further, it is up to the User to take precautions to ensure that whatever links the User selects or software the User downloads (whether from this Site or other websites) is free of such items as viruses, worms, trojan horses, defects and other items of a destructive nature. These websites and services may have their own privacy policies, which the User will be subject to upon linking to the third party’s website. AGI strongly recommends that each User review the third party’s terms and policies.
International Transfer
We are committed to complying with applicable laws, regulations and mandatory government standards regarding the protection of Personal Data.
Since we are a global organization, Personal Data and any additional information submitted may be used globally in connection with employment, business processes within AGI, or communicating with our clients. Therefore, Personal Data may be transferred to other AGI entities worldwide, where it will be processed in accordance with this Privacy Policy and laws that are applicable in each country. Countries where we process data may have laws which are different, and potentially not as protective, as the laws of your own country.
If we transfer your Personal Data out of your jurisdiction, we will implement suitable safeguards and rely on legally-provided mechanisms to lawfully transfer data across borders to ensure that your Personal Data is protected.
Confidentiality and Security
+We restrict access to personal data collected about you at the Websites to our employees, personnel and those of our affiliates’ employees, and to others who need to know that information to provide services to you or to us, or in the course of conducting our normal business operations.
+While no website can guarantee security, we maintain reasonable and appropriate physical, electronic and procedural safeguards intended to protect your personal data collected via the Websites.
+We maintain administrative, technical and physical safeguards designed to protect the User’s Personal Data and information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account technological reality, cost, the scope, context and purposes of processing weighted against the severity and likelihood that the processing could threaten individual rights and freedoms. For example, we use commercially reasonable security measures such as encryption, firewalls, and Secure Socket Layer software (SSL) or hypertext transfer protocol secure (HTTPS) to protect Personal Data.
+We advise all AGI employees about their responsibility to protect customer data and we provide them with appropriate guidelines for adhering to our company’s business ethics standards and confidentiality policies.
+If we collect account information for payment or credit, AGI will use the information only to complete the task for which the account information was offered.
Children
The Site is not intended for use by children. We do not intentionally gather Personal Data about visitors under the age of 16, and we request that they not provide Personal Data through the Services. If a child has provided us with Personal Data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 16, please contact us at privacy@acehotel.com. If we learn that we have inadvertently collected the personal data of a child under 16, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.
Direct Marketing and “Do Not Track” Signals
The California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. We do not disclose personal data to third parties for the third parties’ direct marketing purposes. To request the above information, please e-mail us at: socialmedia@acehotel.com or write to us at: Attention: Meriem Soliman, Ace Group International LLC, 7 West 30th Street, 12th Floor, New York, NY 10001, with a reference to California Disclosure Information.
AGI does not track its users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.
Changes to Our Website Privacy Notice
We may change this Privacy Notice at any time and from time to time. The most recent version of the Notice is reflected by the version date located at the top of this Notice. Your use of the Services following these changes means that you accept the revised Privacy Notice. This Notice is not intended to and does not create any contractual or other legal right in or on behalf of any party.
Revisions:
03, 2017
May 25, 2018
How to Contact Us
If you have any specific questions about this Privacy Policy, you can contact us via email or writing to us at the address below:
privacy@acehotel.com
646.559.0076
Ace Group International LLC
7 West 30th Street, 12th Floor
New York, NY 10001