Privacy Policy

Privacy Policy

VIRGIN HOTELS PRIVACY NOTIFICATION

Effective Date: October 14, 2020

This Privacy Policy describes the privacy practices that Virgin Hotels, LLC (“Virgin Hotels” or “us” or “we”) follows. It sets out how we collect and use information about guests, visitors and any other individual or entity (“you”), why we use it, when we share it, the rights to which you may be entitled, your choices about our use of your information and what we do to protect it.

This Privacy Policy covers our use of personal information when you use our website (www.virginhotels.com), Virgin Hotels mobile applications, our WiFi network, various systems at our properties and restaurants, in-room systems, and any other channel or mobile feature that we operate, make a booking with us, join our mailing list or are otherwise in contact with us (collectively, the “Site“) and when you visit/stay as a guest at one of our properties, purchase related services and interact with us offline (collectively, the “Services“). This Privacy Policy will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party including strategic business partners.

We ask that you please read this Privacy Policy. If you have any questions about this Privacy Policy you can contact us at privacy@virginhotels.com or by calling 1-833-217-8626.

Sections of this Privacy Policy only apply to the collection, use and disclosure of personal information that is subject to data privacy laws applicable in the European Union (including, in particular, the General Data Protection Regulation (“GDPR“)) and/or applicable in the United Kingdom (such laws collectively referred to in this Privacy Policy as “European data protection laws“).  Where this is the case the relevant individuals whose personal information are subject to European data protection laws are referred to in this Privacy Policy as “Europeans“.  Virgin Hotels is the data controller of personal information of our European guests and visitors accessing the Services.

European California and Nevada residents should also review the Privacy Policy Supplements for European, California and Nevada Residents at the end of this policy.

Capitalized terms used but not defined in this Privacy Policy have the definitions provided in our Terms & Condition (located at https://virginhotels.com/terms-and-conditions/). Provisions within the Terms & Conditions may affect this Privacy Policy with respect to your use of the Site so please review the Terms & Conditions prior to using the Site.

Table of Contents:

1. COLLECTION OF PERSONAL INFORMATION

2. EXTERNAL LINKS

3. HOW WE USE YOUR INFORMATION

4. OUR INFORMATION SHARING PRACTICES

5. YOUR RIGHTS WHEN WE PROCESS YOUR PERSONAL INFORMATION

6. ACCESSING AND UPDATING YOUR PERSONAL INFORMATION

7. SAFETY AND INFORMATION SECURITY MEASURES

8. MARKETING CHOICES

9. NOTICE TO USERS OUTSIDE THE UNITED STATES

10. MINOR CHILDREN

11. CHANGES TO THIS PRIVACY POLICY

12. PRIVACY QUESTIONS AND CONTACT INFORMATION

Privacy Policy Supplements for European, California, and Nevada Residents

European Union and United Kingdom Residents

Our Legal Basis for Collecting Personal Information

Rights and Choices for Europeans

Exercising Your Rights

Data Retention

California Residents

Information We Share

We Do Not Sell Personal Information As Such Activity Would Be Defined Under CCPA

Rights and Choices for California Guests and Site Users

Exercising CCPA Rights

Our Response to Your Request

California Shine the Light Law

Nevada Residents

1. Collection of Personal Information

1.1 THE INFORMATION WE COLLECT.

We collect data about you to provide the services you request on the Site and the services offered to you as a guest or visitor at Virgin Hotels locations, ease your navigation on the Site, communicate with you, and improve your experience using the Site and Services. Some of this information is provided by you directly to us, such as when you create an account. Some of the information is collected through your interactions with the Site or third party booking engines, websites, and property management services. We collect such data using technologies like cookies and other tracking technologies, error reports, and usage data collected when you interact with our Site.  Some more information about the use of cookies and other similar technologies can be found in our Cookie Notice. Some of the information is collected from your use of, and interactions with, us and others on social media including, but not limited to, Facebook®, Instagram®, Twitter®, Linked®, and YouTube® (collectively “Social Media”).

The data about you we collect depends on the Site and Services and features thereof that you use and the other services from Virgin Hotels that you use, and includes the following:

1.2 Personal Information.

In general, we collect Personal Information that you submit to us in the process of creating or editing your account and profile on the Site or that you submit to us voluntarily through your use of the Site or when you visit/stay as a guest at one of our properties, purchase related services and interact with us offline. Information that identifies, relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular consumer or household is “Personal Information.”

In some instances, you may provide to us Sensitive Personal Information or Special Categories of Personal Data as defined by the privacy laws in some countries (together “Sensitive Personal Information“).  The specific categories may vary between countries but for Europeans this means personal information from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information including physical or mental health condition, medical treatment, genetic data, biometric information, and information about an individual’s sexual life or sexual orientation. We only process Sensitive Personal Information to the extent permitted by applicable law. Generally you are not required to provide Virgin Hotels with any of your Sensitive Personal Information, and, unless required by law or for the purposes of health and safety, choosing not to do so will not prevent you from purchasing any Services from Virgin Hotels. We do not generally collect Sensitive Personal Information unless it is volunteered by you. For example, we may use health information provided by you to serve you better and meet your particular needs, such as for the provision of disability access.

Personal Information does not include information that has been de-identified or otherwise made anonymous or information that has been aggregated such that it is no longer possible to identify any specific individual.

The Personal Information which we collect includes, but is not limited to, the following circumstances and data elements:

We may obtain both personal and non-personal information about you from business partners, contractors, suppliers, and other third parties and add it to your account information or other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across the Site, with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.

1.3 Automatically Collected Usage and Device Information.

Similar to other websites, we use cookies and other similar technologies (such as tags, pixels, web beacons, web bugs, JavaScript, device IDs) to automatically collect certain technical information from your web browser, mobile, or other device when you visit our Site. This data may include, but is not limited to, your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time of your visits. Our collection of this data, described in more detail below and in our Cookie Notice, allows us to provide more personalized high-quality services to you and to track usage of the Site.

    A. Cookies.

We use cookies, among other things, to process the Personal Information mentioned above. Cookies are files that are stored on your computer’s hard drive and are accessed by our server when you visit the Site. We use cookies for the purposes set forth in this Privacy Policy and for the preservation of our legitimate interests, to provide a service that is requested by you and, where applicable, on the basis of your consent. For more information about our use of cookies, including details on how to opt-out of certain cookies, please see our Cookie Notice.

    B. Other technologies (aka tags/pixels/web beacons/web bugs/java script).

These technologies may be used for the same purposes as cookies and stored on your hard drive until they expire. These technologies are used to enhance your experience and gather usage and performance data. For example, we may use pixels to automatically record certain technical information about your interactions when you visit the Site or otherwise engage with us, to help deliver cookies on our Site, or count users who have visited the Site. We may also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. “Pixels” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements and related information of Site users. Unlike cookies, which are stored on a user’s computer hard drive, pixels are embedded invisibly on web pages or in HTML-based emails. The data we receive through pixels allows us to effectively promote the Site to various populations of users, and to optimize external advertisements about the Site that appear on third-party websites. For more information, please see our Cookie Notice. As with cookies, we use these technologies for the preservation of our legitimate interests, to provide a service that is requested by you and, where applicable, on the basis of your consent.

    C. Third Party Analytics Providers.

Cookies and other technologies we use include Google Analytics and other third party analytics providers (“Analytics Providers”). We use these to collect information about Site usage and the users of the Site. Analytics Providers use Cookies in order to collect demographic and interest-level information and usage information from users that visit the Site, including information about the pages where users enter and exit the Site and what pages users view on the Site, time spent, browser, operating system, and IP address. Cookies allow Analytics Providers to recognize a user when a user visits the Site and when the user visits other websites. Analytics Providers use the information they collect from the Site and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit the Site and other websites and purchase items. For more information regarding Google’s use of cookies, and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout). For more information about the use of third party Cookies and other similar technologies can be found in our Cookie Notice.

1.4 Location Information.

We collect precise geolocation data from you or your device, as well as your address information, e.g., billing address, when you set up your account and order our services. We also collect and use information about your general location (e.g., your state of residence) and can infer your approximate location based on your IP address in order to track our general Site usage or to tailor any pertinent aspects of your user experience to the region where you are located.

If you grant us access to your location in our mobile application, Lucy, we may collect information about your location. Your location can be determined by: GPS, IP address, and information about things near your device, such as Wi-Fi access points and cell towers. When you use our Services via a wireless device, we may solicit your permission to collect your location data. Some features within our Sites may only function upon confirmation of your location, and therefore such features will not be available if you choose not to provide your location data to us. The specificity of the location data collected may depend on a number of factors, including the device you are using (e.g. laptop, smartphone or tablet) and how you are connected to the Internet (e.g., via cable broadband connection, WiFi). If you enable location services for our mobile application or other Sites, we may collect location data periodically as you use or leave open our mobile application. We may associate such location data with Personal Information you provide to us. Depending on the platform you use to access our mobile application and other Sites (e.g., Apple’s iOS, Google’s Android), you may be able to control whether location data is collected from within “Settings” or other controls on your wireless device or the mobile application.

1.5 User Contributions.

You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Site or transmitted to other users of the Site or third parties, including, for example, third party websites and services like Social Media that are integrated into or linked to the Site (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Site or third parties with whom you may choose to share your User Contributions. Such third parties may have their own policies and terms that apply to your User Contributions, and we are not responsible for any third party’s policies or terms. We cannot and do not guarantee that unauthorized persons will not view your User Contributions.

1.6 Social Media.

If you interact with us or our other users regarding Virgin Hotels and its products and services on any Social Media: (a) the Personal Information that you submit by and through such Social Media can be read, collected and/or used by us (depending on your Social Media privacy settings) as described in this Privacy Policy, and (b) where Virgin Hotels responds to any interaction with you on Social Media, your account name/handle may be viewable by any and all members or users of Virgin Hotels’ Social Media accounts. We are not responsible for the Personal Information that you choose to submit or link on any Social Media. Social Media operates independently from Virgin Hotels, and we are not responsible for Social Media interfaces or privacy or security practices. We encourage you to review the privacy policies and settings of any Social Media with which you interact to help you understand their privacy practices. If you have questions about the security and privacy settings of any Social Media that you use, please refer to the applicable privacy notices or policies.

1.7 Advertising.

We use third party service providers to serve advertisements or collect data on our behalf across the internet and on this Site (“Advertisers”). Some of these Advertisers may collect your Personal Information about your Site visits and your interactions with our products and services to tailor marketing messages on other sites, or to trigger real-time interactions, customize the Site, or enhance your profile (also referred to as “online behavioral advertising” or “interest-based advertising”).  If you would like more information about Advertisers’ practices, please see http://optout.aboutads.info/#!/. You may find more information about entities involved in online advertising and additional choices you may make, including opt-out of having your information used for internet-based advertising, through the Digital Advertising Alliance (the “DAA”) at the DAA consumer choice service. The tools provided at the DAA opt-out page are provided by third parties, not Virgin Hotels. Virgin Hotels does not control or operate these tools or the choices that advertisers and others provide through these tools. For more details on this technology and for details of how you may be able to opt-out of the use of your information for this purpose see our Cookie Notice.

2. EXTERNAL LINKS.

The Site contains links to third party websites and services, including links to Social Media. We are not responsible for any of the content or features or functionality of other linked websites or services. We are also not responsible for the privacy practices and the terms and conditions of use for any external websites or services. The linked websites and services may collect Personal Information from you that is not subject to our control. The data collection practices of linked third party websites and services will be governed by that third party’s privacy policy and terms of use.

3. HOW WE USE YOUR INFORMATION.

3.1 General.

We may use or disclose the Personal Information identified above for one or more of the following business purposes (“Business Purpose”):

3.2 Account-Related Emails.

When you create an account with us and provide us with your email we may, subject to applicable law and, where necessary, obtaining your consent, use your email address to send you service-related notices (including any notices required by law, in lieu of communication by postal mail), updates, news, and marketing messages. For example, when you register, you will receive a welcome email. If the Site or our services are temporarily unavailable, we may also send you an email.

Email communications you receive from us will generally provide an unsubscribe link or instructions allowing you to opt out of receiving future emails or to change your contact preferences. If you have an account with us, you can also change your contact preferences by updating your contact information within your account settings. Please remember that even if you opt out of receiving marketing e-mails, we may still send you important service information related to your account and the Site. If you correspond with us by email, we may retain the content of your email messages, your email address, and our responses.

3.3 Non-Personally Identifiable Information.

We may use non-personally identifiable information, such as anonymized and/or aggregated website usage data, in any manner that does not identify individual users for the purpose of improving the operation and management of the Site, including to develop new features, functionality, and services, to conduct internal research, to better understand Site usage patterns. Any non-personally identifiable information that is combined with Personal Information will be treated by us as Personal Information.

4. OUR INFORMATION SHARING PRACTICES.

When we disclose Personal Information for a Business Purpose, we ensure we have an appropriate legal basis for such disclosure and, where necessary under applicable law, enter into a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and use only for performance of the contract, and not for any other purpose. We share or make your information available, including any Personal Information, in the circumstances described below.

We disclose your Personal Information for a Business Purpose to the following categories of third parties:

4.1 Legal Requirements.

We reserve the right to disclose all information collected via the Site, internally, to affiliates, or to third parties, for any lawful purpose or to prevent harm to us or others. For example, and without limitation, in our discretion, we may disclose information to government regulators, law enforcement authorities or alleged victims of identity theft. We will notify you in the event of a government or legal request for your information unless otherwise prohibited by law.

4.2 Organizational Transitions.

If we should ever transfer or restructure the operational ownership of the Site, such as through a merger with another entity or a reorganization of all or a part of our operational responsibilities or assets, we may disclose, transfer, assign our rights, and/or delegate our duties to your information without notice and consent, including to prospective or actual recipient or acquiring entities. Should this occur, we will require any third party receiving your Personal Information as described under this subsection to be contractually required to provide the same level of privacy compliance as provided by us under this Privacy Policy.

4.3 Disclaimer.

We cannot ensure that all of your Personal Information will be disclosed only in the ways described in this Privacy Policy. For example, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your Personal Information that they collect from the Site. Even with the most rigorous information security standards, no transmission of data over the internet can be 100% secure.

5. YOUR RIGHTS WHEN WE PROCESS YOUR PERSONAL INFORMATION.

You may have certain rights relating to your Personal Information, subject to local data protection law. Whenever you choose to be a guest or visitor at one of our managed properties, we aim to provide you with choices about how we use your Personal Information. Subject to applicable law, you may obtain a copy of Personal Information we maintain about you. In addition, if you believe that Personal Information we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the “Privacy Questions and Contact Information” section below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.

You can choose not to provide Personal Information. If you choose not to provide certain Personal Information to us, some of your experiences may be affected (e.g., we cannot take a reservation without your name and contact information).

The rights that you may enforce as described in this section may vary depending on the jurisdiction in which you reside. Please review the Privacy Policy Supplement for European, California and Nevada Residents for more information on your rights and how to exercise your rights. Certain information contained in our Privacy Policy Supplement for California Residents, where indicated, applies solely to all visitors, users, and members identified as consumers under the California Consumer Privacy Act of 2018 (CCPA). We adopt this CCPA notice to make you aware of our obligations and your rights under the CCPA.

You may submit a request to exercise your rights to know, access, or delete your Personal Information by contacting us as described in the “Privacy Questions and Contact Information” section or by following the instructions listed in the Privacy Policy Supplement for European, California and Nevada Residents.

5.1 Online Tracking Choices.

Most web browsers are initially set up to accept Cookies, but you can reset your browser to refuse Cookies or to indicate when a Cookie is being sent. However, some features and services in the Site (particularly those that require sign-in) may not function properly if your Cookies are disabled. Similarly, if you choose to delete session objects from the Site, you may not be able to access and use all or part of the Site or benefit from some or all of the information or features and services offered. For more information on how we use Cookies, please see our Cookie Notice.

Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have the user’s online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about that browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operations, including the Site, do not respond to DNT signals.

6. ACCESSING AND UPDATING YOUR PERSONAL INFORMATION.

We do not review for accuracy or update your information regularly, but encourage you to access, review and update your Personal Information at any time. To request a copy of your Personal Information and data or for assistance regarding canceling your account, or deleting your Personal Information, contact us at privacy@virginhotels.com, by calling 1-833-217-8626, or by completing this form. We will respond to your request as soon as reasonably possible after verifying your authority to make such requests. Your requests for Personal Information deletion are subject to Section ‎5 of this Privacy Policy above and we will delete your Personal Information within a reasonable time.

7. SAFETY AND INFORMATION SECURITY MEASURES.

7.1 Security.

We use certain physical, managerial, and technical safeguards designed to preserve the security of your information that we maintain in connection with your use of the Site. For example, we encrypt all data with secure sockets layer (SSL) or similar technologies when we transmit your data. This, however, does not guarantee that your information may not be accessed, disclosed, altered, or destroyed by any breach of our physical, technical or managerial safeguards. In the event that any of your Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and will notify you, as appropriate, in accordance with pertinent laws and regulations.

7.2 Data Retention.

We retain Personal Information about you for the length of time necessary to fulfill the purpose for which that information was collected or as required or permitted by law. When we delete your Personal Information, we follow a deletion process to safely remove it from our services or retained only in anonymized form. European Union and United Kingdom guests can read more about our data retention practices in the Privacy Policy Supplement for European Union, United Kingdom, California, and Nevada Residents.

8. MARKETING CHOICES

By providing an email address on a Site, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any service related notices, or to provide you with information about our hotels and Services.  We generally define “opt-in” as any affirmative action by a User to submit or receive information. We generally define “opt-out” as an action by a User to unsubscribe from receiving information. We currently provide the following opt-out opportunities:

Notwithstanding anything else in this Privacy Policy, please note that we always reserve the right to contact you in the event of a change in this Privacy Policy, or to provide you with any service related notices. You have the right to be free from discrimination based on your exercise of any of your rights under applicable law. We will not discriminate against you by providing a different level or quality of services, charging different prices, or imposing penalties.

9. NOTICE TO USERS OUTSIDE THE UNITED STATES.

Please be aware that we are headquartered in the United States. The Site is governed by United States law. If you are using any of our products or services from outside of the United States, your information may be transferred to, stored, and processed in the United States where our servers may be located. The United States might not offer the same level of privacy protection as the country where you reside or are a citizen.

Your Personal Information will only be transferred to the United States or other jurisdiction outside the EEA and UK if there is a safeguard in place to ensure an appropriate level of data protection for your Personal Information.

10. MINOR CHILDREN.

Our website is not intended for children under 18 years of age. We do not intentionally gather Personal Information about individuals who are under the age of 18.  If a child has provided us with Personal Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 18, please contact us at privacy@virginhotels.com.

11. CHANGES TO THIS PRIVACY POLICY.

Because our privacy practices and privacy law necessarily evolve over time, we reserve the right to revise this Privacy Policy from time to time in our sole discretion, upon notice to you such as by posting updated Privacy Policy on the Site, sending you an email to your account email, or by any other reasonable means. You should periodically review this Privacy Policy to ensure that you are familiar with the most current version. Your continued use of the Site after the Effective Date posted above will constitute your acceptance of the updated Privacy Policy.

12. PRIVACY QUESTIONS AND CONTACT INFORMATION.

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your information described in this Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under the applicable law in your jurisdiction, please do not hesitate to contact us at:

Phone: 1-833-217-8626

Web Form: Click here

E-mail: privacy@virginhotels.com

Mailing Address:  Virgin Hotels, 3390 Mary Street, Suite 218, Miami, FL  33133, U.S.A.

 

Privacy Policy Supplements for European, California, and Nevada Residents

EUROPEAN UNION RESIDENTS

Our Legal Basis for Collecting Personal Information.

Whenever we collect Personal Information from you or otherwise process Personal Information about you, we do so on the following legal bases:

  1. Your consent to such collection and use (for example, in some jurisdictions, we may need your consent in order to process your Personal Information for direct marketing activities, when using technology such as cookies or when processing your dietary requirements);
  2. Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Services;
  3. Our legitimate interest, including but not limited to the following circumstances where collecting or using Personal Information is necessary for:
    • Intra-organization transfers for administrative and other legitimate business purposes;
    • Product development and enhancement, where the processing enables Virgin Hotels to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our visitors and guests, and to better understand how people interact with our Sites;
    • Fraud detection and prevention;
    • Defence or establishment of legal claims;
    • Enhancement of our, our employees and third parties’ (such as guests) security (including cybersecurity, including improving the security of our network and information systems);
    • General business operations and diligence (for example, to develop and maintain relationships with vendors, partners and other organizations and dealing with individuals who work for them); and
    • Providing our products and services to you,

provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.

  1. Out of necessity to comply with a legal obligation: for example, we may need to disclose your data to a law enforcement agency;
  2. Out of necessity to protect your or other individuals’ vital interests: in exceptional circumstances (for example, health related emergencies), we may need to disclose your information to third parties (for example, healthcare providers).

Where we are using your Sensitive Personal Information, we will only do so if required by law, for the purposes of health and safety, or on the basis of your explicit consent (where such consent is required under applicable laws).

Rights and Choices for Europeans

Europeans and those persons who reside in the European Economic Area may have rights under European data protection laws. These rights are summarized below. These rights are not applicable in all circumstances and exemptions may apply.

These rights include the following:

Exercising Your Rights.

To exercise your rights described above, please submit a verifiable request to us by sending us an e-mail at privacy@virginhotels.com or by completing and submitting a web form located here.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable request does not require you to create an account with us. We will only use Personal Information provided in a verifiable request to verify the requestor’s identity or authority to make the request.

If you request to exercise your rights under European data protection laws, we will respond to your request within one month of its receipt (or within three months of its receipt at the latest, if we require more time and such extension is permitted European data protection laws).

We may require more time in particular where we have received a large number of requests or complex requests. In such cases, we will inform you of the reason and extension period in writing.

We will deliver our written response electronically (unless you request otherwise). Your rights will be exercisable subject to limitations as provided for by European data protection laws. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a reasonable cost estimate before completing your request.

Data Retention.

We retain your personal data for as long as necessary for the purpose for which they were initially collected, to carry out legitimate business interests, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). After expiry of the applicable retention periods, your Personal Information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

The criteria we use to determine the retention period is as follows:

These criteria may also mean we adjust the period of time we retain the categories of Personal Information detailed above.

CALFORNIA RESIDENTS

Information Collected About Californians.

In the past twelve (12) months, we have obtained the following categories of Personal Information from California users.

 

Category Personal Information Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number. YES
B. Personal Information (including, in respect of individuals in the United States, the categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. YES
C. Protected classification characteristics under California, federal law. Physical or mental disability, sex (including gender, gender identity. YES
D. Commercial information. Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, such as food and beverage orders and preferences, room preference. YES
E. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES
F. Geolocation data. Physical location or movements. YES
G. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
H. Professional or employment-related information. Current or past job history or performance evaluations. YES
I. Inferences drawn from other Personal Information. Profile reflecting a person’s preferences for hotels and travel destinations. YES

 

We obtain the categories of Personal Information listed above from the sources listed in Section 1, “The Information We Collect” of our Privacy Policy, and as summarized by category below:

We use your Personal Information in ways that are consistent with the purposes for which it was collected or authorized by you, including those purposes listed in Section 4, “How We Use Your Personal Information” of the Privacy Policy.

Information We Share.

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for one or more business purposes:

We obtain the categories of Personal Information listed above from the categories of sources listed in Section 1, “The Information We Collect” of our Privacy Policy.

We Do Not Sell Personal Information As Such Activity Would Be Defined Under CCPA.

In the preceding twelve (12) months, we have not sold Personal Information.

Rights and Choices for Californians.

The CCPA provides California residents with specific rights regarding their Personal Information. This section describes those rights and explains how Californians may exercise those rights.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the Personal Information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  7. Comply with a legal obligation and any instructions from courts of lawful jurisdiction.
  8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising CCPA Rights.

This section explains how California residents can exercise their rights. To exercise your rights under the CCPA to access, data portability, and data deletion as described above, please submit a verifiable consumer request to us by either:

Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Our Response to Your Request.

Upon receiving your request, we will confirm receipt of your request by sending you an email confirming receipt. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete Personal Information, we may first separately confirm that you would like for us to in fact delete your Personal Information before acting on your request.

We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the Services you have requested. Where this is the case, we will inform you of specific details in response to your request.

California Shine the Light Law.

California Civil Code § 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed Personal Information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to privacy@virginhotels.com. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response.

NEVADA RESIDENTS

We Do Not Sell Personal Information As Such Activity Would Be Defined Under Nevada Privacy Law.

As a Nevada resident, you may request that we stop selling certain categories of Personal Information that we collect. We have not sold Personal Information of our guests or Site users as contemplated by NRS Ch. 603A, Sec. 2(2)).