Privacy Policy

Extended Stay America Privacy Policy
Last Updated: June 24, 2020

IINTRODUCTION

Extended Stay America, Inc. and our subsidiaries (collectively, “Extended Stay America”, “we”, “us” or “our”) respects the privacy concerns of our hotel guests (“Hotel Guests”), of the visitors to our websites at www.extendedstayamerica.com and other websites offered by us that link to this Privacy Policy (each a “Site”), and of the users of the software applications that we offer for use on or through computers and mobile devices that reference or link to this Privacy Policy (each an “App”) (the Sites and Apps collectively, the “Services”, and the users of our Services, the “Users”). This policy also sets forth our practices for obtaining personal information from other sources, such as written or verbal communications or information collected at a hotel.  This privacy policy (“Privacy Policy”) describes our practices regarding any personal information we may receive related to our Hotel Guests and our Users. 

We do not control the collection, use, or access of your information by the Franchised Hotels (as defined in II.D. below) and their staff. The Franchised Hotel is the merchant who collects and processes credit card information and receives payment for your stay. The Franchised Hotels are subject to the merchant rules of the credit card processors they select, which establish credit card security rules and procedures.

By staying at one of our properties or by accessing or using a Service, you are acknowledging that you have read and understood this Privacy Policy. If you do not agree with or consent to the terms of this Privacy Policy, please refrain from staying at one of our properties or using the Service, or if you are already using the Service, please immediately discontinue your use of the Service. 

For purposes of this Privacy Policy, “personal information” is non-public information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include aggregated, de-identified, or anonymized information.

II. HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION

We may collect personal information from our Hotel Guests and Users in different ways and for different purposes.  For example, if you are a Hotel Guest, we may collect personal information from you to process a reservation in our network of hotels or if you elect to participate in our hotel rewards program. If you are a User of our Sites or Apps, we may collect personal information from you if you create an account with us through the Services or if you send us a message through the Services.

The tables below describe the categories of personal information we may collect about you or may have collected about you in the twelve months prior to the date of this Privacy Policy, the sources from which we may collect or may have collected that personal information, the purposes for which we may use or may have used that personal information, and the third parties with whom we may share or may have shared that personal information.  It is important to note that the types of personal information we collect will depend on your interaction with us, including whether you are a Hotel Guest or a User and the types of Services that you use. Please note if you are a Hotel Guest and also use our Sites and/or Apps, then the information in both tables below may apply to you.

   A. Personal Information Collected from Our Hotel Guests

Collection and use

   · Contact Information, such as customer’s name, phone number, email address, mailing address

   · Financial Information, such as the customer’s credit card information

   · Stay Preferences

   · Reservation Record, such as reservation or folio

   · Comments or Feedback, such as comments or feedback relating to Services or stay at hotel

   · Group Membership, such as association number (e.g., AAA), corporate account number or        group booking number

   · Recordings, such as video, photo, and audio data captured on phone calls or in public areas of hotels for security purposes

Sources

   · Direct from Customer

   · Management and/or Owners of Franchise Property

   · Call Center

   · Corporate/National Account Administrators

   · Web Lead Generation Partners

   · Online Travel Agencies

 Sale

   · Perform analytics in order to provide you with personalized offers and content and improve business operations

   · Detect and prevent fraud

   · Process payment in order to provide requested services (e.g., facilitate reservation processing, including payment, check-in/check-out, provide WiFi/laundry/other incidentals)

   · Enable customer to view past and upcoming stays

   · Provide customer satisfaction surveys

   · Develop new goods or services, improving or modifying our services, evaluating our promotions and marketing

   · Security and protection

   · Fraud monitoring and loss prevention

   · Training

 Sharing

   · Management and/or owners of a franchise property

   · Online Travel Agencies

   · Corporate/national account administrators

   · Group booking point of contact

   · Payment processors

   · Customer experience, feedback, claims management, claims service providers

   · Marketing service providers

    BPersonal Information Collected from Users of Our Services

 Collection and use

   · Online Activity Information on the Sites and Apps, such as IP address, browser type, language preferences, referral sources, pages viewed on the Sites, and site usage statistics

   · Geolocation Data

   · App Usage Data

   · Device Data

 Sources

   · Directly from User’s use of the Site or App

   · Marketing service providers

   · Analytics service providers

   · Satellite, cell phone tower, WiFi signals, or other technologies

Sale

   · Providing User with the Services

   · Security and protection

   · Fraud monitoring and loss prevention

   · Improving or modifying our services, evaluating our promotions and marketing

   · Internal business purposes and regulatory compliance

   · To view room availability in nearby properties as requested

Sharing

   · Service providers (such as Adobe)

  CAdditional Information Regarding the Categories of Personal Information Collected

 The following provides more details regarding some of the categories of personal information described in the tables above:

  • Geolocation Data: We or our service providers may receive or infer information about your location from a variety of sources. For example, we may use your IP address to identify your general location or we may receive more precise location data from your mobile device (such as via GPS, wireless networks, cell towers, Wi-Fi access points). If you have enabled location information sharing while using the Site and/or the App actively or in the background, then your location information may be shared with our service provider in order to compare nearby offers.      We may use location data to analyze certain information, and to improve our Service and relevance of the information we provide to you via the Service. Before we collect this information via the App, you must affirmatively opt-in to our use of such information and you will have the option of sharing your location at different intervals (for example, indefinitely or just for a certain period of time). Please note that if you do not share your location information then you may not be able to redeem certain offers and the App may have very limited functionality. We may use your location information to enable us to better focus or advertising and marketing efforts and to better tailor your use of the Service to your unique interests and needs.
  • Cookie Data:  Whenever you visit or interact with a Site, we, as well as our service providers, may use assorted technologies that automatically or passively collect information about how the website is accessed and used, including by use of “cookies.” Cookies are pieces of information that are placed on an individual visitor’s hard drive for the purpose of keeping records. Cookies can enhance your online experience by personalizing your experience while visiting a particular website. We do use the cookie to help us identify website features and content which are of the greatest interest, so we will be able to enhance this website to provide you with a great web experience.
    You understand that you may have limited options with respect to your selection of cookie preference as we continue to update our Site and technology and cookies may not be able to be disabled. Please remember that cookies may help you take full advantage of the newest website features at this Site.
    Another tool that may be employed by us is a web beacon, pixel tag or similar technology. These tools help us determine various types of technical information. When you ask us to send you information on a promotion or via newsletters, web beacons may be used to determine how many of the emails sent were actually opened. Please note, however, that in general, most images viewed as part of a web page can be used as a web beacon. We are also likely to passively collect such other technical information as the IP address of your computer/mobile device and the type of browser that you are using.

   D. Additional Information Regarding the Categories of Sources from which Personal Information is Collected

The following provides more details regarding some of the categories of sources described in the tables above:

  • Franchisees: Hotels franchised under Extended Stay America’s brand (“Franchised Hotels”) are independently owned and operated. Your personal information collected or maintained directly by the Franchised Hotels is not subject to this policy, unless such information has been shared with us, in which case the policy only covers our collection, use, and maintenance of your personal information. If you book a reservation directly with a hotel and that hotel utilizes our property management system, your personal information related to that reservation will be transmitted to and processed by us.

We may use or disclose your personal information and other information we collect to the owners, managers and operators of our franchised hotels and owners of hotels that we manage but do not own that require access to your personal information for business purposes.

   E. Additional Purposes for the Collection or Use of Personal Information

In addition to the uses described in the tables above, Extended Stay America may also use or share personal information:

  • with our service providers that are providing services to us on our behalf
  • to comply with applicable laws and regulatory requirements, or as requested by government or regulatory authorities or law enforcement, including in response to a court order, subpoena, or request
  • with our attorneys, accountants and auditors
  • in connection with pending litigation
  • in connection with any legal investigation
  • in connection with a merger, divestiture, acquisition, restructuring, reorganization, dissolution, change of control, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred
  • to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity
  • to debug to identify and repair errors that impair existing intended functionality in the Services

There may also be times when we share aggregated information (that does not individually identify any particular person) with advertisers, business partners, subsidiary companies, affiliated companies, parent corporations, sponsors, joint venture partners and other third parties in an effort to customize or enhance the content and advertising of our website for future users or to improve our marketing and promotional efforts.

III. NO SALE OF PERSONAL INFORMATION

We have not sold or disclosed personal information about you to third parties in the twelve (12) months prior to the date of this Privacy Policy and will not sell personal information about you until further notice. If we change our practices in the future for any new information that we collect from you, we will notify you by updating this Privacy Policy.

IV. TRACKING; ANALYTICS PROVIDERS

We partner with certain third-party service providers to collect information to engage in analytics, auditing, research, and reporting.  These third parties may use server logs, tags, pixels, and similar technologies, and they may set and access cookies on your computer or other device.

In particular, we use Adobe Analytics and Adobe Marketing Cloud Device Cooperative solutions to help us understand how our customers use our websites and apps across all of their various compute devices (e.g. mobile phone, computer).  These Adobe services allows Extended Stay America to deliver tailored promotions to our customers, that benefits them most. You can read more about how Adobe Analytics uses your geolocation data here and opt out of the use of cookies in web browsers by Adobe Analytics by clicking here.  To learn more about the Adobe Marketing Cloud Device Cooperative service, click here; and to opt out of the service, click here.  We also use Google Analytics to help us identify and address search results for your local area and understand usage of our Services, which we use to improve and personalize the overall the Services experience for you. You can find out more about how to opt-out of our use of Google Analytics here.

We also partner with third parties to provide advertising services that are targeted based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices. They may collect such information using server logs, cookies, web beacons, tags, pixels, mobile advertising IDs (such as Facebook cookies or Google’s Advertising ID), cross-device linking, and similar technologies. For example, our advertising partners may use the fact that you visited our website to target advertising to you on other websites and mobile apps on your current device or on other devices you use. They may match your browsers or devices if you log into the same online service on multiple devices or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on websites or apps on your current browser or device may be combined and used with information collected from your other browsers or devices. You can opt out of interest-based advertising in web browsers and mobile apps on your current browser or device by following the instructions below.

For more information about interest-based advertising and cross-device linking, please visit the Adobe Target website. You may opt out of interest-based advertising and cross-device linking in web browsers and mobile apps on your current browser or device by following the instructions below. 

Please note that Adobe Target is the primary site personalization tool for esa.com and disabling Adobe Target could mean a substandard experience and lack of content. Please further note that the opt-out described above will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or mobile advertising identifiers, change browsers (including upgrading certain browsers), or use a different device, any opt-out cookie or tool may no longer work, and you will need to opt out again.

V. EXCLUSIONS

   A. Links to Other Sites

The Sites and Apps may contain links to websites owned or controlled by other companies. Extended Stay America is only responsible for our Sites and Apps that link to this Privacy Policy. We have no control over and are not responsible for the data collection and use practices and privacy policies on third-party websites that you may access from our Site or App. We do not guarantee the quality, content or availability of any third-party website to which a link may be provided. Any links are made available to you as a convenience, and you agree to use the links at your own risk. We encourage our users to be aware when they leave our Service and to read the privacy statements of any other site that collects personal information.

    BChildren’s Personal Information

WE DO NOT ALLOW INDIVIDUALS WHO WE KNOW ARE UNDER 18 TO PARTICIPATE IN OUR SERVICE WITHOUT A PARENT OR GUARDIAN PRESENT. YOU MUST BE AT LEAST 18 YEARS OLD OR THE APPLICABLE AGE OF MAJORITY TO USE OUR SERVICE. PLEASE REVIEW THIS PRIVACY POLICY WITH YOUR PARENT OR GUARDIAN IF YOU ARE UNDER 18. Please understand that we cannot necessarily tell if a user is providing us with his or her true age. If we become aware that we have unknowingly collected personal information from a child under the age of 18, we will make reasonable efforts to delete such information from our records right away.  If a child has directly provided us with personal information, a parent or guardian of that child may contact us to have the information deleted from our records. To do so, contact us through the information provided below in the “Contact Us” section.

VI. WHERE WE WILL TRANSFER YOUR PERSONAL INFORMATION

We are headquartered in the United States and this website is intended for a United States audience. If you are located outside of the United States, be advised that any information you provide to us will be transferred to and stored in the United States and to our service providers who may be located in other jurisdictions around the world, and that, by submitting information to us, you explicitly authorize its transfer and storage within the United States and other jurisdictions. We will protect the privacy and security of personal information according to this Privacy Policy regardless of where it is processed or stored. Do not provide us with personal information if you do not want your personal information to be transferred to the United States or to other jurisdictions, or if the laws in your country restrict these types of transfers.

VII.   SECURITY

Unfortunately, the transmission of information is not completely secure. We cannot guarantee the security of your personal information transmitted to the Service and any transmission is at your own risk. Once we have received your personal information, we will use reasonable efforts to implement procedures and security features to try to help prevent unauthorized access. However, due to the nature of evolving technologies, we cannot provide, and expressly disclaim, any assurance that the information you provide us will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.

VIII.  ACCESS TO YOUR PERSONAL INFORMATION AND “OPT OUT” PROCEDURES

To Update Your Contact Information:

  • If you want to update or correct your contact information with us, please contact us using the telephone number or email in the “Contact Us” section at the end of this Privacy Policy.
  • You may also use any “contact us” feature on www.extendedstayamerica.com or update contact information within any user account you maintain with us.

To Use App:

  • You can choose whether or not to allow the App to collect and use real-time information about your device’s location through your device’s settings
  • You can manage these preferences when the App is first launched or at a later stage by using the setting on your mobile device.
  • If you block the use of location information, the App may not function as intended and certain features may not be available to you.

To Sign Up for Promotional Emails:

  • In order to begin receiving promotional email communications from us, you must affirmatively opt-in to receive these kinds of communications.
  • If you elect to receive any promotional email communication from us, you will be given the option to “unsubscribe” from receiving further email communications from us if you wish to stop receiving these communications at any time, except with respect to emails relating to transactions (e.g., room or service bookings through the Service).
  • Your option not to receive promotional and marketing material will not preclude us from corresponding with you, by email or otherwise, regarding your existing or past business relationships with us, and will not preclude us from accessing and viewing your personal information in the course of maintaining and improving the Service.

IX. RIGHTS FOR CALIFORNIA CONSUMERS

The California Consumer Privacy Act of 2018 (“CCPA”) provides California consumers with certain rights with regard to their personal information. This Section explains those rights. If you are a California consumer and would like to exercise any of those rights under the CCPA, please see subsection E below for more information on how to submit a request. 

For purposes of this Privacy Policy, a “California consumer” is a natural person who resides in California, and does not include persons to the extent they are (i) acting as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit or government agency that is doing business with Extended Stay America or (ii) acting as a job applicant to, an employee of, owner of, director of, officer of, medical staff member of, or contractor of Extended Stay America.

   A. Right to Know About and Access Your Personal Information

If you are a California consumer, you may have the right to request that Extended Stay America provide you with information regarding what personal information about you we have collected, used, disclosed, or sold in the preceding twelve (12) months. Once we receive your request and verify your identity, we will disclose to you one or more of the following as requested:

o   The categories of personal information we have collected about you in the preceding twelve (12) months.

o   The categories of sources from which we collected your personal information in the preceding twelve (12) months.

o   The business or commercial purposes for collecting your personal information in the preceding twelve (12) months.

o   The categories of third parties with whom we shared your personal information in the preceding twelve (12) months.

o   The specific pieces of personal information we collected about you in the preceding twelve (12) months.

 B. Right to Delete Your Personal Information

If you are a California consumer, you may have the right to request that Extended Stay America delete certain of your personal information that we have collected from you. However, this right to deletion does not apply to any of your personal information that is subject to an exception under the CCPA (as described below).  Once we receive your request and verify your identity, we will delete (and direct our service providers to delete) your personal information in our records that is not subject to any of the CCPA exceptions.

CCPA Exceptions

We may deny your deletion request where your personal information is required for any of the following reasons, which we will identify in our response to you if we deny your request:

o   Complete the transaction for which we collected the personal information, provide a product or service that you requested (e.g., insurance product), take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

o   Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

o   Debug products to identify and repair errors that impair existing intended functionality.

o   Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

o   Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

o   Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.

o   Comply with a legal obligation.

o   Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

   C. Right to Opt-Out of the Sale of Your Personal Information

Extended Stay America does not sell your personal information to non-affiliated third parties (including for their own direct marketing purposes) without your consent. In addition, as indicated above, Extended Stay America has not sold your Personal Information to non-affiliated third parties in the 12 months prior to the date of this Privacy policy and will not sell your personal information without further notice. If we change our practices in the future for any new information that we collect from you, we will notify you by updating this Privacy Policy.

If you are entitled to any disclosure rights in your jurisdiction regarding our sale of your personal information to non-affiliated third parties or our disclosure of your personal information to third parties for their own direct marketing purposes, this disclosure satisfies those requirements. If you still wish to learn more about our compliance with this requirement, please contact us using the information provided in the “Contact Us” section below.

  D. Right to Non-Discrimination

Extended Stay America will not discriminate against any California consumer who exercises any of the rights described above. Specifically, except as permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates, including through granting discounts or other benefits, or imposing penalties; provide you with a different level of service or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

   E. How to Submit a Request

If you are a California consumer and would like to exercise any of the CCPA rights identified above, you may submit a request by either please click the link below to download the Data Request Form, fill it out, and email to dataprivacy@extendedstay.com or call 1-877-651-2124 to speak to an Extended Stay America representative. The Data Request Form can also be mailed to the following address to the attention of the Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277.

   F. Submitting a Request through Your Authorized Agent

If you are a California consumer, you may have the option to designate an authorized agent to submit a request on your behalf, so long the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.  If you would like to designate an agent, your agent must register as such with the California Secretary of State and submit a copy of this registration along with your consumer request to us. We may need to contact you directly to verify the request.

   G. How We Verify Your Request

To process your request for access or deletion, we must be able to verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us. 

To verify your identity, we will ask that you provide the following information when you submit your request:

  • To submit your request, please click the below link to download the Data Request Form, complete the form, and email the completed form to dataprivacy@extendedstay.com or call 1-877-651-2124 to speak to an Extended Stay America representative. Additionally, the Data Request Form can also be mailed to the following address to the attention of the Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277.

Click here to download the Data Privacy Form

When the Privacy Officer receives your request, the Privacy Officer will first verify your identity. The Privacy Officer will confirm your eligibility for response by asking you to provide your name, phone number, email address, home address and address of last Extended Stay America hotel you stayed in. Once the Privacy Officer has verified your identity, the Privacy Officer will begin processing your request.

Depending on your type of request or the information requested by you, we may require additional information in order to verify your identity and fulfill your request. If we are not able to identify a match with our records, we will inform you of that fact.

We will respond to your request within forty-five (45) days. However, in certain circumstances, we may require additional time to process your request, as permitted by the CCPA or other applicable law. We will advise you within forty-five (45) days after receiving your request if such an extension is necessary and why it is needed. Any disclosures we provide will only cover the twelve (12)-month period preceding our receipt of your request.  If we cannot fulfill your request, our response to you will also explain the reason why we cannot fulfill your request. 

X. UPDATES TO THIS PRIVACY POLICY

We may modify this Privacy Policy from time to time. When we make material changes to this Privacy Policy, we will post a link to the revised Privacy Policy on the homepage of our site. You can tell when this Privacy Policy was last updated by looking at the date at the top of the Privacy Policy. Any changes to our Privacy Policy will become effective upon posting of the revised Privacy Policy on the site. Use of the site, any of our products and services, and/or providing consent to the updated Privacy Policy following such changes constitutes your acceptance of the revised Privacy Policy then in effect.    

XI. CONTACT US

For questions or comments regarding this Privacy Policy, including to exercise your rights pursuant to Section IX CCPA Rights for California Consumers above, please contact us our guest services at 1-877-651-2124 or you may write our Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277 or dataprivacy@extendedstay.com.